SlideShare a Scribd company logo

Automated Infrastructure Security: Monitoring using FOSS

Sonatype , profile picture
Sonatype

The document discusses automated infrastructure security monitoring using the ELK stack and AWS Lambda, highlighting the use of Elastalert to defend against SSH brute force attacks. It details the architecture, use cases, and specific implementations to enhance security, including IP whitelisting and real-time logging. The presentation also emphasizes the need for more attack signatures and discusses potential alternatives to the current stack.

Software
Related topics:
Red Team Blue Team security-policy
1 of 17
Downloaded 31 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Automated Infrastructure Security Monitoring using FOSS #AllDayDevOps @madhuakula, Automation Ninja Appsecco
About Me ! Automation Ninja at Appsecco Appsecco is a specialist application security company Interested in Security, DevOps & Cloud Found bugs in Google, Microsoft, Yahoo, etc Never ending learner! Follow (or) Tweet to me @madhuakula 2
What we are covering today? ELK stack to analyse and visualise logs in near real­time ElastAlert to create rules to automatically defend against SSH bruteforce attacks AWS Lambda to do this, since our infra is hosted on AWS Python based Chalice framework for using AWS Lambda 3
Architecture 4
Automated Defence Demo Appsecco Automated Infrastructure Security Monitoring Demo (ELK + AWS Lambda) http://bit.ly/addo­aism 5
AWS Lambda ­ Chalice Code https://github.com/appsecco/alldaydevops­aism 6
Security for our AWS Lambda We are primarily doing the following two things 1. A sufficiently random token to protect the request when we post the IP address from ElastAlert 2. Whitelist the IP address of the host where the  HTTP POST  request originates from 7
Use Cases for Automated Defence 1. Automated Defender (Attack Alerts + Automated Firewall) 2. Security Analytics + Reports 3. Near real­time Centralised Log Monitoring 8
Attack Scenario : Wordpress XML­RPC https://blog.appsecco.com/analysing­attacks­on­a­wordpress­xml­rpc­using­an­ elk­stack­3bf25a7e36cc 9
Needs Improvement More attack signatures required For example OSSEC Wazuh Ruleset Improve the ElastAlert Alerter custom code Any suggestions from your side 10
Alternatives to our stack Stack  Elastic  Graylog  TICK Stack  Prometheus + Grafana Serverless  AWS Lambda  Azure Functions  Cloud Functions 11
Our assumptions You are already monitoring in near real­time using the ELK stack You are under attack for a specific service You have configured ElastAlert for your alerting 12
In Summary We created attack threshold rules in ElastAlert We created an AWS Lambda endpoint to be able to modify AWS VPC Network ACLs We have a real­time blocking system infinitely scalable 13
References Blog Post Elastic Elast Alert AWS Lambda Chalice 14
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSS
Thanks @madhuakula | @appseccouk | http://appsecco.com

More Related Content

PDF
Prepare to defend thyself with Blue/Green
Sonatype
 
PDF
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Sonatype
 
PDF
There is No Server: Immutable Infrastructure and Serverless Architecture
Sonatype
 
PDF
Serverless security - how to protect what you don't see?
Sqreen
 
PDF
Security as Code: DOES15
Ed Bellis
 
PDF
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Matt Raible
 
PDF
Kubernetes security
Thomas Fricke
 
PDF
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Sonatype
 
Prepare to defend thyself with Blue/Green
Sonatype
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Sonatype
 
There is No Server: Immutable Infrastructure and Serverless Architecture
Sonatype
 
Serverless security - how to protect what you don't see?
Sqreen
 
Security as Code: DOES15
Ed Bellis
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Matt Raible
 
Kubernetes security
Thomas Fricke
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Sonatype
 

What's hot (20)

PDF
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Lacework
 
PDF
Policy as code what helm developers need to know about security
LibbySchulze
 
PDF
DevSecCon London 2017: Hands-on secure software development from design to de...
DevSecCon
 
PDF
Application Security in a Container World - Akash Mahajan - BCC 2017
CodeOps Technologies LLP
 
PPTX
DevOps & Security: Here & Now
Checkmarx
 
PPT
Continuous integration
Andrey Zhupanenko
 
PDF
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
PDF
The Future of Security and Productivity in Our Newly Remote World
DevOps.com
 
PDF
Create Disposable Test Environments with Vagrant and Puppet
Gene Gotimer
 
PPTX
Automated Infrastructure Testing
Ranjib Dey
 
PPTX
Third Party Performance (Velocity, 2014)
Guy Podjarny
 
PDF
Security Patterns for Microservice Architectures - SpringOne 2020
Matt Raible
 
PDF
Security as Code: A DevSecOps Approach
VMware Tanzu
 
PDF
System Hardening Using Ansible
Sonatype
 
PDF
Security Patterns for Microservice Architectures - London Java Community 2020
Matt Raible
 
PPTX
Pipeline your pipelines!
Giulio Vian
 
PPTX
Shift Left - How to improve your security with checkov before it’s going to p...
Anton Grübel
 
PDF
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava
 
PDF
NetflixOSS: The Netflix Way
Diego Pacheco
 
PDF
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
Felipe Prado
 
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Lacework
 
Policy as code what helm developers need to know about security
LibbySchulze
 
DevSecCon London 2017: Hands-on secure software development from design to de...
DevSecCon
 
Application Security in a Container World - Akash Mahajan - BCC 2017
CodeOps Technologies LLP
 
DevOps & Security: Here & Now
Checkmarx
 
Continuous integration
Andrey Zhupanenko
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
The Future of Security and Productivity in Our Newly Remote World
DevOps.com
 
Create Disposable Test Environments with Vagrant and Puppet
Gene Gotimer
 
Automated Infrastructure Testing
Ranjib Dey
 
Third Party Performance (Velocity, 2014)
Guy Podjarny
 
Security Patterns for Microservice Architectures - SpringOne 2020
Matt Raible
 
Security as Code: A DevSecOps Approach
VMware Tanzu
 
System Hardening Using Ansible
Sonatype
 
Security Patterns for Microservice Architectures - London Java Community 2020
Matt Raible
 
Pipeline your pipelines!
Giulio Vian
 
Shift Left - How to improve your security with checkov before it’s going to p...
Anton Grübel
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava
 
NetflixOSS: The Netflix Way
Diego Pacheco
 
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
Felipe Prado
 
Ad

Viewers also liked (20)

PPTX
Developing highly scalable applications with Symfony and RabbitMQ
Alexey Petrov
 
PPTX
CloudStack EU user group - Trillian
ShapeBlue
 
PDF
Linux Malware Analysis
Cysinfo Cyber Security Community
 
PDF
Chicago AWS user group meetup - May 2014 at Cohesive
AWS Chicago
 
DOC
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav Srivastav
 
PDF
Aws + Puppet = Dynamic Scale
Puppet
 
PPTX
e-Extortion Trends and Defense
Erik Iker
 
PDF
Astricon 2016 - Scaling ARI and Production
Dan Jenkins
 
PPTX
Python Pants Build System for Large Codebases
Angad Singh
 
PPTX
Apache Ambari: Managing Hadoop and YARN
Hortonworks
 
PDF
Bridging the Gap: Connecting AWS and Kafka
Pengfei (Jason) Li
 
PDF
Powerupcloud - Customer Case Studies
Jonathyan Maas ☁
 
PDF
Platform - Technical architecture
David Rundle
 
PPT
Jake Fox Pd. 5
LigScience2
 
PDF
Gartner 2017 London: How to re-invent your IT Architecture?
LeanIX GmbH
 
PPTX
Reversing malware analysis training part2 introduction to windows internals
Cysinfo Cyber Security Community
 
PDF
Application Deployment at UC Riverside
Michael Kennedy
 
PPT
Docker introduction
Phuc Nguyen
 
PPTX
Software Architectures, Week 3 - Microservice-based Architectures
Angelos Kapsimanis
 
PDF
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
Precisely
 
Developing highly scalable applications with Symfony and RabbitMQ
Alexey Petrov
 
CloudStack EU user group - Trillian
ShapeBlue
 
Linux Malware Analysis
Cysinfo Cyber Security Community
 
Chicago AWS user group meetup - May 2014 at Cohesive
AWS Chicago
 
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
Gaurav Srivastav
 
Aws + Puppet = Dynamic Scale
Puppet
 
e-Extortion Trends and Defense
Erik Iker
 
Astricon 2016 - Scaling ARI and Production
Dan Jenkins
 
Python Pants Build System for Large Codebases
Angad Singh
 
Apache Ambari: Managing Hadoop and YARN
Hortonworks
 
Bridging the Gap: Connecting AWS and Kafka
Pengfei (Jason) Li
 
Powerupcloud - Customer Case Studies
Jonathyan Maas ☁
 
Platform - Technical architecture
David Rundle
 
Jake Fox Pd. 5
LigScience2
 
Gartner 2017 London: How to re-invent your IT Architecture?
LeanIX GmbH
 
Reversing malware analysis training part2 introduction to windows internals
Cysinfo Cyber Security Community
 
Application Deployment at UC Riverside
Michael Kennedy
 
Docker introduction
Phuc Nguyen
 
Software Architectures, Week 3 - Microservice-based Architectures
Angelos Kapsimanis
 
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
Precisely
 
Ad

Similar to Automated Infrastructure Security: Monitoring using FOSS (20)

PDF
Automating Security in Cloud Workloads with DevSecOps
Kristana Kane
 
PPTX
AWS Security Architecture - Overview
Sai Kesavamatham
 
PDF
Advanced Security Automation Made Simple
Mark Nunnikhoven
 
PPTX
Automating AWS security and compliance
John Varghese
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
PDF
Shared Responsibility In Action
Mark Nunnikhoven
 
PPTX
5 minutes on security
CloudHesive
 
PPTX
AWS Lambda Security Inside & Out
PureSec
 
PDF
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
apidays
 
PPTX
Security Risk Advisors - BSides PGH 2018 - Red Team SIEM
Douglas Webster
 
PDF
Threat stack aws
Jen Andre
 
PDF
Pragmatic Cloud Security Automation
CloudVillage
 
PDF
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Chicago
 
PPTX
Stephen Sadowski - Securely automating infrastructure in the cloud
DevSecCon
 
PPTX
Automating your AWS Security Operations
Evident.io
 
PDF
Serverless Security Automation on AWS - Hamburg AWS User Group
Dennis Traub
 
PPTX
Cloud Security (AWS)
Scott Arveseth
 
PPTX
Ghost Environment
PratipD
 
PDF
Practical AWS Security - Scott Hogg
Trish McGinity, CCSK
 
PDF
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
Automating Security in Cloud Workloads with DevSecOps
Kristana Kane
 
AWS Security Architecture - Overview
Sai Kesavamatham
 
Advanced Security Automation Made Simple
Mark Nunnikhoven
 
Automating AWS security and compliance
John Varghese
 
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
Shared Responsibility In Action
Mark Nunnikhoven
 
5 minutes on security
CloudHesive
 
AWS Lambda Security Inside & Out
PureSec
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
apidays
 
Security Risk Advisors - BSides PGH 2018 - Red Team SIEM
Douglas Webster
 
Threat stack aws
Jen Andre
 
Pragmatic Cloud Security Automation
CloudVillage
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Chicago
 
Stephen Sadowski - Securely automating infrastructure in the cloud
DevSecCon
 
Automating your AWS Security Operations
Evident.io
 
Serverless Security Automation on AWS - Hamburg AWS User Group
Dennis Traub
 
Cloud Security (AWS)
Scott Arveseth
 
Ghost Environment
PratipD
 
Practical AWS Security - Scott Hogg
Trish McGinity, CCSK
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 

More from Sonatype (20)

PPTX
DevOps Days Columbus - Derek Weeks - 2019
Sonatype
 
PDF
2019 DevSecOps Reference Architectures
Sonatype
 
PDF
RSAC DevSecOpsDays 2018 - We are all Equifax
Sonatype
 
PPTX
DevSecOps reference architectures 2018
Sonatype
 
PDF
30+ Nexus Integrations to Accelerate DevOps
Sonatype
 
PDF
2017 DevSecOps Survey
Sonatype
 
PPTX
Starting and Scaling DevOps In the Enterprise
Sonatype
 
PPTX
DevOps Friendly Doc Publishing for APIs & Microservices
Sonatype
 
PDF
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
Sonatype
 
PPTX
DevOps and All the Continuouses w/ Helen Beal
Sonatype
 
PDF
Serverless and the Way Forward
Sonatype
 
PDF
A Small Association's Journey to DevOps w/ Edward Ruiz
Sonatype
 
PDF
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Sonatype
 
PDF
Getting out of the Job Jungle with Jenkins
Sonatype
 
PDF
Modern Infrastructure Automation
Sonatype
 
PDF
Continuous Everyone: Engaging People Across the Continuous Pipeline
Sonatype
 
PDF
The Road to Continuous Deployment
Sonatype
 
PDF
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...
Sonatype
 
PDF
I, For One, Welcome Our New Robot Overlords
Sonatype
 
PDF
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...
Sonatype
 
DevOps Days Columbus - Derek Weeks - 2019
Sonatype
 
2019 DevSecOps Reference Architectures
Sonatype
 
RSAC DevSecOpsDays 2018 - We are all Equifax
Sonatype
 
DevSecOps reference architectures 2018
Sonatype
 
30+ Nexus Integrations to Accelerate DevOps
Sonatype
 
2017 DevSecOps Survey
Sonatype
 
Starting and Scaling DevOps In the Enterprise
Sonatype
 
DevOps Friendly Doc Publishing for APIs & Microservices
Sonatype
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
Sonatype
 
DevOps and All the Continuouses w/ Helen Beal
Sonatype
 
Serverless and the Way Forward
Sonatype
 
A Small Association's Journey to DevOps w/ Edward Ruiz
Sonatype
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Sonatype
 
Getting out of the Job Jungle with Jenkins
Sonatype
 
Modern Infrastructure Automation
Sonatype
 
Continuous Everyone: Engaging People Across the Continuous Pipeline
Sonatype
 
The Road to Continuous Deployment
Sonatype
 
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...
Sonatype
 
I, For One, Welcome Our New Robot Overlords
Sonatype
 
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...
Sonatype
 

Recently uploaded (20)

PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PPTX
Materi_Pemrograman_Komputer-Looping.pptx
RanuFajar1
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
DOCX
The Five Best AI Cover Tools in 2025.docx
aivoicelabofficial
 
PPTX
Presentation of Computer CLASS 2 .pptx
darshilchaudhary558
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PDF
Build Multi-agent using Agent Development Kit
FadyIbrahim23
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
IEEE-CS Tech Predictions, SWEBOK and Quantum Software: Towards Q-SWEBOK
Hironori Washizaki
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PPTX
AIRLINE PRICE API | FLIGHT API COST |
philipnathen82
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Materi_Pemrograman_Komputer-Looping.pptx
RanuFajar1
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
The Five Best AI Cover Tools in 2025.docx
aivoicelabofficial
 
Presentation of Computer CLASS 2 .pptx
darshilchaudhary558
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
Build Multi-agent using Agent Development Kit
FadyIbrahim23
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
IEEE-CS Tech Predictions, SWEBOK and Quantum Software: Towards Q-SWEBOK
Hironori Washizaki
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
AIRLINE PRICE API | FLIGHT API COST |
philipnathen82
 

Automated Infrastructure Security: Monitoring using FOSS