Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Scaling threat detection and response in AWS
Search
Zamira Jaupaj
November 29, 2021
Technology
150
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Scaling threat detection and response in AWS
Zamira Jaupaj
November 29, 2021
More Decks by Zamira Jaupaj
See All by Zamira Jaupaj
Control Tower And AWS Landing Zone
zamira
0
490
How to Build an AI-driven serverless application without any AI experience
zamira
0
33
Centralize Logging Multi AWS Accounts
zamira
0
75
Other Decks in Technology
See All in Technology
初めてのDatabricks勉強会
taka_aki
2
230
AI・ロボティクスと自動化社会 / AI, Robotics, and the Automated Society
ks91
PRO
0
150
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
220
技術・能力を向上する原理原則 #きのこセッションa #きのこ2026
bash0c7
0
200
#エンジニアBooks 30分でわかる 「技術記事を書く技術」 / engineer-books 2026-06-30
jnchito
1
170
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
11k
トークン最適化のためのユーザーストーリー分析 / User Story Analysis for Token Optimization
oomatomo
0
160
10x Speed With QA Agent Platform - How we scaled adoption from individual effort to organizational capability
lycorptech_jp
PRO
0
120
RAGの精度向上とエージェント活用
kintotechdev
2
120
Docker Desktop不要の時代が来る? WSL標準の「wslc」で Linuxコンテナを動かしてみた.
ueponx
0
570
プロンプト_きのこカンファレンス2026_LT
yurufuwahealer
0
120
Keeping applications secure by evolving OAuth 2.0 and OpenID Connect
ahus1
PRO
1
130
Featured
See All Featured
Building Applications with DynamoDB
mza
96
7.1k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.4k
Heart Work Chapter 1 - Part 1
lfama
PRO
8
36k
Building the Perfect Custom Keyboard
takai
2
810
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
170
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.3k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
300
Raft: Consensus for Rubyists
vanstee
141
7.6k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
My Coaching Mixtape
mlcsv
0
160
How STYLIGHT went responsive
nonsquared
100
6.2k
Transcript
© 2019, Amazon Web Services, Inc. or its affiliates. All
rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling threat detection and response in AWS Zamira Jaupaj Solutions Architect @AWS 11/29/21 Twitter @Zamirajaupaj
© 2019, Amazon Web Services, Inc. or its affiliates. All
rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 11/29/21 Twitter @Zamirajaupaj • Attacker lifecycle
© 2019, Amazon Web Services, Inc. or its affiliates. All
rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is threat detection so hard? Skills shortage Signal to noise Large datasets
© 2019, Amazon Web Services, Inc. or its affiliates. All
rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment Detective controls AWS Security Hub Centrally view & manage security alerts & automate compliance checks Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads Amazon Inspector Automates security assessments to help improve the security and compliance of applications deployed on AWS Amazon CloudWatch Complete visibility of your cloud resources and applications to collect metrics, monitor log files, set alarms, and automatically react to changes AWS Config Record and evaluate configurations of your AWS resources to enable compliance auditing, resource change tracking, & security analysis AWS CloudTrail Track user activity and API usage to enable governance, compliance, and operational/risk auditing of your AWS account VPC Flow Logs Capture info about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs
© 2019, Amazon Web Services, Inc. or its affiliates. All
rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Attacker lifecycle: Stages Reconnaissance Establish foothold Escalate privileges Internal reconnaissance Maintain persistence
© 2019, Amazon Web Services, Inc. or its affiliates. All
rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 Bucket “Data Backup” Internal Data Service Bad Person Amazon S3 Bucket “Website Images” Web Server Instance Internet AWS Account Internet Gateway 1 2 3 4 5 1 Access the vulnerable web application 2 Pivot to the data service 3 Delete the website image files 4 Change permissions to the data backup 5 Download the data backup
© 2019, Amazon Web Services, Inc. or its affiliates. All
rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. What happened AWS Lambda Amazon SNS Security analyst Respond Detect and investigate AWS Security Hub Amazon Macie Amazon GuardDuty AWS CloudTrail Amazon CloudWatch Events Amazon CloudWatch logs DNS logs Amazon Inspector Amazon S3 Amazon VPC flow logs AWS Cloud VPC Public subnet Compromised instance Subnet 2 Elastic IP in custom threat list Availability zone Public subnet Malicious host Subnet 1 Bucket The attack 1 2 4 3 API calls Bucket changes API Gateway endpoints SSH brute force attack 5 Amazon Inspector Inspector assessment
© 2019, Amazon Web Services, Inc. or its affiliates. All
rights reserved. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Share your feedback with us! Thank You! Twitter @Zamirajaupaj https://eventbox.dev/survey/7TJITXC