advanced security automation made simple
play

Advanced Security Automation Made Simple Mark Nunnikhoven Vice - PowerPoint PPT Presentation

Sep 04, 2022 •371 likes •824 views

Advanced Security Automation Made Simple Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca The goal of cybersecurity Make sure that systems work as intended The goal of cybersecurity Make sure that systems work as

  1. Advanced Security Automation Made Simple Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca

  2. The goal of cybersecurity Make sure that systems work as intended

  3. The goal of cybersecurity Make sure that systems work as intended …and only as intended only as intended

  4. The Shared Responsibility Model Data Data Data Data Application Application Application Application OS OS OS OS Virtualization Virtualization Virtualization Virtualization Infrastructure Infrastructure Infrastructure Infrastructure Physical Physical Physical Physical On-premises 
 Infrastructure Container Abstract (Traditional) (IaaS) (PaaS) (SaaS) Service configuration Your responsibility AWS’ responsibility

  5. Security Operations Development

  6. Solving Problems 
 For Customers

  8. The Well-Architected Framework Cost Operational Performance Security Reliability Optimization Excellence E ffi ciency

  11. Automate

  12. Restrict Permissions

  13. The principle of least privilege Grant only those privileges which are essential to perform the intended function

  14. User Aurora MQ Permission Role Notebook S3 Bucket

  16. The steps 1. In an isolated test environment , apply a FullAccess policy or the permissions you believe are required 2. Complete the desired tasks 3. Compare against CloudTrail logs to verify actual permissions used 4. Use new policy to enforce the principle of least privilege 5. Repeat as code changes

  20. Many approaches… Console CloudTrail

  21. Many approaches… Console CloudTrail Lambda Policy

  22. Many approaches… Console CloudTrail Lambda Policy Lambda Athena S3 Bucket GitHub CloudWatch Slack Event

  23. Monitor S3 Exposure

  24. The principle of the face palm Do not make that which is secure, insecure

  25. { Amazon S3 AWS IAM Service Amazon Macie Warnings AWS Trusted Advisor AWS Well-Architected Tool

  26. ACL * S3 Bucket CloudWatch Lambda Event

  28. Track Production Logins

  29. The DevOps principle Systems, not users access production systems

  30. CloudWatch 
 Instance User Logs Lambda Slack

  31. The steps 1. Push critical system and application events to CloudWatch Logs 2. Subscribe to various log filters via AWS Lambda 3. Run security playbook automatically

  32. Forensic Isolation

  33. The Crichton principle If something unknown is happening, quarantine until you figure it out

  34. SNS Topic Instance User Lambda

  35. The steps 1. Security controls on instance alert on issue 2. Lambda triggered by alert 3. Change security group to make system inaccessible 4. Open security incident 5. Create forensic instance to analyze infected instance 6. …

  36. What’s Next?

  37. Sample ideas 1. Custom application logs to AWS Config (via rules) for centre compliance log 2. Correlate auto-scaling alerts with backend data to detect possible DDoS attacks 3. Detect unauthorized drift from applications & infrastructure CloudFormation templates 4. Streamline the incident response process, including restoring production to full capacity 5. Automatically find & mitigate vulnerabilities before deployment

  38. Don’t over complicate security

  39. Simple steps to automated success 1. Start manually 2. Determine risk tolerance 3. Lambda all the things

  40. Use two lanes Trigger Result

  41. Use two lanes CloudWatch Lambda Event Fast lane Slow lane Trigger Result Lambda CloudTrail

  42. The goal of cybersecurity Make sure that systems work as intended …and only as intended only as intended

  43. markn.ca/2019/aws-reinvent

  44. Thank you! Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca markn.ca/2019/aws-reinvent

  45. Please complete the session survey in the mobile app 40

Recommend

Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

SEC204-S Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca The cloud simplifies security. The cloud simplifies security. * When you understand how it works

1.76k views • 163 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
1 Automation Overview Definition Automation (automation, Automation ) : 1) set of all measures

1 Automation Overview Definition Automation (automation, Automation ) : 1) set of all measures

Industrial Automation Spring 2019, EPFL 1 Automation Overview Definition Automation (automation, Automation ) : 1) set of all measures aiming at replacing human work through machines (e.g. automation is applied science) 2) the

1.39k views • 63 slides
Infrastructure Automation Infrastructure Automation 2 Ansible Ansible What is Ansible?

Infrastructure Automation Infrastructure Automation 2 Ansible Ansible What is Ansible?

Infrastructure Automation Infrastructure Automation 2 Ansible Ansible What is Ansible? Ansible is an open source automation engine Why Ansible? Modular Idempotent Huge support/community Agentless Simple to learn

709 views • 29 slides
Security Automation and Optimization using HP-NA Florian Ecard SNE master student Supervisor:

Security Automation and Optimization using HP-NA Florian Ecard SNE master student Supervisor:

Security Automation and Optimization using HP-NA Florian Ecard SNE master student Supervisor: Olivier Willm 4 th February 2015 Security Automation and Optimization using HP-NA - What is HP Network Automation? - What were the objectives with

483 views • 13 slides
Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web applications work What does the tooling landscape look like How does automated security testing fail What can we do Image courtesy of

583 views • 56 slides
URT ... the impossible made simple... We are URT Our business model Market leader in: Global

URT ... the impossible made simple... We are URT Our business model Market leader in: Global

... the impossible made simple... URT ... the impossible made simple... We are URT Our business model Market leader in: Global Resistors locatjons Clear Skilled Technologies through alliance product Sensors people of leading

336 views • 9 slides
empower. NDIS made simple and easy for everyone. simple. effective. NDIS Management About Us.

empower. NDIS made simple and easy for everyone. simple. effective. NDIS Management About Us.

empower. NDIS made simple and easy for everyone. simple. effective. NDIS Management About Us. People and their advocates need more assistance with implementing plans. A role more akin to a case manager, who does much of the thinking and

379 views • 14 slides
Authentication made simple Investor Presentation May 14, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation May 14, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation May 14, 2020 (Nasdaq: IDN) Authentication made simple Proprietary and Confidential SAFE HARBOR STATEMENT Certain statements in this presentation constitute forward-looking

278 views • 24 slides
Home Security and Automation On The Road And At Home Eric McHenry (#2242) Region 12 // Greater

Home Security and Automation On The Road And At Home Eric McHenry (#2242) Region 12 // Greater

Home Security and Automation On The Road And At Home Eric McHenry (#2242) Region 12 // Greater Bay Area Airstream Club eric.mchenry@airstreamclub.net Topics Security and automation objectives Traditional vs. emerging home security and

594 views • 31 slides
Authentication made simple Investor Presentation April 3, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation April 3, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation April 3, 2020 (Nasdaq: IDN) Authentication made simple Proprietary and Confidential SAFE HARBOR STATEMENT Certain statements in this presentation constitute forward-looking

720 views • 23 slides
Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier, Xiaolu Hou and Yang Liu 10 September 2018 1 / 25 Table of Contents Background and Motivation 1 Overview of DATAC DFA Automation Tool for

727 views • 25 slides
Metasploitation H D Moore Director of Security Research (Exploit automation and IPS evasion)

Metasploitation H D Moore Director of Security Research (Exploit automation and IPS evasion)

Metasploitation H D Moore Director of Security Research (Exploit automation and IPS evasion) BreakingPoint Systems CanSecWest 2006 Agenda Introduction Metasploit 3 Automation IPS Evasion Examples 2 Introductions - Who?

675 views • 28 slides
PERFECT INSPECTION MADE SIMPLE cobago S.I.X. Intelligent app based platform for precise

PERFECT INSPECTION MADE SIMPLE cobago S.I.X. Intelligent app based platform for precise

PERFECT INSPECTION MADE SIMPLE cobago S.I.X. Intelligent app based platform for precise inspection and perfect service on the spot individual design, order processing, fulfillment and documentation Made simple.

443 views • 30 slides
Information Exchange Policy Automation Information Exchange Framework (IEF) December 5 th, 2011

Information Exchange Policy Automation Information Exchange Framework (IEF) December 5 th, 2011

1 Information Exchange Policy Automation Information Exchange Framework (IEF) December 5 th, 2011 Presented by: Mike Abramson President, Advanced Systems Management Group Special Adviser on public safety/security Open Interoperability

525 views • 26 slides
OXYGENATION MADE SAFE AND SIMPLE Developed and made in Denmark O2MATIC APS - NRRELUNDVEJ 10,

OXYGENATION MADE SAFE AND SIMPLE Developed and made in Denmark O2MATIC APS - NRRELUNDVEJ 10,

OXYGENATION MADE SAFE AND SIMPLE Developed and made in Denmark O2MATIC APS - NRRELUNDVEJ 10, 2730 HERLEV - DENMARK 1 19-05-2020 WWW.O2MATIC.COM INFO@O2MATIC.COM +45 50529810 OUR STORY Public-Private collaboration O2matic ApS is

604 views • 13 slides
Usability Studies Made Simple Usability Studies Made Simple Marla Lobley The Problem The

Usability Studies Made Simple Usability Studies Made Simple Marla Lobley The Problem The

Usability Studies Made Simple Usability Studies Made Simple Marla Lobley The Problem The Problem Photo by Oote Boe The Cost The Cost The Plan The Plan Simple Usability Studies Simple Usability Studies Test with 3 Test with 3 -5

408 views • 16 slides
Computer Vision Made Simple Reza Zadeh & Everyone at Matroid Twitter: @Reza_Zadeh, @Matroid

Computer Vision Made Simple Reza Zadeh & Everyone at Matroid Twitter: @Reza_Zadeh, @Matroid

Computer Vision Made Simple Reza Zadeh & Everyone at Matroid Twitter: @Reza_Zadeh, @Matroid Computer Vision Made Simple Millions of detectors and streams as easy as this Outline Overview of Infrastructure Matroid Live Demo New

357 views • 25 slides
THE PAST, PRESENT & FUTURE OF ENTERPRISE SECURITY THE GOLDEN AGE OF ATTACK AUTOMATION

THE PAST, PRESENT & FUTURE OF ENTERPRISE SECURITY THE GOLDEN AGE OF ATTACK AUTOMATION

THE PAST, PRESENT & FUTURE OF ENTERPRISE SECURITY THE GOLDEN AGE OF ATTACK AUTOMATION Marcello Salvati - @byt3bl33d3r - https://github.com/byt3bl33d3r - Lead researcher @coalfirelabs - Years of experience building open source security

657 views • 38 slides
mobile automation made awesome App Developers Conference Los Angeles, CA Nov 6 2013 Jonathan

mobile automation made awesome App Developers Conference Los Angeles, CA Nov 6 2013 Jonathan

mobile automation made awesome App Developers Conference Los Angeles, CA Nov 6 2013 Jonathan Lipps Sr Developer Sauce Labs @AppiumDevs @jlipps @saucelabs Ecosystem & Integrations Project Lead & Architect

899 views • 65 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security Data Science Joshua Neil Security Analytics Leader Advanced Security Center EY

Security Data Science Joshua Neil Security Analytics Leader Advanced Security Center EY

Security Data Science Joshua Neil Security Analytics Leader Advanced Security Center EY Powered by Agenda A Background, LANL and the EY/LANL Alliance Traditional Security and Operational Security Data B Science Advanced Analytics:

558 views • 24 slides
Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director

Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director

Dealing with IoT Security- Do nothing, Do simple things, or Do it RIGHT Sameer Dixit, Sr.Director Security Consulting IoT on A Rise IoT Security Frameworks and Standards NIST - International Cybersecurity Standardization for the Internet of

437 views • 11 slides
Benefits Assessment Methodology for an Air Traffic Control Tower Advanced Automation System Tom

Benefits Assessment Methodology for an Air Traffic Control Tower Advanced Automation System Tom

Benefits Assessment Methodology for an Air Traffic Control Tower Advanced Automation System Tom Reynolds, Rich Jordan, Masha Ishutkina, Rob Seater & Jim Kuchar 10 th AIAA Aviation Technology, Integration and Operations (ATIO) Conference Fort

366 views • 19 slides

More recommend