Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Elevated By Ahmed AbuGharbia

AWS MENA Community
September 25, 2020
Technology
2
63

Security Elevated By Ahmed AbuGharbia

Security Elevated
By Ahmed AbuGharbia

AWS MENA Community

September 25, 2020
Tweet

More Decks by AWS MENA Community

See All by AWS MENA Community
AWS UG DXB 2021 container series- IV
awsmena
1
77
Building Modern Applications on AWS with Persistent Storage
awsmena
0
48
Getting started with AWS Device Farm and Selenium WebDriver
awsmena
3
1.1k
Terraform CICD Best Practices
awsmena
2
80
How to select the righ EBS?
awsmena
1
74
AWS MENA Community Day - GitOps on AWS_ Codifying multi-cloud operations
awsmena
0
84
Serverless SaaS By Ali El Kontar
awsmena
1
71
Continuous verification for serverless applications By Gunnar Grosch
awsmena
1
34
AI/ML on AWS By Ahmed Raafat
awsmena
1
100

Other Decks in Technology

See All in Technology
"TEAM"を導入したら最高のエンジニア"Team"を実現できた / Deploying "TEAM" and Building the Best Engineering "Team"
yuj1osm
1
130
Amazon Q Developerの無料利用枠を使い倒してHello worldを表示させよう!
nrinetcom
PRO
2
110
内製化を加速させるlaC活用術
nrinetcom
PRO
2
140
(機械学習システムでも) SLO から始める信頼性構築 - ゆる SRE#9 2025/02/21
daigo0927
0
260
偏光画像処理ライブラリを作った話
elerac
1
170
Raycast Favorites × Script Command で実現するお手軽情報チェック
smasato
1
140
ExaDB-XSで利用されている Exadata Exascaleについて
oracle4engineer
PRO
3
240
Ruby on Railsで持続可能な開発を行うために取り組んでいること
am1157154
3
140
データベースの負荷を紐解く/untangle-the-database-load
emiki
2
500
Active Directory攻防
cryptopeg
PRO
8
5.4k
Two Blades, One Journey: Engineering While Managing
ohbarye
4
1.9k
2/18 Making Security Scale: メルカリが考えるセキュリティ戦略 - Coincheck x LayerX x Mercari
jsonf
0
190

Featured

See All Featured
Scaling GitHub
holman
459
140k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
Optimizing for Happiness
mojombo
376
70k
Site-Speed That Sticks
csswizardry
4
400
Unsuck your backbone
ammeep
669
57k
Facilitating Awesome Meetings
lara
52
6.2k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Designing Experiences People Love
moore
140
23k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.2k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k

Transcript

  1. Security Elevated MENA AWS Community Day 2020

  2. ◦ Passionate about security since high school ◦ 12 years

    in Security ◦ “Discovered” the cloud and fell in love! ◦ Managed Security Services, Sirius computer Solutions ◦ A Jiu Jitsu Practitioner ◦ Look me up on Linkedin ▪ https://www.linkedin.com/in/ahmadabugharbieh/ ▪ Email: [email protected] Ahmed Abugharbia

  3. Broadcasting from Chicago

  4. Agenda • Traditional Security • Cloud Security Challenges • Approaching

    Cloud Security

  5. Traditional Security • Network Security • Vulnerability Management • Security

    Operation Centers • Red Team (Penetration Testers) • Applications Security • Governance and Compliance

  6. AWS Cloud • AWS Cloud is just different ◦ Agile

    ◦ Fast ◦ Comprehensive ( So many Services) ◦ Changes often ◦ New Terminology

  7. New concepts • EC2 Instances • S3 Buckets • Containers

    • Lambdas • API Gateways • And much more

  8. We went from this:

  9. To something like this:

  10. So what has changed? Less emphasis on network security •

    Smaller Attack surface • New “types” of infrastructure ◦ API Gateways, S3s, Lambda • Attackers’ focus is shifting

  11. So what has changed? More emphasis on Application Security •

    New attack vectors ◦ AWS Infra related ◦ Applications related

  12. So what has changed? Infrastructure as code • DevOps Integrated

    security (DevSecOps) • Faster Changes • Easier to Audit?

  13. So what has changed? Security as code • Automated remediation

    • Automated Incident response

  14. How to deal with this? • Learning • Adapt •

    Don't be a blocker

  15. Shared Responsibility Model

  16. Approaching Cloud Security Secure by default • Cloud Security Framework

    • DevOps Pipelines • Security Pipelines

  17. Approaching Cloud Security Manage Access • Who has access? •

    Is access too permissive?

  18. Approaching Cloud Security Code Version Control • Access to Repos

    • Secrets in Github • Public Code

  19. Approaching Cloud Security Secrets Management • SSM • Hashicorp Vault

  20. Approaching Cloud Security Logging • Cloud watch • Cloud Trail

    • VPC Flow • S3 Access Logs

  21. Approaching Cloud Security Incident Handling • IH Plan ◦ Detect

    Incidents ◦ Respond to Incident • IH as Code

  22. Utilize Native Services • IAM • KMS • GuardDuty •

    Cognito • WAf & Shield • Security Hub

  23. Utilize Third party tools • Cloud Custodian ◦ https://cloudcustodian.io/ •

    Security Monkey ◦ https://github.com/Netflix/se curity_monkey • A Secure Cloud ◦ https://asecure.cloud/

  24. Summary • Everything is faster as code • Cloud Elevated

    Development • With that, Security was Elevated