SlideShare ist ein Scribd-Unternehmen logo

Edge immersion days module 2 - protect your application at the edge using aws waf & shield advanced

•
•
R
RoiElbaz1

Edge workshop @Floor28 (Oct 7th 2019)

Internet
1 von 28
Downloaden Sie, um offline zu lesen
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF & Shield Advanced Protect your application at the Edge
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Threat landscape
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Types of threats Application Ping of Death | ICMP Flood | Teardrop | reflections | UDP floods SYN/ACK Flood | Slowloris | SSL Abuse Presentation Session Transport Network HTTP Flood | Malformed HTTP App exploits | CVE |s XSS | SQLi | RFI Bots | Scrapers | Crawlers Bad BotsDDoS Web Application Attacks
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Trends of DDoS attacks 0 200 400 600 800 1000 1200 1400 1600 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Largest DDoS Attacks (Gbps) Largest DDoS Attacks Memcached Attacks Mirai Attacks
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud native protection
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pillars of perimeter protection MONITOR RESPOND PREPARE Build a DDoS resilient application on AWS Be aware of threat environment and application health Engage response team
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud native protection Built-in protection Protection tools Always-on Automatic Distributed Easy to use Customizable APIs AWS scale Experts support
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Built-in protection for everyone AWS Shield Standard Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region Available to ALL AWS customers at no additional cost
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Daily DDoS attacks mitigated by AWS
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protection tools
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DDoS resilient architecture Route 53 ALB Security Group EC2 Instances Application Load Balancer CloudFront Public Subnet Web Application Security Group Private Subnet AWS WAF DDoS Attack Users Cloudwatch S3 API Gateway
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Acceleration - Slack • Slack host their API behind ALB for serving json files with more than 10B requests/week. They were looking for DDoS protection • Slack selected CloudFront for its reliability, flexibility and AWS integration Average response time decreased to 200ms from 480ms
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF & Shield Advanced
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF Managed layer 7 inspection and mitigation tool, monitors HTTP/S requests and protects web applications from malicious activities Custom Rules Security AutomationManaged Rules
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF benefits AWS WAF Easy to deploy Fast incident response Affordable Full API support Managed service
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Custom rules 1. Define conditions: IP Match, Geo-IP, String Match, Regex Match, SQLi, XSS, Size Constraints 2. Define rules: Regular or rate based 3. Add to Web Access Control Lists: Order & action (Block, Allow, Count) 4. Attach to AWS Resource: CloudFront, ALB
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Seller managed rules Rules managed by experts Choice of 6 partners Pay as you go Easy to deploy automatic updates
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security automations Honeypot for bad bots CloudFront Log parsing Reputation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF automation - eVitamins • An global online retailer of health and beauty products. They were looking to solve DDoS, Bots & Crawlers security challenges. • eVitamins selected AWS WAF for its protection, automation and easiness of use.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall manager • Central management for Security profile • Automated policy enforcement across accounts & applications • WAF rule sets
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Additional detection & monitoring Advanced protection Visibility into attack detection & mitigation AWS WAF & FM at no additional cost 24X7 DDoS Response Team Cost protection (absorb scaling costs) Advanced Protection AWS Shield Advanced
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudWatch metrics for Shield Advanced Metrics: • DDoSDetected • DDoSAttackBitsPerSecond, DDoSAttackPacketsPerSecond, DDoSAttackRequestsPerSecond Dimensions: • UDPTraffic, DNSReflection, SYNFlood, RequestFlood…
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Improving DDoS response time Customer account AWS managed capabilities AWS Shield Engagement Lambda DRT notification topic SoC Engineer Shield Advanced IoT button DRT Support
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. attacks MONITOR RESPOND PREPARE AWS ShieldInternet Cloud native protection in a nutshell AWS services AWS WAF Customer infrastructure Application Presentation Session Transport Network Web Application Attacks DDoS Bad Bots x x x x MONITOR RESPOND PREPARE DDoS Cloudwatch CloudFront Access logs DDoS Response Team Security Automation
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. To learn more about Perimeter protection on AWS DDoS Resiliency Whitepaper AWS re:Invent 2017: Automating DDoS Response in the Cloud (SID324) AWS re:Invent 2017: NEW LAUNCH! Introduction to Managed Rules for AWS WAF (SID217) Best Practices for DDoS Mitigation on AWS Advanced Techniques for Securing Your Web Applications with AWS WAF and AWS Shield
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Appendixes
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of WAF & DDoS mitigation On-Premise Cloud-Routed Cloud-Native
Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WebACL example Rule Allow, Count, Block Rate-Based Rule Count, Block Rule Allow, Count, Block Match Condition SQL injection Match Condition Cross-site scripting Match Condition Size constraint Match Condition IP addresses Managed Rules No override, Override to count WebACL WebACL Match Condition String and Regex Match Condition Geo match Rule Allow, Count, Block Rule Allow, Count, Block Rule Allow, Count, Block

Empfohlen

Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesSetup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesAmazon Web Services
 
AWS DDoS防範: Shield Advanced & WAF
AWS DDoS防範: Shield Advanced & WAFAWS DDoS防範: Shield Advanced & WAF
AWS DDoS防範: Shield Advanced & WAFAmazon Web Services
 
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Amazon Web Services
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAmazon Web Services
 
Aws meetup aws_waf
Aws meetup aws_wafAws meetup aws_waf
Aws meetup aws_wafAdam Book
 
Application Resiliency
Application ResiliencyApplication Resiliency
Application ResiliencyAmazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline.pdf
Infrastructure Security: Your Minimum Security Baseline.pdfInfrastructure Security: Your Minimum Security Baseline.pdf
Infrastructure Security: Your Minimum Security Baseline.pdfAmazon Web Services
 

Empfohlen

Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesSetup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesAmazon Web Services
 
AWS DDoS防範: Shield Advanced & WAF
AWS DDoS防範: Shield Advanced & WAFAWS DDoS防範: Shield Advanced & WAF
AWS DDoS防範: Shield Advanced & WAFAmazon Web Services
 
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Amazon Web Services
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAmazon Web Services
 
Aws meetup aws_waf
Aws meetup aws_wafAws meetup aws_waf
Aws meetup aws_wafAdam Book
 
Application Resiliency
Application ResiliencyApplication Resiliency
Application ResiliencyAmazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline.pdf
Infrastructure Security: Your Minimum Security Baseline.pdfInfrastructure Security: Your Minimum Security Baseline.pdf
Infrastructure Security: Your Minimum Security Baseline.pdfAmazon Web Services
 
Defending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityDefending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityMark Nunnikhoven
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationAmazon Web Services
 
Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWSAmazon Web Services
 
AWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS ResiliencyAWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS ResiliencyAmazon Web Services
 
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Amazon Web Services
 
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Amazon Web Services
 
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeDetective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeAmazon Web Services
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksAmazon Web Services
 
(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
Become a Cloud Security Ninja - RedLock Lab
Become a Cloud Security Ninja - RedLock LabBecome a Cloud Security Ninja - RedLock Lab
Become a Cloud Security Ninja - RedLock LabAmazon Web Services
 
Deep Dive on IoT at AWS
Deep Dive on IoT at AWSDeep Dive on IoT at AWS
Deep Dive on IoT at AWSAmazon Web Services
 
Amazon CloudFront Best Practices and Anti-patterns
Amazon CloudFront Best Practices and Anti-patternsAmazon CloudFront Best Practices and Anti-patterns
Amazon CloudFront Best Practices and Anti-patternsAbhishek Tiwari
 
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Amazon Web Services
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack SecurityAmazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Best Practices on AWS - IL Webinar August 2017
Best Practices on AWS - IL Webinar August 2017Best Practices on AWS - IL Webinar August 2017
Best Practices on AWS - IL Webinar August 2017Amazon Web Services
 
Amazon guard duty_lab
Amazon guard duty_labAmazon guard duty_lab
Amazon guard duty_labBela Sojina MBA, PMP
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?Amazon Web Services
 
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Amazon Web Services
 
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Amazon Web Services
 
Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF ResponseAmazon Web Services
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Defending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityDefending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityMark Nunnikhoven
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationAmazon Web Services
 
Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWSAmazon Web Services
 
AWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS ResiliencyAWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS ResiliencyAmazon Web Services
 
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Amazon Web Services
 
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Amazon Web Services
 
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeDetective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeAmazon Web Services
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksAmazon Web Services
 
(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
Become a Cloud Security Ninja - RedLock Lab
Become a Cloud Security Ninja - RedLock LabBecome a Cloud Security Ninja - RedLock Lab
Become a Cloud Security Ninja - RedLock LabAmazon Web Services
 
Amazon CloudFront Best Practices and Anti-patterns
Amazon CloudFront Best Practices and Anti-patternsAmazon CloudFront Best Practices and Anti-patterns
Amazon CloudFront Best Practices and Anti-patternsAbhishek Tiwari
 
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Amazon Web Services
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack SecurityAmazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Best Practices on AWS - IL Webinar August 2017
Best Practices on AWS - IL Webinar August 2017Best Practices on AWS - IL Webinar August 2017
Best Practices on AWS - IL Webinar August 2017Amazon Web Services
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?Amazon Web Services
 
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Amazon Web Services
 
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Amazon Web Services
 

Was ist angesagt? (20)

Defending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityDefending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep security
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
 
Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWS
 
AWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS ResiliencyAWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS Resiliency
 
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
 
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
 
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeDetective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash Talks
 
(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront
 
Become a Cloud Security Ninja - RedLock Lab
Become a Cloud Security Ninja - RedLock LabBecome a Cloud Security Ninja - RedLock Lab
Become a Cloud Security Ninja - RedLock Lab
 
Deep Dive on IoT at AWS
Deep Dive on IoT at AWSDeep Dive on IoT at AWS
Deep Dive on IoT at AWS
 
Amazon CloudFront Best Practices and Anti-patterns
Amazon CloudFront Best Practices and Anti-patternsAmazon CloudFront Best Practices and Anti-patterns
Amazon CloudFront Best Practices and Anti-patterns
 
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
 
Best Practices on AWS - IL Webinar August 2017
Best Practices on AWS - IL Webinar August 2017Best Practices on AWS - IL Webinar August 2017
Best Practices on AWS - IL Webinar August 2017
 
Amazon guard duty_lab
Amazon guard duty_labAmazon guard duty_lab
Amazon guard duty_lab
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?
 
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
 
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
 

Ähnlich wie Edge immersion days module 2 - protect your application at the edge using aws waf & shield advanced

Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF ResponseAmazon Web Services
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyVladimir Simek
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)Amazon Web Services
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWSAmazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...Amazon Web Services
 
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksProtect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksAmazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
 
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...Amazon Web Services
 
194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptx194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptxAmazon Web Services
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAmazon Web Services
 
AWSome Day MODULE 1 - AWS Foundations
AWSome Day MODULE 1 - AWS FoundationsAWSome Day MODULE 1 - AWS Foundations
AWSome Day MODULE 1 - AWS FoundationsAmazon Web Services
 
Mitigating techniques
Mitigating techniquesMitigating techniques
Mitigating techniquesRichard Harvey
 
Compliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesCompliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesAmazon Web Services
 

Ähnlich wie Edge immersion days module 2 - protect your application at the edge using aws waf & shield advanced (20)

Automating DDoS and WAF Response
Automating DDoS and WAF ResponseAutomating DDoS and WAF Response
Automating DDoS and WAF Response
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
 
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWS
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...
 
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksProtect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
 
AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & Remediation
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
 
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
 
194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptx194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptx
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
 
AWSome Day MODULE 1 - AWS Foundations
AWSome Day MODULE 1 - AWS FoundationsAWSome Day MODULE 1 - AWS Foundations
AWSome Day MODULE 1 - AWS Foundations
 
Mitigating techniques
Mitigating techniquesMitigating techniques
Mitigating techniques
 
Compliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesCompliance and Security Mitigation Techniques
Compliance and Security Mitigation Techniques
 

KĂźrzlich hochgeladen

Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 

KĂźrzlich hochgeladen (20)

Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 

Edge immersion days module 2 - protect your application at the edge using aws waf & shield advanced

  • 1. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF & Shield Advanced Protect your application at the Edge
  • 2. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Threat landscape
  • 3. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Types of threats Application Ping of Death | ICMP Flood | Teardrop | reflections | UDP floods SYN/ACK Flood | Slowloris | SSL Abuse Presentation Session Transport Network HTTP Flood | Malformed HTTP App exploits | CVE |s XSS | SQLi | RFI Bots | Scrapers | Crawlers Bad BotsDDoS Web Application Attacks
  • 4. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Trends of DDoS attacks 0 200 400 600 800 1000 1200 1400 1600 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Largest DDoS Attacks (Gbps) Largest DDoS Attacks Memcached Attacks Mirai Attacks
  • 5. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud native protection
  • 6. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pillars of perimeter protection MONITOR RESPOND PREPARE Build a DDoS resilient application on AWS Be aware of threat environment and application health Engage response team
  • 7. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud native protection Built-in protection Protection tools Always-on Automatic Distributed Easy to use Customizable APIs AWS scale Experts support
  • 8. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Built-in protection for everyone AWS Shield Standard Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region Available to ALL AWS customers at no additional cost
  • 9. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Daily DDoS attacks mitigated by AWS
  • 10. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protection tools
  • 11. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DDoS resilient architecture Route 53 ALB Security Group EC2 Instances Application Load Balancer CloudFront Public Subnet Web Application Security Group Private Subnet AWS WAF DDoS Attack Users Cloudwatch S3 API Gateway
  • 12. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Acceleration - Slack • Slack host their API behind ALB for serving json files with more than 10B requests/week. They were looking for DDoS protection • Slack selected CloudFront for its reliability, flexibility and AWS integration Average response time decreased to 200ms from 480ms
  • 13. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF & Shield Advanced
  • 14. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF Managed layer 7 inspection and mitigation tool, monitors HTTP/S requests and protects web applications from malicious activities Custom Rules Security AutomationManaged Rules
  • 15. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF benefits AWS WAF Easy to deploy Fast incident response Affordable Full API support Managed service
  • 16. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Custom rules 1. Define conditions: IP Match, Geo-IP, String Match, Regex Match, SQLi, XSS, Size Constraints 2. Define rules: Regular or rate based 3. Add to Web Access Control Lists: Order & action (Block, Allow, Count) 4. Attach to AWS Resource: CloudFront, ALB
  • 17. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Seller managed rules Rules managed by experts Choice of 6 partners Pay as you go Easy to deploy automatic updates
  • 18. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security automations Honeypot for bad bots CloudFront Log parsing Reputation
  • 19. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF automation - eVitamins • An global online retailer of health and beauty products. They were looking to solve DDoS, Bots & Crawlers security challenges. • eVitamins selected AWS WAF for its protection, automation and easiness of use.
  • 20. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall manager • Central management for Security profile • Automated policy enforcement across accounts & applications • WAF rule sets
  • 21. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Additional detection & monitoring Advanced protection Visibility into attack detection & mitigation AWS WAF & FM at no additional cost 24X7 DDoS Response Team Cost protection (absorb scaling costs) Advanced Protection AWS Shield Advanced
  • 22. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudWatch metrics for Shield Advanced Metrics: • DDoSDetected • DDoSAttackBitsPerSecond, DDoSAttackPacketsPerSecond, DDoSAttackRequestsPerSecond Dimensions: • UDPTraffic, DNSReflection, SYNFlood, RequestFlood…
  • 23. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Improving DDoS response time Customer account AWS managed capabilities AWS Shield Engagement Lambda DRT notification topic SoC Engineer Shield Advanced IoT button DRT Support
  • 24. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. attacks MONITOR RESPOND PREPARE AWS ShieldInternet Cloud native protection in a nutshell AWS services AWS WAF Customer infrastructure Application Presentation Session Transport Network Web Application Attacks DDoS Bad Bots x x x x MONITOR RESPOND PREPARE DDoS Cloudwatch CloudFront Access logs DDoS Response Team Security Automation
  • 25. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. To learn more about Perimeter protection on AWS DDoS Resiliency Whitepaper AWS re:Invent 2017: Automating DDoS Response in the Cloud (SID324) AWS re:Invent 2017: NEW LAUNCH! Introduction to Managed Rules for AWS WAF (SID217) Best Practices for DDoS Mitigation on AWS Advanced Techniques for Securing Your Web Applications with AWS WAF and AWS Shield
  • 26. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Appendixes
  • 27. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evolution of WAF & DDoS mitigation On-Premise Cloud-Routed Cloud-Native
  • 28. Š 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WebACL example Rule Allow, Count, Block Rate-Based Rule Count, Block Rule Allow, Count, Block Match Condition SQL injection Match Condition Cross-site scripting Match Condition Size constraint Match Condition IP addresses Managed Rules No override, Override to count WebACL WebACL Match Condition String and Regex Match Condition Geo match Rule Allow, Count, Block Rule Allow, Count, Block Rule Allow, Count, Block