advanced security automation made simple
play

Advanced Security Automation Made Simple Mark Nunnikhoven Vice - PowerPoint PPT Presentation

Advanced Security Automation Made Simple Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca The goal of cybersecurity Make sure that systems work as intended The goal of cybersecurity Make sure that systems work as


  1. Advanced Security Automation Made Simple Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca

  2. The goal of cybersecurity Make sure that systems work as intended

  3. The goal of cybersecurity Make sure that systems work as intended …and only as intended only as intended

  4. The Shared Responsibility Model Data Data Data Data Application Application Application Application OS OS OS OS Virtualization Virtualization Virtualization Virtualization Infrastructure Infrastructure Infrastructure Infrastructure Physical Physical Physical Physical On-premises 
 Infrastructure Container Abstract (Traditional) (IaaS) (PaaS) (SaaS) Service configuration Your responsibility AWS’ responsibility

  5. Security Operations Development

  6. Solving Problems 
 For Customers

  7. The Well-Architected Framework Cost Operational Performance Security Reliability Optimization Excellence E ffi ciency

  8. Automate

  9. Restrict Permissions

  10. The principle of least privilege Grant only those privileges which are essential to perform the intended function

  11. User Aurora MQ Permission Role Notebook S3 Bucket

  12. The steps 1. In an isolated test environment , apply a FullAccess policy or the permissions you believe are required 2. Complete the desired tasks 3. Compare against CloudTrail logs to verify actual permissions used 4. Use new policy to enforce the principle of least privilege 5. Repeat as code changes

  13. Many approaches… Console CloudTrail

  14. Many approaches… Console CloudTrail Lambda Policy

  15. Many approaches… Console CloudTrail Lambda Policy Lambda Athena S3 Bucket GitHub CloudWatch Slack Event

  16. Monitor S3 Exposure

  17. The principle of the face palm Do not make that which is secure, insecure

  18. { Amazon S3 AWS IAM Service Amazon Macie Warnings AWS Trusted Advisor AWS Well-Architected Tool

  19. ACL * S3 Bucket CloudWatch Lambda Event

  20. Track Production Logins

  21. The DevOps principle Systems, not users access production systems

  22. CloudWatch 
 Instance User Logs Lambda Slack

  23. The steps 1. Push critical system and application events to CloudWatch Logs 2. Subscribe to various log filters via AWS Lambda 3. Run security playbook automatically

  24. Forensic Isolation

  25. The Crichton principle If something unknown is happening, quarantine until you figure it out

  26. SNS Topic Instance User Lambda

  27. The steps 1. Security controls on instance alert on issue 2. Lambda triggered by alert 3. Change security group to make system inaccessible 4. Open security incident 5. Create forensic instance to analyze infected instance 6. …

  28. What’s Next?

  29. Sample ideas 1. Custom application logs to AWS Config (via rules) for centre compliance log 2. Correlate auto-scaling alerts with backend data to detect possible DDoS attacks 3. Detect unauthorized drift from applications & infrastructure CloudFormation templates 4. Streamline the incident response process, including restoring production to full capacity 5. Automatically find & mitigate vulnerabilities before deployment

  30. Don’t over complicate security

  31. Simple steps to automated success 1. Start manually 2. Determine risk tolerance 3. Lambda all the things

  32. Use two lanes Trigger Result

  33. Use two lanes CloudWatch Lambda Event Fast lane Slow lane Trigger Result Lambda CloudTrail

  34. The goal of cybersecurity Make sure that systems work as intended …and only as intended only as intended

  35. markn.ca/2019/aws-reinvent

  36. Thank you! Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca markn.ca/2019/aws-reinvent

  37. Please complete the session survey in the mobile app 40

Recommend


More recommend