Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Elevated By Ahmed AbuGharbia

AWS MENA Community
September 25, 2020
Technology
2
63

Security Elevated By Ahmed AbuGharbia

Security Elevated
By Ahmed AbuGharbia

AWS MENA Community

September 25, 2020
Tweet

More Decks by AWS MENA Community

See All by AWS MENA Community
AWS UG DXB 2021 container series- IV
awsmena
1
77
Building Modern Applications on AWS with Persistent Storage
awsmena
0
48
Getting started with AWS Device Farm and Selenium WebDriver
awsmena
3
1.1k
Terraform CICD Best Practices
awsmena
2
81
How to select the righ EBS?
awsmena
1
75
AWS MENA Community Day - GitOps on AWS_ Codifying multi-cloud operations
awsmena
0
84
Serverless SaaS By Ali El Kontar
awsmena
1
72
Continuous verification for serverless applications By Gunnar Grosch
awsmena
1
34
AI/ML on AWS By Ahmed Raafat
awsmena
1
100

Other Decks in Technology

See All in Technology
[OpsJAWS Meetup33 AIOps] Amazon Bedrockガードレールで守る安全なAI運用
akiratameto
1
100
事業を差別化する技術を生み出す技術
pyama86
2
330
ABWG2024採択者が語るエンジニアとしての自分自身の見つけ方〜発信して、つながって、世界を広げていく〜
maimyyym
1
190
開発組織を進化させる!AWSで実践するチームトポロジー
iwamot
2
450
Exadata Database Service on Cloud@Customer セキュリティ、ネットワーク、および管理について
oracle4engineer
PRO
2
1.5k
株式会社Awarefy(アウェアファイ)会社説明資料 / Awarefy-Company-Deck
awarefy
3
11k
AIエージェント入門
minorun365
PRO
32
19k
4th place solution Eedi - Mining Misconceptions in Mathematics
rist
0
150
エンジニアリング価値を黒字化する バリューベース戦略を用いた 技術戦略策定の道のり
kzkmaeda
7
3k
わたしがEMとして入社した「最初の100日」の過ごし方 / EMConfJp2025
daiksy
14
5.2k
あなたが人生で成功するための 5つの普遍的法則 #jawsug #jawsdays2025 / 20250301 HEROZ
yoshidashingo
2
310
MIMEと文字コードの闇
hirachan
2
1.4k

Featured

See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
7
650
Optimising Largest Contentful Paint
csswizardry
34
3.1k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Bootstrapping a Software Product
garrettdimon
PRO
306
110k
Speed Design
sergeychernyshev
27
810
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.2k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
260
How to Think Like a Performance Engineer
csswizardry
22
1.4k
Raft: Consensus for Rubyists
vanstee
137
6.8k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M

Transcript

  1. Security Elevated MENA AWS Community Day 2020

  2. ◦ Passionate about security since high school ◦ 12 years

    in Security ◦ “Discovered” the cloud and fell in love! ◦ Managed Security Services, Sirius computer Solutions ◦ A Jiu Jitsu Practitioner ◦ Look me up on Linkedin ▪ https://www.linkedin.com/in/ahmadabugharbieh/ ▪ Email: ahmed.abugharbia@gmail.com Ahmed Abugharbia

  3. Broadcasting from Chicago

  4. Agenda • Traditional Security • Cloud Security Challenges • Approaching

    Cloud Security

  5. Traditional Security • Network Security • Vulnerability Management • Security

    Operation Centers • Red Team (Penetration Testers) • Applications Security • Governance and Compliance

  6. AWS Cloud • AWS Cloud is just different ◦ Agile

    ◦ Fast ◦ Comprehensive ( So many Services) ◦ Changes often ◦ New Terminology

  7. New concepts • EC2 Instances • S3 Buckets • Containers

    • Lambdas • API Gateways • And much more

  8. We went from this:

  9. To something like this:

  10. So what has changed? Less emphasis on network security •

    Smaller Attack surface • New “types” of infrastructure ◦ API Gateways, S3s, Lambda • Attackers’ focus is shifting

  11. So what has changed? More emphasis on Application Security •

    New attack vectors ◦ AWS Infra related ◦ Applications related

  12. So what has changed? Infrastructure as code • DevOps Integrated

    security (DevSecOps) • Faster Changes • Easier to Audit?

  13. So what has changed? Security as code • Automated remediation

    • Automated Incident response

  14. How to deal with this? • Learning • Adapt •

    Don't be a blocker

  15. Shared Responsibility Model

  16. Approaching Cloud Security Secure by default • Cloud Security Framework

    • DevOps Pipelines • Security Pipelines

  17. Approaching Cloud Security Manage Access • Who has access? •

    Is access too permissive?

  18. Approaching Cloud Security Code Version Control • Access to Repos

    • Secrets in Github • Public Code

  19. Approaching Cloud Security Secrets Management • SSM • Hashicorp Vault

  20. Approaching Cloud Security Logging • Cloud watch • Cloud Trail

    • VPC Flow • S3 Access Logs

  21. Approaching Cloud Security Incident Handling • IH Plan ◦ Detect

    Incidents ◦ Respond to Incident • IH as Code

  22. Utilize Native Services • IAM • KMS • GuardDuty •

    Cognito • WAf & Shield • Security Hub

  23. Utilize Third party tools • Cloud Custodian ◦ https://cloudcustodian.io/ •

    Security Monkey ◦ https://github.com/Netflix/se curity_monkey • A Secure Cloud ◦ https://asecure.cloud/

  24. Summary • Everything is faster as code • Cloud Elevated

    Development • With that, Security was Elevated