Slide 1

Slide 1 text

Security Elevated MENA AWS Community Day 2020

Slide 2

Slide 2 text

○ Passionate about security since high school ○ 12 years in Security ○ “Discovered” the cloud and fell in love! ○ Managed Security Services, Sirius computer Solutions ○ A Jiu Jitsu Practitioner ○ Look me up on Linkedin ■ https://www.linkedin.com/in/ahmadabugharbieh/ ■ Email: [email protected] Ahmed Abugharbia

Slide 3

Slide 3 text

Broadcasting from Chicago

Slide 4

Slide 4 text

Agenda ● Traditional Security ● Cloud Security Challenges ● Approaching Cloud Security

Slide 5

Slide 5 text

Traditional Security ● Network Security ● Vulnerability Management ● Security Operation Centers ● Red Team (Penetration Testers) ● Applications Security ● Governance and Compliance

Slide 6

Slide 6 text

AWS Cloud ● AWS Cloud is just different ○ Agile ○ Fast ○ Comprehensive ( So many Services) ○ Changes often ○ New Terminology

Slide 7

Slide 7 text

New concepts ● EC2 Instances ● S3 Buckets ● Containers ● Lambdas ● API Gateways ● And much more

Slide 8

Slide 8 text

We went from this:

Slide 9

Slide 9 text

To something like this:

Slide 10

Slide 10 text

So what has changed? Less emphasis on network security ● Smaller Attack surface ● New “types” of infrastructure ○ API Gateways, S3s, Lambda ● Attackers’ focus is shifting

Slide 11

Slide 11 text

So what has changed? More emphasis on Application Security ● New attack vectors ○ AWS Infra related ○ Applications related

Slide 12

Slide 12 text

So what has changed? Infrastructure as code ● DevOps Integrated security (DevSecOps) ● Faster Changes ● Easier to Audit?

Slide 13

Slide 13 text

So what has changed? Security as code ● Automated remediation ● Automated Incident response

Slide 14

Slide 14 text

How to deal with this? ● Learning ● Adapt ● Don't be a blocker

Slide 15

Slide 15 text

Shared Responsibility Model

Slide 16

Slide 16 text

Approaching Cloud Security Secure by default ● Cloud Security Framework ● DevOps Pipelines ● Security Pipelines

Slide 17

Slide 17 text

Approaching Cloud Security Manage Access ● Who has access? ● Is access too permissive?

Slide 18

Slide 18 text

Approaching Cloud Security Code Version Control ● Access to Repos ● Secrets in Github ● Public Code

Slide 19

Slide 19 text

Approaching Cloud Security Secrets Management ● SSM ● Hashicorp Vault

Slide 20

Slide 20 text

Approaching Cloud Security Logging ● Cloud watch ● Cloud Trail ● VPC Flow ● S3 Access Logs

Slide 21

Slide 21 text

Approaching Cloud Security Incident Handling ● IH Plan ○ Detect Incidents ○ Respond to Incident ● IH as Code

Slide 22

Slide 22 text

Utilize Native Services ● IAM ● KMS ● GuardDuty ● Cognito ● WAf & Shield ● Security Hub

Slide 23

Slide 23 text

Utilize Third party tools ● Cloud Custodian ○ https://cloudcustodian.io/ ● Security Monkey ○ https://github.com/Netflix/se curity_monkey ● A Secure Cloud ○ https://asecure.cloud/

Slide 24

Slide 24 text

Summary ● Everything is faster as code ● Cloud Elevated Development ● With that, Security was Elevated