Security Elevated By Ahmed AbuGharbia

Security Elevated MENA AWS Community Day 2020

◦ Passionate about security since high school ◦ 12 years
in Security ◦ “Discovered” the cloud and fell in love! ◦ Managed Security Services, Sirius computer Solutions ◦ A Jiu Jitsu Practitioner ◦ Look me up on Linkedin ▪ https://www.linkedin.com/in/ahmadabugharbieh/ ▪ Email: [email protected] Ahmed Abugharbia

Broadcasting from Chicago

Agenda • Traditional Security • Cloud Security Challenges • Approaching
Cloud Security

Traditional Security • Network Security • Vulnerability Management • Security
Operation Centers • Red Team (Penetration Testers) • Applications Security • Governance and Compliance

AWS Cloud • AWS Cloud is just different ◦ Agile
◦ Fast ◦ Comprehensive ( So many Services) ◦ Changes often ◦ New Terminology

New concepts • EC2 Instances • S3 Buckets • Containers
• Lambdas • API Gateways • And much more

We went from this:

To something like this:

So what has changed? Less emphasis on network security •
Smaller Attack surface • New “types” of infrastructure ◦ API Gateways, S3s, Lambda • Attackers’ focus is shifting

So what has changed? More emphasis on Application Security •
New attack vectors ◦ AWS Infra related ◦ Applications related

So what has changed? Infrastructure as code • DevOps Integrated
security (DevSecOps) • Faster Changes • Easier to Audit?

So what has changed? Security as code • Automated remediation
• Automated Incident response

How to deal with this? • Learning • Adapt •
Don't be a blocker

Shared Responsibility Model

Approaching Cloud Security Secure by default • Cloud Security Framework
• DevOps Pipelines • Security Pipelines

Approaching Cloud Security Manage Access • Who has access? •
Is access too permissive?

Approaching Cloud Security Code Version Control • Access to Repos
• Secrets in Github • Public Code

Approaching Cloud Security Secrets Management • SSM • Hashicorp Vault

Approaching Cloud Security Logging • Cloud watch • Cloud Trail
• VPC Flow • S3 Access Logs

Approaching Cloud Security Incident Handling • IH Plan ◦ Detect
Incidents ◦ Respond to Incident • IH as Code

Utilize Native Services • IAM • KMS • GuardDuty •
Cognito • WAf & Shield • Security Hub

Utilize Third party tools • Cloud Custodian ◦ https://cloudcustodian.io/ •
Security Monkey ◦ https://github.com/Netflix/se curity_monkey • A Secure Cloud ◦ https://asecure.cloud/

Summary • Everything is faster as code • Cloud Elevated
Development • With that, Security was Elevated

Security Elevated By Ahmed AbuGharbia

Security Elevated By Ahmed AbuGharbia

AWS MENA Community

More Decks by AWS MENA Community

Other Decks in Technology

Featured

Transcript

Security Elevated MENA AWS Community Day 2020

◦ Passionate about security since high school ◦ 12 years

Broadcasting from Chicago

Agenda • Traditional Security • Cloud Security Challenges • Approaching

Traditional Security • Network Security • Vulnerability Management • Security

AWS Cloud • AWS Cloud is just different ◦ Agile

New concepts • EC2 Instances • S3 Buckets • Containers

We went from this:

To something like this:

So what has changed? Less emphasis on network security •

So what has changed? More emphasis on Application Security •

So what has changed? Infrastructure as code • DevOps Integrated

So what has changed? Security as code • Automated remediation

How to deal with this? • Learning • Adapt •

Shared Responsibility Model

Approaching Cloud Security Secure by default • Cloud Security Framework

Approaching Cloud Security Manage Access • Who has access? •

Approaching Cloud Security Code Version Control • Access to Repos

Approaching Cloud Security Secrets Management • SSM • Hashicorp Vault

Approaching Cloud Security Logging • Cloud watch • Cloud Trail

Approaching Cloud Security Incident Handling • IH Plan ◦ Detect

Utilize Native Services • IAM • KMS • GuardDuty •

Utilize Third party tools • Cloud Custodian ◦ https://cloudcustodian.io/ •

Summary • Everything is faster as code • Cloud Elevated