SlideShare ist ein Scribd-Unternehmen logo

Meetup Protect from Ransomware Attacks

C
CloudHesive

Meetup Protect from Ransomware Attacks

Technologie
1 von 30
Downloaden Sie, um offline zu lesen
© 2021, Amazon Web Services, Inc. or its Affiliates. Mike P., Solutions Architect Eduardo Lovera, Solutions Architect August 17, 2021 Ransomware Protecting and Recovering
© 2021, Amazon Web Services, Inc. or its Affiliates. Agenda • What is Ransomware? • AWS and Provable Security • Protection and Recovery • Amazon GuardDuty • Amazon Detective • AWS Backup • Q&A
© 2021, Amazon Web Services, Inc. or its Affiliates. What is Ransomware?
© 2021, Amazon Web Services, Inc. or its Affiliates. 1989 The first known ransomware, the 1989 AIDS Trojan is written. Multiple variants on multiple platforms are causing damage. 2015 A ransomware worm based on the Stamp.Ek exploit kit surfaces and a Mac OS X-specific ransomware worm arrives on the scene. CryptoLocker rakes in $5 million in the last four months of the year. 2013 A ransomware worm imitating the Windows Product Activation notice appears. 2011 By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip and May Archive start using more sophisticated RSA Encryption. 2006 In May, extortion ransomware appears. 2005 Ransomware evolution
© 2021, Amazon Web Services, Inc. or its Affiliates. Ransomware – From minor annoyance to BIG business Annoyance Disruption Extortion
© 2021, Amazon Web Services, Inc. or its Affiliates. Does not encrypt files; it locks the victim out of their device, preventing them from using it. Once they are locked out, cybercriminals demand a ransom to unlock the device. Locker Ransomware Crypto Ransomware Encrypts valuable files on a computer so that the user cannot access them; attackers make money by demanding victims pay a ransom to get their files back. Main types of ransomware
© 2021, Amazon Web Services, Inc. or its Affiliates. Why has ransomware been effective?
© 2021, Amazon Web Services, Inc. or its Affiliates. Concrete examples of customer security events Diverse initial vectors and impacts • Exploit based • Active Directory lateral movement • Database vector • AWS Credential vector • S3 bucket ransom • Threats of resource deletion
© 2021, Amazon Web Services, Inc. or its Affiliates. AWS and Provable Security
© 2021, Amazon Web Services, Inc. or its Affiliates. Shared responsibility model AWS Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility will be determined by the AWS Cloud services that a customer selects Customer
© 2021, Amazon Web Services, Inc. or its Affiliates. Principle of least privilege Storage Development & Management Tools Content Delivery Analytics Compute Messaging Database App Services Mobile Payments Networking On-Demand Workforce VPC Securely control individual And group access to your AWS resources User IAM
© 2021, Amazon Web Services, Inc. or its Affiliates. Segment Amazon Virtual Private Clouds
© 2021, Amazon Web Services, Inc. or its Affiliates. But how do you know proactively that you are prepared? Not enough time, resources, money, or know-how . . .
© 2021, Amazon Web Services, Inc. or its Affiliates. 1. Inventory 2. Vulnerability management 3. Policy enforcement 4. Integrity monitoring 5. Logging and baselining 6. Backups 7. Secure storage 8. Network protection 9. Blocklisting
© 2021, Amazon Web Services, Inc. or its Affiliates. What is the NIST Cybersecurity Framework? Executive Order Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” charges NIST in Feb. 2013 Legislation Cybersecurity Enhancement Act of 2014 reinforced the legitimacy and authority of the CSF by codifying it and its voluntary adoption into law 15 In February 2014, the National Institute of Standards and Technology (NIST) published the “Framework for Improving Critical Infrastructure Cybersecurity” (or CSF), a voluntary framework to help organizations of any size and sector improve the cybersecurity, risk management, and resilience of their systems. Originally intended for critical infrastructure, but broader applicability across all organization types. Executive Order Presidential EO 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” mandates the use of CSF for all federal IT
© 2021, Amazon Web Services, Inc. or its Affiliates. Identify Which workloads are critical for recovery? Recover Set up your ability to recover Protect, Detect, and Respond Implement best security practices to prevent an attack Aligning to AWS services
© 2021, Amazon Web Services, Inc. or its Affiliates. Protection and Recovery
© 2021, Amazon Web Services, Inc. or its Affiliates. Map Services/Solutions to the NIST CSF Identify – AWS Systems Manager Inventory, Config Protect – Network Segmentation, IAM, SCP, Federate Access, AWS Systems Manager Patch Manager, Control Tower Detect – Inspector, Security Hub, GuardDuty, Security Assessment Solution Respond – Detective, ProServe Security Gameday, Incident Response Plan Recover – Backup, S3 Cross-Region Replication/Glacier, CloudEndure Identify Protect Detect Respond Recover
© 2021, Amazon Web Services, Inc. or its Affiliates. Detect Detect AWS Security Hub Amazon Inspector Amazon GuardDuty Self Assessment Tool AWS Well- Architected Framework
© 2021, Amazon Web Services, Inc. or its Affiliates. What is Amazon GuardDuty? Amazon GuardDuty is a threat detection service that uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Protects AWS accounts, workloads, and data stored in S3. Identify malicious & highly suspicious activity
© 2021, Amazon Web Services, Inc. or its Affiliates. How Amazon GuardDuty works? VPC flow logs DNS Logs CloudTrail Events Findings Data Sources Threat intelligence Anomaly Detection (ML) AWS Security Hub CloudWatch Event Finding Types Examples Bitcoin Mining C&C Activity Unusual User behavior Example: • Launch instance • Change Network Permissions Amazon GuardDuty Threat Detection Types HIGH MEDIUM LOW Unusual traffic patterns Example: • Unusual ports and volume Amazon Detective S3 Data Plane Events
© 2021, Amazon Web Services, Inc. or its Affiliates. Respond Respond Amazon Detective AWS Security Hub AWS Professional Services
© 2021, Amazon Web Services, Inc. or its Affiliates. Amazon Detective Analyze and visualize security data to rapidly get to the root cause of potential security issues.
© 2021, Amazon Web Services, Inc. or its Affiliates. Hosted Service: Automated data collection, synthesis, analysis AWS Amazon Detective Findings Telemetry Enrichment Role User Instance IP Address Bucket Behavior & Baselines Behavior Graph Analytics & Insights Data & context S3 data storage How Amazon Amazon Detective works?
© 2021, Amazon Web Services, Inc. or its Affiliates. Recover Recover AWS Storage Gateway CloudEndure Disaster Recovery Amazon S3 Glacier Amazon Simple Storage Service AWS Backup
© 2021, Amazon Web Services, Inc. or its Affiliates. Introducing AWS Backup Amazon EFS Amazon EBS Amazon RDS Amazon DynamoDB AWS Storage Gateway AWS Backup A fully managed, policy- based backup service that makes it easy to centrally manage and automate the backup of data across AWS services Amazon Aurora Amazon EC2 FSx for Lustre FSx for Windows
© 2021, Amazon Web Services, Inc. or its Affiliates. DR & Ransomware Recovery with AWS Backup Vault characteristics: • Backups are highly efficient incremental forever • Backup copies cannot be changed or encrypted • Manage with vault specific CMK/KMS best practices • Air-gapped backups using vault access policies • Prescriptive guidance for vault account access provided AWS Backup Recovery options: • Supports 1-to-many, many-to- many, many-to-1, etc. • Recover from same account locally or from across region • Recover from cross-account locally or across region • Recover from RPOs that are hours, days, weeks or months old • Simple workflow to apply any forensic analysis Build an Isolated Backup Vault
© 2021, Amazon Web Services, Inc. or its Affiliates. So what do I do? Categorize applications into criticality Align to a security framework Test your incident response plan Test your backups Use AWS services to implement provable security / resiliency Meet with AWS to do a deep dive on your mitigation strategy for ransomware.
© 2021, Amazon Web Services, Inc. or its Affiliates. Q&A Mike P. Eduardo Lovera
© 2021, Amazon Web Services, Inc. or its Affiliates. Mike P. preirmi@amazon.com AWS Solutions Architect Thank you Eduardo Lovera edulover@amazon.com AWS Solutions Architect

Empfohlen

Best Practices in Secure Cloud Migration
Best Practices in Secure Cloud MigrationBest Practices in Secure Cloud Migration
Best Practices in Secure Cloud Migration
CloudHesive
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware
RapidSSLOnline.com
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWS
Amazon Web Services
 
Aws security best practices
Aws security best practicesAws security best practices
Aws security best practices
Sundeep Roxx
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
Amazon Web Services
 

Empfohlen

Best Practices in Secure Cloud Migration
Best Practices in Secure Cloud MigrationBest Practices in Secure Cloud Migration
Best Practices in Secure Cloud Migration
CloudHesive
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware
RapidSSLOnline.com
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWS
Amazon Web Services
 
Aws security best practices
Aws security best practicesAws security best practices
Aws security best practices
Sundeep Roxx
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
Amazon Web Services
 
AWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud EncryptionAWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud Encryption
Amazon Web Services
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_Essentials
Amazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
Amazon Web Services
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
East Midlands Cyber Security Forum
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWS
Amazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
Amazon Web Services
 
Aws
AwsAws
Aws
AhamedBashaN
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on security
CloudHesive
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
Amazon Web Services
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
AWS Riyadh User Group
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Amazon Web Services
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
Alert Logic
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
Amazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at Scale Best Practices for Security at Scale
Best Practices for Security at Scale
Amazon Web Services
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
Sai Kesavamatham
 
Building Secure Services using Containers
Building Secure Services using ContainersBuilding Secure Services using Containers
Building Secure Services using Containers
Amazon Web Services
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
Amazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
Amazon Web Services
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
Tim Nolet
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

AWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud EncryptionAWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud Encryption
Amazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
Amazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
Amazon Web Services
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
Amazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
Amazon Web Services
 

Was ist angesagt? (20)

AWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud EncryptionAWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud Encryption
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_Essentials
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWS
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
 
Aws
AwsAws
Aws
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
 
Best Practices for Security at Scale
Best Practices for Security at Scale Best Practices for Security at Scale
Best Practices for Security at Scale
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
Building Secure Services using Containers
Building Secure Services using ContainersBuilding Secure Services using Containers
Building Secure Services using Containers
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 

Ähnlich wie Meetup Protect from Ransomware Attacks

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
himanipatel524244
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Amazon Web Services
 

Ähnlich wie Meetup Protect from Ransomware Attacks (20)

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
 
Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Serverless SecOps Automation on AWS at AWS UG Krakow, Poland
Serverless SecOps Automation on AWS at AWS UG Krakow, PolandServerless SecOps Automation on AWS at AWS UG Krakow, Poland
Serverless SecOps Automation on AWS at AWS UG Krakow, Poland
 
Build a Java Spring Application on Amazon ECS - CON332 - re:Invent 2017
Build a Java Spring Application on Amazon ECS - CON332 - re:Invent 2017Build a Java Spring Application on Amazon ECS - CON332 - re:Invent 2017
Build a Java Spring Application on Amazon ECS - CON332 - re:Invent 2017
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & Remediation
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWS
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
 

Mehr von CloudHesive

Mehr von CloudHesive (20)

Serverless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaServerless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of Florida
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
 
Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...
 
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxAmazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
 
ConnectPath Introduction
ConnectPath IntroductionConnectPath Introduction
ConnectPath Introduction
 
Modernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfModernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdf
 
Modernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfModernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdf
 
End User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxEnd User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptx
 
Analytics at CloudHesive
Analytics at CloudHesiveAnalytics at CloudHesive
Analytics at CloudHesive
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsBest Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
 
Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022
 
Serverless without Code (Lambda)
Serverless without Code (Lambda)Serverless without Code (Lambda)
Serverless without Code (Lambda)
 
AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Amazon Connect Bootcamp
Amazon Connect BootcampAmazon Connect Bootcamp
Amazon Connect Bootcamp
 

Kürzlich hochgeladen

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Kürzlich hochgeladen (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 

Meetup Protect from Ransomware Attacks

  • 1. © 2021, Amazon Web Services, Inc. or its Affiliates. Mike P., Solutions Architect Eduardo Lovera, Solutions Architect August 17, 2021 Ransomware Protecting and Recovering
  • 2. © 2021, Amazon Web Services, Inc. or its Affiliates. Agenda • What is Ransomware? • AWS and Provable Security • Protection and Recovery • Amazon GuardDuty • Amazon Detective • AWS Backup • Q&A
  • 3. © 2021, Amazon Web Services, Inc. or its Affiliates. What is Ransomware?
  • 4. © 2021, Amazon Web Services, Inc. or its Affiliates. 1989 The first known ransomware, the 1989 AIDS Trojan is written. Multiple variants on multiple platforms are causing damage. 2015 A ransomware worm based on the Stamp.Ek exploit kit surfaces and a Mac OS X-specific ransomware worm arrives on the scene. CryptoLocker rakes in $5 million in the last four months of the year. 2013 A ransomware worm imitating the Windows Product Activation notice appears. 2011 By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip and May Archive start using more sophisticated RSA Encryption. 2006 In May, extortion ransomware appears. 2005 Ransomware evolution
  • 5. © 2021, Amazon Web Services, Inc. or its Affiliates. Ransomware – From minor annoyance to BIG business Annoyance Disruption Extortion
  • 6. © 2021, Amazon Web Services, Inc. or its Affiliates. Does not encrypt files; it locks the victim out of their device, preventing them from using it. Once they are locked out, cybercriminals demand a ransom to unlock the device. Locker Ransomware Crypto Ransomware Encrypts valuable files on a computer so that the user cannot access them; attackers make money by demanding victims pay a ransom to get their files back. Main types of ransomware
  • 7. © 2021, Amazon Web Services, Inc. or its Affiliates. Why has ransomware been effective?
  • 8. © 2021, Amazon Web Services, Inc. or its Affiliates. Concrete examples of customer security events Diverse initial vectors and impacts • Exploit based • Active Directory lateral movement • Database vector • AWS Credential vector • S3 bucket ransom • Threats of resource deletion
  • 9. © 2021, Amazon Web Services, Inc. or its Affiliates. AWS and Provable Security
  • 10. © 2021, Amazon Web Services, Inc. or its Affiliates. Shared responsibility model AWS Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility will be determined by the AWS Cloud services that a customer selects Customer
  • 11. © 2021, Amazon Web Services, Inc. or its Affiliates. Principle of least privilege Storage Development & Management Tools Content Delivery Analytics Compute Messaging Database App Services Mobile Payments Networking On-Demand Workforce VPC Securely control individual And group access to your AWS resources User IAM
  • 12. © 2021, Amazon Web Services, Inc. or its Affiliates. Segment Amazon Virtual Private Clouds
  • 13. © 2021, Amazon Web Services, Inc. or its Affiliates. But how do you know proactively that you are prepared? Not enough time, resources, money, or know-how . . .
  • 14. © 2021, Amazon Web Services, Inc. or its Affiliates. 1. Inventory 2. Vulnerability management 3. Policy enforcement 4. Integrity monitoring 5. Logging and baselining 6. Backups 7. Secure storage 8. Network protection 9. Blocklisting
  • 15. © 2021, Amazon Web Services, Inc. or its Affiliates. What is the NIST Cybersecurity Framework? Executive Order Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” charges NIST in Feb. 2013 Legislation Cybersecurity Enhancement Act of 2014 reinforced the legitimacy and authority of the CSF by codifying it and its voluntary adoption into law 15 In February 2014, the National Institute of Standards and Technology (NIST) published the “Framework for Improving Critical Infrastructure Cybersecurity” (or CSF), a voluntary framework to help organizations of any size and sector improve the cybersecurity, risk management, and resilience of their systems. Originally intended for critical infrastructure, but broader applicability across all organization types. Executive Order Presidential EO 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” mandates the use of CSF for all federal IT
  • 16. © 2021, Amazon Web Services, Inc. or its Affiliates. Identify Which workloads are critical for recovery? Recover Set up your ability to recover Protect, Detect, and Respond Implement best security practices to prevent an attack Aligning to AWS services
  • 17. © 2021, Amazon Web Services, Inc. or its Affiliates. Protection and Recovery
  • 18. © 2021, Amazon Web Services, Inc. or its Affiliates. Map Services/Solutions to the NIST CSF Identify – AWS Systems Manager Inventory, Config Protect – Network Segmentation, IAM, SCP, Federate Access, AWS Systems Manager Patch Manager, Control Tower Detect – Inspector, Security Hub, GuardDuty, Security Assessment Solution Respond – Detective, ProServe Security Gameday, Incident Response Plan Recover – Backup, S3 Cross-Region Replication/Glacier, CloudEndure Identify Protect Detect Respond Recover
  • 19. © 2021, Amazon Web Services, Inc. or its Affiliates. Detect Detect AWS Security Hub Amazon Inspector Amazon GuardDuty Self Assessment Tool AWS Well- Architected Framework
  • 20. © 2021, Amazon Web Services, Inc. or its Affiliates. What is Amazon GuardDuty? Amazon GuardDuty is a threat detection service that uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Protects AWS accounts, workloads, and data stored in S3. Identify malicious & highly suspicious activity
  • 21. © 2021, Amazon Web Services, Inc. or its Affiliates. How Amazon GuardDuty works? VPC flow logs DNS Logs CloudTrail Events Findings Data Sources Threat intelligence Anomaly Detection (ML) AWS Security Hub CloudWatch Event Finding Types Examples Bitcoin Mining C&C Activity Unusual User behavior Example: • Launch instance • Change Network Permissions Amazon GuardDuty Threat Detection Types HIGH MEDIUM LOW Unusual traffic patterns Example: • Unusual ports and volume Amazon Detective S3 Data Plane Events
  • 22. © 2021, Amazon Web Services, Inc. or its Affiliates. Respond Respond Amazon Detective AWS Security Hub AWS Professional Services
  • 23. © 2021, Amazon Web Services, Inc. or its Affiliates. Amazon Detective Analyze and visualize security data to rapidly get to the root cause of potential security issues.
  • 24. © 2021, Amazon Web Services, Inc. or its Affiliates. Hosted Service: Automated data collection, synthesis, analysis AWS Amazon Detective Findings Telemetry Enrichment Role User Instance IP Address Bucket Behavior & Baselines Behavior Graph Analytics & Insights Data & context S3 data storage How Amazon Amazon Detective works?
  • 25. © 2021, Amazon Web Services, Inc. or its Affiliates. Recover Recover AWS Storage Gateway CloudEndure Disaster Recovery Amazon S3 Glacier Amazon Simple Storage Service AWS Backup
  • 26. © 2021, Amazon Web Services, Inc. or its Affiliates. Introducing AWS Backup Amazon EFS Amazon EBS Amazon RDS Amazon DynamoDB AWS Storage Gateway AWS Backup A fully managed, policy- based backup service that makes it easy to centrally manage and automate the backup of data across AWS services Amazon Aurora Amazon EC2 FSx for Lustre FSx for Windows
  • 27. © 2021, Amazon Web Services, Inc. or its Affiliates. DR & Ransomware Recovery with AWS Backup Vault characteristics: • Backups are highly efficient incremental forever • Backup copies cannot be changed or encrypted • Manage with vault specific CMK/KMS best practices • Air-gapped backups using vault access policies • Prescriptive guidance for vault account access provided AWS Backup Recovery options: • Supports 1-to-many, many-to- many, many-to-1, etc. • Recover from same account locally or from across region • Recover from cross-account locally or across region • Recover from RPOs that are hours, days, weeks or months old • Simple workflow to apply any forensic analysis Build an Isolated Backup Vault
  • 28. © 2021, Amazon Web Services, Inc. or its Affiliates. So what do I do? Categorize applications into criticality Align to a security framework Test your incident response plan Test your backups Use AWS services to implement provable security / resiliency Meet with AWS to do a deep dive on your mitigation strategy for ransomware.
  • 29. © 2021, Amazon Web Services, Inc. or its Affiliates. Q&A Mike P. Eduardo Lovera
  • 30. © 2021, Amazon Web Services, Inc. or its Affiliates. Mike P. preirmi@amazon.com AWS Solutions Architect Thank you Eduardo Lovera edulover@amazon.com AWS Solutions Architect