advanced security automation made simple
play

Advanced Security Automation Made Simple Mark Nunnikhoven Vice - PowerPoint PPT Presentation

Sep 04, 2022 •371 likes •824 views

Advanced Security Automation Made Simple Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca The goal of cybersecurity Make sure that systems work as intended The goal of cybersecurity Make sure that systems work as

  1. Advanced Security Automation Made Simple Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca

  2. The goal of cybersecurity Make sure that systems work as intended

  3. The goal of cybersecurity Make sure that systems work as intended …and only as intended only as intended

  4. The Shared Responsibility Model Data Data Data Data Application Application Application Application OS OS OS OS Virtualization Virtualization Virtualization Virtualization Infrastructure Infrastructure Infrastructure Infrastructure Physical Physical Physical Physical On-premises 
 Infrastructure Container Abstract (Traditional) (IaaS) (PaaS) (SaaS) Service configuration Your responsibility AWS’ responsibility

  5. Security Operations Development

  6. Solving Problems 
 For Customers

  8. The Well-Architected Framework Cost Operational Performance Security Reliability Optimization Excellence E ffi ciency

  11. Automate

  12. Restrict Permissions

  13. The principle of least privilege Grant only those privileges which are essential to perform the intended function

  14. User Aurora MQ Permission Role Notebook S3 Bucket

  16. The steps 1. In an isolated test environment , apply a FullAccess policy or the permissions you believe are required 2. Complete the desired tasks 3. Compare against CloudTrail logs to verify actual permissions used 4. Use new policy to enforce the principle of least privilege 5. Repeat as code changes

  20. Many approaches… Console CloudTrail

  21. Many approaches… Console CloudTrail Lambda Policy

  22. Many approaches… Console CloudTrail Lambda Policy Lambda Athena S3 Bucket GitHub CloudWatch Slack Event

  23. Monitor S3 Exposure

  24. The principle of the face palm Do not make that which is secure, insecure

  25. { Amazon S3 AWS IAM Service Amazon Macie Warnings AWS Trusted Advisor AWS Well-Architected Tool

  26. ACL * S3 Bucket CloudWatch Lambda Event

  28. Track Production Logins

  29. The DevOps principle Systems, not users access production systems

  30. CloudWatch 
 Instance User Logs Lambda Slack

  31. The steps 1. Push critical system and application events to CloudWatch Logs 2. Subscribe to various log filters via AWS Lambda 3. Run security playbook automatically

  32. Forensic Isolation

  33. The Crichton principle If something unknown is happening, quarantine until you figure it out

  34. SNS Topic Instance User Lambda

  35. The steps 1. Security controls on instance alert on issue 2. Lambda triggered by alert 3. Change security group to make system inaccessible 4. Open security incident 5. Create forensic instance to analyze infected instance 6. …

  36. What’s Next?

  37. Sample ideas 1. Custom application logs to AWS Config (via rules) for centre compliance log 2. Correlate auto-scaling alerts with backend data to detect possible DDoS attacks 3. Detect unauthorized drift from applications & infrastructure CloudFormation templates 4. Streamline the incident response process, including restoring production to full capacity 5. Automatically find & mitigate vulnerabilities before deployment

  38. Don’t over complicate security

  39. Simple steps to automated success 1. Start manually 2. Determine risk tolerance 3. Lambda all the things

  40. Use two lanes Trigger Result

  41. Use two lanes CloudWatch Lambda Event Fast lane Slow lane Trigger Result Lambda CloudTrail

  42. The goal of cybersecurity Make sure that systems work as intended …and only as intended only as intended

  43. markn.ca/2019/aws-reinvent

  44. Thank you! Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca markn.ca/2019/aws-reinvent

  45. Please complete the session survey in the mobile app 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President,

SEC204-S Strong security made simple: Putting all the pieces together Mark Nunnikhoven Vice President, Cloud Research at Trend Micro @marknca The cloud simplifies security. The cloud simplifies security. * When you understand how it works

1.76k views • 163 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
1 Automation Overview Definition Automation (automation, Automation ) : 1) set of all measures

1 Automation Overview Definition Automation (automation, Automation ) : 1) set of all measures

Industrial Automation Spring 2019, EPFL 1 Automation Overview Definition Automation (automation, Automation ) : 1) set of all measures aiming at replacing human work through machines (e.g. automation is applied science) 2) the

1.39k views • 63 slides
Infrastructure Automation Infrastructure Automation 2 Ansible Ansible What is Ansible?

Infrastructure Automation Infrastructure Automation 2 Ansible Ansible What is Ansible?

Infrastructure Automation Infrastructure Automation 2 Ansible Ansible What is Ansible? Ansible is an open source automation engine Why Ansible? Modular Idempotent Huge support/community Agentless Simple to learn

709 views • 29 slides
Security Automation and Optimization using HP-NA Florian Ecard SNE master student Supervisor:

Security Automation and Optimization using HP-NA Florian Ecard SNE master student Supervisor:

Security Automation and Optimization using HP-NA Florian Ecard SNE master student Supervisor: Olivier Willm 4 th February 2015 Security Automation and Optimization using HP-NA - What is HP Network Automation? - What were the objectives with

483 views • 13 slides
Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web applications work What does the tooling landscape look like How does automated security testing fail What can we do Image courtesy of

583 views • 56 slides
URT ... the impossible made simple... We are URT Our business model Market leader in: Global

URT ... the impossible made simple... We are URT Our business model Market leader in: Global

... the impossible made simple... URT ... the impossible made simple... We are URT Our business model Market leader in: Global Resistors locatjons Clear Skilled Technologies through alliance product Sensors people of leading

336 views • 9 slides
empower. NDIS made simple and easy for everyone. simple. effective. NDIS Management About Us.

empower. NDIS made simple and easy for everyone. simple. effective. NDIS Management About Us.

empower. NDIS made simple and easy for everyone. simple. effective. NDIS Management About Us. People and their advocates need more assistance with implementing plans. A role more akin to a case manager, who does much of the thinking and

379 views • 14 slides
Authentication made simple Investor Presentation May 14, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation May 14, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation May 14, 2020 (Nasdaq: IDN) Authentication made simple Proprietary and Confidential SAFE HARBOR STATEMENT Certain statements in this presentation constitute forward-looking

278 views • 24 slides
Home Security and Automation On The Road And At Home Eric McHenry (#2242) Region 12 // Greater

Home Security and Automation On The Road And At Home Eric McHenry (#2242) Region 12 // Greater

Home Security and Automation On The Road And At Home Eric McHenry (#2242) Region 12 // Greater Bay Area Airstream Club eric.mchenry@airstreamclub.net Topics Security and automation objectives Traditional vs. emerging home security and

594 views • 31 slides
Authentication made simple Investor Presentation April 3, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation April 3, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation April 3, 2020 (Nasdaq: IDN) Authentication made simple Proprietary and Confidential SAFE HARBOR STATEMENT Certain statements in this presentation constitute forward-looking

720 views • 23 slides
Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier, Xiaolu Hou and Yang Liu 10 September 2018 1 / 25 Table of Contents Background and Motivation 1 Overview of DATAC DFA Automation Tool for

727 views • 25 slides
Metasploitation H D Moore Director of Security Research (Exploit automation and IPS evasion)

Metasploitation H D Moore Director of Security Research (Exploit automation and IPS evasion)

Metasploitation H D Moore Director of Security Research (Exploit automation and IPS evasion) BreakingPoint Systems CanSecWest 2006 Agenda Introduction Metasploit 3 Automation IPS Evasion Examples 2 Introductions - Who?

675 views • 28 slides
PERFECT INSPECTION MADE SIMPLE cobago S.I.X. Intelligent app based platform for precise

PERFECT INSPECTION MADE SIMPLE cobago S.I.X. Intelligent app based platform for precise

PERFECT INSPECTION MADE SIMPLE cobago S.I.X. Intelligent app based platform for precise inspection and perfect service on the spot individual design, order processing, fulfillment and documentation Made simple.

443 views • 30 slides
Information Exchange Policy Automation Information Exchange Framework (IEF) December 5 th, 2011

Information Exchange Policy Automation Information Exchange Framework (IEF) December 5 th, 2011

1 Information Exchange Policy Automation Information Exchange Framework (IEF) December 5 th, 2011 Presented by: Mike Abramson President, Advanced Systems Management Group Special Adviser on public safety/security Open Interoperability

525 views • 26 slides
OXYGENATION MADE SAFE AND SIMPLE Developed and made in Denmark O2MATIC APS - NRRELUNDVEJ 10,

OXYGENATION MADE SAFE AND SIMPLE Developed and made in Denmark O2MATIC APS - NRRELUNDVEJ 10,

OXYGENATION MADE SAFE AND SIMPLE Developed and made in Denmark O2MATIC APS - NRRELUNDVEJ 10, 2730 HERLEV - DENMARK 1 19-05-2020 WWW.O2MATIC.COM INFO@O2MATIC.COM +45 50529810 OUR STORY Public-Private collaboration O2matic ApS is

604 views • 13 slides
SECURITY CHALLENGES FOR INTERNET TECHNOLOGIES ON MOBILE DEVICES Key Questions 1. How are Web

SECURITY CHALLENGES FOR INTERNET TECHNOLOGIES ON MOBILE DEVICES Key Questions 1. How are Web

Anil Dhawan, Program Manager Rich Internet Applications Windows Mobile [anild@microsoft.com] Geir Olsen, Program Manager Security for Windows Mobile [geiro@microsoft.com] Microsoft Corp SECURITY CHALLENGES FOR INTERNET TECHNOLOGIES ON

454 views • 6 slides
Application access to directories opening Pandoras box Victoriano Giralt Central Computing

Application access to directories opening Pandoras box Victoriano Giralt Central Computing

The problem The cure The solution Application access to directories opening Pandoras box Victoriano Giralt Central Computing Facility University of Mlaga A November 5th, 2008 Victoriano Giralt Application access to

1.11k views • 78 slides
Design and Architectural Principles Internet Security [1] VU Engin Kirda

Design and Architectural Principles Internet Security [1] VU Engin Kirda

Design and Architectural Principles Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at News from the Lab Challenge 4 will be announced today (16:00) after the lecture E-Mail

384 views • 34 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
Landlock LSM: toward unprivileged sandboxing Micka el Sala un ANSSI September 14, 2017 1 /

Landlock LSM: toward unprivileged sandboxing Micka el Sala un ANSSI September 14, 2017 1 /

Landlock LSM: toward unprivileged sandboxing Micka el Sala un ANSSI September 14, 2017 1 / 21 Secure user-space software How to harden an application? secure development follow the least privilege principle compartmentalize

789 views • 61 slides
Risk Management Who I Am B.S. Business Administration MIS Master of Business

Risk Management Who I Am B.S. Business Administration MIS Master of Business

Risk Management Who I Am B.S. Business Administration MIS Master of Business Administration (MBA) Information Assurance Consulting SFS Scholar School of Nursing Graduate Assistant Security Development

446 views • 27 slides
Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the program enforces expected C onfidentiality I ntegrity A vailability How can we look at software component and assess its

837 views • 49 slides
Border Control: Sandboxing Accelerators L. E. Olson, Jason Power, Mark. D. Hill and David A.Wood

Border Control: Sandboxing Accelerators L. E. Olson, Jason Power, Mark. D. Hill and David A.Wood

Border Control: Sandboxing Accelerators L. E. Olson, Jason Power, Mark. D. Hill and David A.Wood University of Wisconsin-Madison Presented by : Yash Bhalgat, Arun Subramaniyan Key Id Ideas and goals Sharing memory between host and

596 views • 21 slides

More recommend