SlideShare a Scribd company logo

AWS Well-Architected Webinar Security - Ben de Haan

Download as PPTX, PDF
GoDataDriven
GoDataDriven

The security pillar encompasses the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. This presentation will provide in-depth, best-practice guidance for architecting secure systems on AWS.

Technology
1 of 31
Well-architected Security Ben de Haan, Xebia Security Scaling security
Feedback Ben de Haan AWS Meetup regular, serverless enthusiast Security consultant/engineer @ Xebia Security https://www.linkedin.com/in/ben-de-haan-65423441/ bdehaan@xebia.com A bit about me and this Webinar 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
How to scale cloud security 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 1. Setting a secure baseline 2. Mastering IAM 3. Leveraging Infrastructure as Code 4. Improving Detection 5. Automating response
Guardrails, not gates Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
A secure baseline Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Leverage AWS accounts Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
AWS Organizations AWS Control Tower Organization Formation (https://github.com/OlafConijn/AwsOrganizationFormation) Creating a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Service Control Policies 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Allow only EU regions for non- global services Only allow access to billing data Only allow small EC2 instances Prod OU
Absence of evidence is not evidence of absence IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Master IAM flow
Can’t find an allow? Doesn’t mean it’s not there! (or can’t be added) IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Explicit deny can be safer …and easier to troubleshoot IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Explicit deny can be safer …and easier to troubleshoot IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
Test your SCPs (and other policies) IAM simulator & simulation account 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Attribute based access control
Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html
Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Why ABAC? • Scales better than ‘pure’ RBAC • Smaller/Fewer policies • (Resource limits… 🙃)
IAM resources 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Useful resources: • Policy evaluation logic • https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evalu ation-logic.html • Duo Parliament (Policy linter) • https://github.com/duo-labs/parliament/ • Policy simulator • https://policysim.aws.amazon.com
Leverage infrastructure as code Infrastructure as code: ‘Back-up of your infrastructure’ 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Leverage infrastructure as code Next step: Immutable infrastructure 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Leverage infrastructure as code Leverage pipelines Be mean to your code Don’t set pipelines to ‘God mode’! 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Improving detection Improving detection: Threat modeling 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Improving detection MITRE ATT&CK 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://attack.mitre.org/matrices/enterprise/cloud/aws/
Automating response Automate the basics 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response CloudTrail turned off?  Turn it back on (and alert)
Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Assist analyst when things get complicated
Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://github.com/awslabs/aws-security- automation/ Access denied responder
Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 1: Prevent Provide a secure baseline Get a black belt in IAM-fu Leverage infrastructure as code
Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 2: Detect Understand your threat model Tailor your detection
Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 3: Respond Automate the basics Assist analysts
Thanks for attending! Ben de Haan, Xebia Security

Recommended

Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Adam Englander
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
The Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World42Crunch
 
API Security from the DevOps and CSO Perspectives (Webcast)
API Security from the DevOps and CSO Perspectives (Webcast)API Security from the DevOps and CSO Perspectives (Webcast)
API Security from the DevOps and CSO Perspectives (Webcast)Apigee | Google Cloud
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Teri Radichel
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?Ken Johnson
 

Recommended

Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Adam Englander
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
The Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World42Crunch
 
API Security from the DevOps and CSO Perspectives (Webcast)
API Security from the DevOps and CSO Perspectives (Webcast)API Security from the DevOps and CSO Perspectives (Webcast)
API Security from the DevOps and CSO Perspectives (Webcast)Apigee | Google Cloud
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Teri Radichel
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?Ken Johnson
 
The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs42Crunch
 
Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Teri Radichel
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days42Crunch
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs42Crunch
 
WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it! WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it!42Crunch
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines42Crunch
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Are You Properly Using JWTs?
Are You Properly Using JWTs?Are You Properly Using JWTs?
Are You Properly Using JWTs?42Crunch
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101 Wade Malone
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
Incident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftIncident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftAmazon Web Services
 
ESAPI
ESAPIESAPI
ESAPIn|u - The Open Security Community
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsApigee | Google Cloud
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking InGuy Podjarny
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopAmazon Web Services
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs💻 Javier Garza
 
API Security using Mulesoft
API Security using MulesoftAPI Security using Mulesoft
API Security using MulesoftPritam Prakash
 

More Related Content

What's hot

The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs42Crunch
 
Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Teri Radichel
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days42Crunch
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs42Crunch
 
WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it! WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it!42Crunch
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines42Crunch
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Are You Properly Using JWTs?
Are You Properly Using JWTs?Are You Properly Using JWTs?
Are You Properly Using JWTs?42Crunch
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101 Wade Malone
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
Incident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftIncident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftAmazon Web Services
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsApigee | Google Cloud
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking InGuy Podjarny
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopAmazon Web Services
 

What's hot (20)

The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs
 
Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs
 
WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it! WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it!
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWS
 
Are You Properly Using JWTs?
Are You Properly Using JWTs?Are You Properly Using JWTs?
Are You Properly Using JWTs?
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security Testing
 
Incident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftIncident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF Loft
 
ESAPI
ESAPIESAPI
ESAPI
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWS
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking In
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation Workshop
 

Similar to AWS Well-Architected Webinar Security - Ben de Haan

5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs💻 Javier Garza
 
API Security using Mulesoft
API Security using MulesoftAPI Security using Mulesoft
API Security using MulesoftPritam Prakash
 
DIY-CyberArk-Blueprint-Roadmap-Template.pptx
DIY-CyberArk-Blueprint-Roadmap-Template.pptxDIY-CyberArk-Blueprint-Roadmap-Template.pptx
DIY-CyberArk-Blueprint-Roadmap-Template.pptxBirLama2
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays
 
How We Should Think About Security
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About SecurityAmazon Web Services
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
Developing Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksDeveloping Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksPayPalX Developer Network
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...Amazon Web Services
 
Anomaly Detection and IP Insights - 2023-06-10
Anomaly Detection and IP Insights - 2023-06-10Anomaly Detection and IP Insights - 2023-06-10
Anomaly Detection and IP Insights - 2023-06-10Alessandra Bilardi
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...Riddhi Shree
 
Jobvite: A Holistic Approach to Security
Jobvite: A Holistic Approach to SecurityJobvite: A Holistic Approach to Security
Jobvite: A Holistic Approach to SecurityTheodore Kim
 
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Amazon Web Services
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
 
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteCloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteIsrael AWS User Group
 
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...Daniel Zivkovic
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...Amazon Web Services
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
 

Similar to AWS Well-Architected Webinar Security - Ben de Haan (20)

5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
 
API Security using Mulesoft
API Security using MulesoftAPI Security using Mulesoft
API Security using Mulesoft
 
DIY-CyberArk-Blueprint-Roadmap-Template.pptx
DIY-CyberArk-Blueprint-Roadmap-Template.pptxDIY-CyberArk-Blueprint-Roadmap-Template.pptx
DIY-CyberArk-Blueprint-Roadmap-Template.pptx
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
 
How We Should Think About Security
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About Security
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
 
Developing Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksDeveloping Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common Attacks
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With Rails
 
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
 
Anomaly Detection and IP Insights - 2023-06-10
Anomaly Detection and IP Insights - 2023-06-10Anomaly Detection and IP Insights - 2023-06-10
Anomaly Detection and IP Insights - 2023-06-10
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
 
Jobvite: A Holistic Approach to Security
Jobvite: A Holistic Approach to SecurityJobvite: A Holistic Approach to Security
Jobvite: A Holistic Approach to Security
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
 
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
 
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteCloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minute
 
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
 

More from GoDataDriven

Streamlining Data Science Workflows with a Feature Catalog
Streamlining Data Science Workflows with a Feature CatalogStreamlining Data Science Workflows with a Feature Catalog
Streamlining Data Science Workflows with a Feature CatalogGoDataDriven
 
Visualizing Big Data in a Small Screen
Visualizing Big Data in a Small ScreenVisualizing Big Data in a Small Screen
Visualizing Big Data in a Small ScreenGoDataDriven
 
Building a Scalable and reliable open source ML Platform with MLFlow
Building a Scalable and reliable open source ML Platform with MLFlowBuilding a Scalable and reliable open source ML Platform with MLFlow
Building a Scalable and reliable open source ML Platform with MLFlowGoDataDriven
 
Training Taster: Leading the way to become a data-driven organization
Training Taster: Leading the way to become a data-driven organizationTraining Taster: Leading the way to become a data-driven organization
Training Taster: Leading the way to become a data-driven organizationGoDataDriven
 
My Path From Data Engineer to Analytics Engineer
My Path From Data Engineer to Analytics EngineerMy Path From Data Engineer to Analytics Engineer
My Path From Data Engineer to Analytics EngineerGoDataDriven
 
dbt Python models - GoDataFest by Guillermo Sanchez
dbt Python models - GoDataFest by Guillermo Sanchezdbt Python models - GoDataFest by Guillermo Sanchez
dbt Python models - GoDataFest by Guillermo SanchezGoDataDriven
 
Workshop on Google Cloud Data Platform
Workshop on Google Cloud Data PlatformWorkshop on Google Cloud Data Platform
Workshop on Google Cloud Data PlatformGoDataDriven
 
How to create a Devcontainer for your Python project
How to create a Devcontainer for your Python projectHow to create a Devcontainer for your Python project
How to create a Devcontainer for your Python projectGoDataDriven
 
Using Graph Neural Networks To Embrace The Dependency In Your Data by Usman Z...
Using Graph Neural Networks To Embrace The Dependency In Your Data by Usman Z...Using Graph Neural Networks To Embrace The Dependency In Your Data by Usman Z...
Using Graph Neural Networks To Embrace The Dependency In Your Data by Usman Z...GoDataDriven
 
Common Issues With Time Series by Vadim Nelidov - GoDataFest 2022
Common Issues With Time Series by Vadim Nelidov - GoDataFest 2022Common Issues With Time Series by Vadim Nelidov - GoDataFest 2022
Common Issues With Time Series by Vadim Nelidov - GoDataFest 2022GoDataDriven
 
MLOps CodeBreakfast on AWS - GoDataFest 2022
MLOps CodeBreakfast on AWS - GoDataFest 2022MLOps CodeBreakfast on AWS - GoDataFest 2022
MLOps CodeBreakfast on AWS - GoDataFest 2022GoDataDriven
 
MLOps CodeBreakfast on Azure - GoDataFest 2022
MLOps CodeBreakfast on Azure - GoDataFest 2022MLOps CodeBreakfast on Azure - GoDataFest 2022
MLOps CodeBreakfast on Azure - GoDataFest 2022GoDataDriven
 
Tableau vs. Power BI by Juan Manuel Perafan - GoDataFest 2022
Tableau vs. Power BI by Juan Manuel Perafan - GoDataFest 2022Tableau vs. Power BI by Juan Manuel Perafan - GoDataFest 2022
Tableau vs. Power BI by Juan Manuel Perafan - GoDataFest 2022GoDataDriven
 
Deploying a Modern Data Stack by Lasse Benninga - GoDataFest 2022
Deploying a Modern Data Stack by Lasse Benninga - GoDataFest 2022Deploying a Modern Data Stack by Lasse Benninga - GoDataFest 2022
Deploying a Modern Data Stack by Lasse Benninga - GoDataFest 2022GoDataDriven
 
The 7 Habits of Effective Data Driven Companies
The 7 Habits of Effective Data Driven CompaniesThe 7 Habits of Effective Data Driven Companies
The 7 Habits of Effective Data Driven CompaniesGoDataDriven
 
DevOps for Data Science on Azure - Marcel de Vries (Xpirit) and Niels Zeilema...
DevOps for Data Science on Azure - Marcel de Vries (Xpirit) and Niels Zeilema...DevOps for Data Science on Azure - Marcel de Vries (Xpirit) and Niels Zeilema...
DevOps for Data Science on Azure - Marcel de Vries (Xpirit) and Niels Zeilema...GoDataDriven
 
Artificial intelligence in actions: delivering a new experience to Formula 1 ...
Artificial intelligence in actions: delivering a new experience to Formula 1 ...Artificial intelligence in actions: delivering a new experience to Formula 1 ...
Artificial intelligence in actions: delivering a new experience to Formula 1 ...GoDataDriven
 
Smart application on Azure at Vattenfall - Rens Weijers & Peter van 't Hof
Smart application on Azure at Vattenfall - Rens Weijers & Peter van 't HofSmart application on Azure at Vattenfall - Rens Weijers & Peter van 't Hof
Smart application on Azure at Vattenfall - Rens Weijers & Peter van 't HofGoDataDriven
 
Democratizing AI/ML with GCP - Abishay Rao (Google) at GoDataFest 2019
Democratizing AI/ML with GCP - Abishay Rao (Google) at GoDataFest 2019Democratizing AI/ML with GCP - Abishay Rao (Google) at GoDataFest 2019
Democratizing AI/ML with GCP - Abishay Rao (Google) at GoDataFest 2019GoDataDriven
 
The world runs on AI - Tony Krijnen (Microsoft) at GoDataFest 2019
The world runs on AI - Tony Krijnen (Microsoft) at GoDataFest 2019The world runs on AI - Tony Krijnen (Microsoft) at GoDataFest 2019
The world runs on AI - Tony Krijnen (Microsoft) at GoDataFest 2019GoDataDriven
 

More from GoDataDriven (20)

Streamlining Data Science Workflows with a Feature Catalog
Streamlining Data Science Workflows with a Feature CatalogStreamlining Data Science Workflows with a Feature Catalog
Streamlining Data Science Workflows with a Feature Catalog
 
Visualizing Big Data in a Small Screen
Visualizing Big Data in a Small ScreenVisualizing Big Data in a Small Screen
Visualizing Big Data in a Small Screen
 
Building a Scalable and reliable open source ML Platform with MLFlow
Building a Scalable and reliable open source ML Platform with MLFlowBuilding a Scalable and reliable open source ML Platform with MLFlow
Building a Scalable and reliable open source ML Platform with MLFlow
 
Training Taster: Leading the way to become a data-driven organization
Training Taster: Leading the way to become a data-driven organizationTraining Taster: Leading the way to become a data-driven organization
Training Taster: Leading the way to become a data-driven organization
 
My Path From Data Engineer to Analytics Engineer
My Path From Data Engineer to Analytics EngineerMy Path From Data Engineer to Analytics Engineer
My Path From Data Engineer to Analytics Engineer
 
dbt Python models - GoDataFest by Guillermo Sanchez
dbt Python models - GoDataFest by Guillermo Sanchezdbt Python models - GoDataFest by Guillermo Sanchez
dbt Python models - GoDataFest by Guillermo Sanchez
 
Workshop on Google Cloud Data Platform
Workshop on Google Cloud Data PlatformWorkshop on Google Cloud Data Platform
Workshop on Google Cloud Data Platform
 
How to create a Devcontainer for your Python project
How to create a Devcontainer for your Python projectHow to create a Devcontainer for your Python project
How to create a Devcontainer for your Python project
 
Using Graph Neural Networks To Embrace The Dependency In Your Data by Usman Z...
Using Graph Neural Networks To Embrace The Dependency In Your Data by Usman Z...Using Graph Neural Networks To Embrace The Dependency In Your Data by Usman Z...
Using Graph Neural Networks To Embrace The Dependency In Your Data by Usman Z...
 
Common Issues With Time Series by Vadim Nelidov - GoDataFest 2022
Common Issues With Time Series by Vadim Nelidov - GoDataFest 2022Common Issues With Time Series by Vadim Nelidov - GoDataFest 2022
Common Issues With Time Series by Vadim Nelidov - GoDataFest 2022
 
MLOps CodeBreakfast on AWS - GoDataFest 2022
MLOps CodeBreakfast on AWS - GoDataFest 2022MLOps CodeBreakfast on AWS - GoDataFest 2022
MLOps CodeBreakfast on AWS - GoDataFest 2022
 
MLOps CodeBreakfast on Azure - GoDataFest 2022
MLOps CodeBreakfast on Azure - GoDataFest 2022MLOps CodeBreakfast on Azure - GoDataFest 2022
MLOps CodeBreakfast on Azure - GoDataFest 2022
 
Tableau vs. Power BI by Juan Manuel Perafan - GoDataFest 2022
Tableau vs. Power BI by Juan Manuel Perafan - GoDataFest 2022Tableau vs. Power BI by Juan Manuel Perafan - GoDataFest 2022
Tableau vs. Power BI by Juan Manuel Perafan - GoDataFest 2022
 
Deploying a Modern Data Stack by Lasse Benninga - GoDataFest 2022
Deploying a Modern Data Stack by Lasse Benninga - GoDataFest 2022Deploying a Modern Data Stack by Lasse Benninga - GoDataFest 2022
Deploying a Modern Data Stack by Lasse Benninga - GoDataFest 2022
 
The 7 Habits of Effective Data Driven Companies
The 7 Habits of Effective Data Driven CompaniesThe 7 Habits of Effective Data Driven Companies
The 7 Habits of Effective Data Driven Companies
 
DevOps for Data Science on Azure - Marcel de Vries (Xpirit) and Niels Zeilema...
DevOps for Data Science on Azure - Marcel de Vries (Xpirit) and Niels Zeilema...DevOps for Data Science on Azure - Marcel de Vries (Xpirit) and Niels Zeilema...
DevOps for Data Science on Azure - Marcel de Vries (Xpirit) and Niels Zeilema...
 
Artificial intelligence in actions: delivering a new experience to Formula 1 ...
Artificial intelligence in actions: delivering a new experience to Formula 1 ...Artificial intelligence in actions: delivering a new experience to Formula 1 ...
Artificial intelligence in actions: delivering a new experience to Formula 1 ...
 
Smart application on Azure at Vattenfall - Rens Weijers & Peter van 't Hof
Smart application on Azure at Vattenfall - Rens Weijers & Peter van 't HofSmart application on Azure at Vattenfall - Rens Weijers & Peter van 't Hof
Smart application on Azure at Vattenfall - Rens Weijers & Peter van 't Hof
 
Democratizing AI/ML with GCP - Abishay Rao (Google) at GoDataFest 2019
Democratizing AI/ML with GCP - Abishay Rao (Google) at GoDataFest 2019Democratizing AI/ML with GCP - Abishay Rao (Google) at GoDataFest 2019
Democratizing AI/ML with GCP - Abishay Rao (Google) at GoDataFest 2019
 
The world runs on AI - Tony Krijnen (Microsoft) at GoDataFest 2019
The world runs on AI - Tony Krijnen (Microsoft) at GoDataFest 2019The world runs on AI - Tony Krijnen (Microsoft) at GoDataFest 2019
The world runs on AI - Tony Krijnen (Microsoft) at GoDataFest 2019
 

Recently uploaded

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

AWS Well-Architected Webinar Security - Ben de Haan

  • 1. Well-architected Security Ben de Haan, Xebia Security Scaling security
  • 2. Feedback Ben de Haan AWS Meetup regular, serverless enthusiast Security consultant/engineer @ Xebia Security https://www.linkedin.com/in/ben-de-haan-65423441/ bdehaan@xebia.com A bit about me and this Webinar 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 3. How to scale cloud security 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 1. Setting a secure baseline 2. Mastering IAM 3. Leveraging Infrastructure as Code 4. Improving Detection 5. Automating response
  • 4. Guardrails, not gates Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 5. A secure baseline Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 6. Leverage AWS accounts Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 7. Setting a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 8. AWS Organizations AWS Control Tower Organization Formation (https://github.com/OlafConijn/AwsOrganizationFormation) Creating a secure baseline 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 9. Service Control Policies 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Allow only EU regions for non- global services Only allow access to billing data Only allow small EC2 instances Prod OU
  • 10. Absence of evidence is not evidence of absence IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Master IAM flow
  • 11. Can’t find an allow? Doesn’t mean it’s not there! (or can’t be added) IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 12. Explicit deny can be safer …and easier to troubleshoot IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 13. Explicit deny can be safer …and easier to troubleshoot IAM Flow 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
  • 14. Test your SCPs (and other policies) IAM simulator & simulation account 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 15. Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Attribute based access control
  • 16. Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html
  • 17. Attribute-based access control (ABAC) 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Why ABAC? • Scales better than ‘pure’ RBAC • Smaller/Fewer policies • (Resource limits… 🙃)
  • 18. IAM resources 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Useful resources: • Policy evaluation logic • https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evalu ation-logic.html • Duo Parliament (Policy linter) • https://github.com/duo-labs/parliament/ • Policy simulator • https://policysim.aws.amazon.com
  • 19. Leverage infrastructure as code Infrastructure as code: ‘Back-up of your infrastructure’ 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 20. Leverage infrastructure as code Next step: Immutable infrastructure 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 21. Leverage infrastructure as code Leverage pipelines Be mean to your code Don’t set pipelines to ‘God mode’! 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 22. Improving detection Improving detection: Threat modeling 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 23. Improving detection MITRE ATT&CK 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://attack.mitre.org/matrices/enterprise/cloud/aws/
  • 24. Automating response Automate the basics 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response
  • 25. Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response CloudTrail turned off?  Turn it back on (and alert)
  • 26. Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Assist analyst when things get complicated
  • 27. Automating response 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response Source: https://github.com/awslabs/aws-security- automation/ Access denied responder
  • 28. Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 1: Prevent Provide a secure baseline Get a black belt in IAM-fu Leverage infrastructure as code
  • 29. Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 2: Detect Understand your threat model Tailor your detection
  • 30. Conclusion 1. Introduction 2. Secure baseline 3. Mastering IAM 4. Leverage Infra as Code 5. Improving detection 6. Automating response 3: Respond Automate the basics Assist analysts
  • 31. Thanks for attending! Ben de Haan, Xebia Security