2nd Sight Lab, profile picture
Uploaded by2nd Sight Lab
PPTX, PDF958 views

AWS Security Ideas - re:Invent 2016

The document provides security strategies for enhancing cloud security, emphasizing the importance of designing systems with security in mind. Key recommendations include centralizing security functions, implementing automated checks, utilizing immutable infrastructure, and ensuring effective key management. It also highlights the need for thorough endpoint security and maintaining secure logs to prevent breaches and intrusions.

Downloaded 21 times
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Teri Radichel | @teriradichel 11/28/2016 AWS Security Ideas Leverage The Platform - Enhance Security
Many companies have gotten past the belief that the cloud is not secure... But you still have to secure it. Here are some ideas for a more secure cloud. @teriradichel
Architect Systems For Security First If system is designed by security professionals, Security is built in from the ground up. @teriradichel
Centralize and Automate Security Functions Manage security via trained professionals. Limit mistakes due to lack of knowledge. @teriradichel
Build System as Gatekeeper If changes have to go through gatekeeper… Every change can be monitored. @teriradichel
Build System as Security Training System Automate security checks at deployment… Train developers at the point of action. @teriradichel
Leverage Event Driven Security Automation Monitor for unwanted behavior… Automatically respond. @teriradichel
Separation of Duties by Design If it takes multiple people to make a mistake… Chances are someone will catch the problem. @teriradichel
Immutable Infrastructure If it cannot change once it has been deployed… Malware cannot be installed after deployment. @teriradichel
Eliminate Published CVEs According to 2016 Verizon Data Breach Report: Known CVEs cause majority of breaches. @teriradichel
A Key is a Password Keys: brute forced, lost, shared, stolen. RBAC may be more easily managed. @teriradichel
Use Key Hierarchies Limit use of each key to subset of data. If one key is stolen, limits the damage. @teriradichel
Make It Easy For Developers Automate common security related functions. Simplify: authenticate, log, encrypt, deploy. @teriradichel
Consider Process vs. Technical Controls Think encrypting data in memory. May be more feasible to secure via process. @teriradichel
Think About Who Can Change Controls If the control can be changed by lots of people… It is not an effective control. @teriradichel
Understand Reconnaissance Network scans look for vulnerabilities to attack. Secure all endpoints. @teriradichel
The Benefit of Network Security A kernel mode root kit makes machines lie. The network doesn’t lie. @teriradichel
Most Developers != Network Professionals Implementing is not the same as securing. One hole in the fence enables intrusion. @teriradichel
Secure Your Logs Write once, read only, replicated. Ensure logs are not missing or deceiving. @teriradichel
Thank you! Teri Radichel | WatchGuard Technologies | @teriradichel

More Related Content

PPTX
Are You Ready for a Cloud Pentest?
by2nd Sight Lab
 
PPTX
Top 5 Priorities for Cloud Security
by2nd Sight Lab
 
PPTX
Threat Hunting on AWS using Azure Sentinel
byAshwin Patil, GCIH, GCIA, GCFE
 
PPTX
AWS Security Strategy
by2nd Sight Lab
 
PPT
Encryption in the Cloud
bySVForum Cloud SIG
 
PPTX
The Threat Is Real. Protect Yourself.
by2nd Sight Lab
 
PPTX
Locking Down Your Cloud
by2nd Sight Lab
 
PPTX
Agile Network India | DevSecOps - The What and the Why | Ritesh Shregill
byAgileNetwork
 
Are You Ready for a Cloud Pentest?
by2nd Sight Lab
 
Top 5 Priorities for Cloud Security
by2nd Sight Lab
 
Threat Hunting on AWS using Azure Sentinel
byAshwin Patil, GCIH, GCIA, GCFE
 
AWS Security Strategy
by2nd Sight Lab
 
Encryption in the Cloud
bySVForum Cloud SIG
 
The Threat Is Real. Protect Yourself.
by2nd Sight Lab
 
Locking Down Your Cloud
by2nd Sight Lab
 
Agile Network India | DevSecOps - The What and the Why | Ritesh Shregill
byAgileNetwork
 

What's hot

PPTX
Azure Sentinel
byCheah Eng Soon
 
PPTX
#ALSummit: Realities of Security in the Cloud
byAlert Logic
 
PPTX
CSS 17: NYC - Realities of Security in the Cloud
byAlert Logic
 
PPTX
Lacework Overview: Security Redefined for Cloud Scale
byLacework
 
PPTX
Azure Sentinel with Office 365
byCheah Eng Soon
 
PDF
Lacework slides from AWS Meetups
byJohn Varghese
 
PDF
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
byElasticsearch
 
PPTX
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
byAlert Logic
 
PPTX
#ALSummit: Architecting Security into your AWS Environment
byAlert Logic
 
PPTX
Lacework for AWS Security Overview
byLacework
 
PPTX
Azure sentinal
byAllied Consultants
 
PDF
Advanced Security Automation Made Simple
byMark Nunnikhoven
 
PPTX
Simplicity in Hybrid IT Environments – A Security Oxymoron?
byTripwire
 
PDF
Palestra de abertura: Evolução e visão do Elastic Security
byElasticsearch
 
PPTX
The New Security Practitioner
byAdrian Sanabria
 
PDF
Extending Amazon GuardDuty with Cloud Insight Essentials
byAlert Logic
 
PDF
RSA 2014: Skybox Security Risk Analytics Overview
bySkybox Security
 
PDF
Elastic Security: Enterprise Protection Built on the Elastic Stack
byElasticsearch
 
PPTX
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
byAlert Logic
 
PPTX
Protect Office 365 with Azure Sentinel
byNanddeep Nachan
 
Azure Sentinel
byCheah Eng Soon
 
#ALSummit: Realities of Security in the Cloud
byAlert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
byAlert Logic
 
Lacework Overview: Security Redefined for Cloud Scale
byLacework
 
Azure Sentinel with Office 365
byCheah Eng Soon
 
Lacework slides from AWS Meetups
byJohn Varghese
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
byElasticsearch
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
byAlert Logic
 
#ALSummit: Architecting Security into your AWS Environment
byAlert Logic
 
Lacework for AWS Security Overview
byLacework
 
Azure sentinal
byAllied Consultants
 
Advanced Security Automation Made Simple
byMark Nunnikhoven
 
Simplicity in Hybrid IT Environments – A Security Oxymoron?
byTripwire
 
Palestra de abertura: Evolução e visão do Elastic Security
byElasticsearch
 
The New Security Practitioner
byAdrian Sanabria
 
Extending Amazon GuardDuty with Cloud Insight Essentials
byAlert Logic
 
RSA 2014: Skybox Security Risk Analytics Overview
bySkybox Security
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
byElasticsearch
 
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
byAlert Logic
 
Protect Office 365 with Azure Sentinel
byNanddeep Nachan
 

Similar to AWS Security Ideas - re:Invent 2016

PPTX
AWS Cloud Security
byAWS Riyadh User Group
 
PPTX
Application security meetup - cloud security best practices 24062021
bylior mazor
 
PPTX
Automating your AWS Security Operations
byEvident.io
 
PDF
Beginning AWS Security 1st Edition Tasha Penwell
byreitalanduym
 
PDF
Beginning AWS Security 1st Edition Tasha Penwell
bywazirauhchu
 
PPTX
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
PDF
Beginning AWS Security 1st Edition Tasha Penwell
bycerkfpka1242
 
PPTX
Security on AWS
byCloudHesive
 
PPTX
Security on AWS, 2021 Edition Meetup
byCloudHesive
 
PPT
Aws training in bangalore
byapponix123
 
PPTX
Cloud security - the most vital today for your business and product that uses...
byJames DeLuccia IV
 
PDF
Information Security Risk Management
byipspat
 
PPTX
Privacies are Coming
byErnest Staats
 
PPTX
Securing the cloud and your assets
byMarcus Dempsey
 
PPTX
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
byGarth Boyd
 
PPTX
Stu Hirst - Thinking Out cLoud July 2019
byStu Hirst
 
PPTX
Security on AWS, 2021 Edition Meetup
byCloudHesive
 
PDF
Security Best Practices_John Hildebrandt
byHelen Rogers
 
PPTX
AWS Spotlight Series - Modernization and Security with AWS
byCloudHesive
 
PPTX
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
byCloudHesive
 
AWS Cloud Security
byAWS Riyadh User Group
 
Application security meetup - cloud security best practices 24062021
bylior mazor
 
Automating your AWS Security Operations
byEvident.io
 
Beginning AWS Security 1st Edition Tasha Penwell
byreitalanduym
 
Beginning AWS Security 1st Edition Tasha Penwell
bywazirauhchu
 
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
Beginning AWS Security 1st Edition Tasha Penwell
bycerkfpka1242
 
Security on AWS
byCloudHesive
 
Security on AWS, 2021 Edition Meetup
byCloudHesive
 
Aws training in bangalore
byapponix123
 
Cloud security - the most vital today for your business and product that uses...
byJames DeLuccia IV
 
Information Security Risk Management
byipspat
 
Privacies are Coming
byErnest Staats
 
Securing the cloud and your assets
byMarcus Dempsey
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
byGarth Boyd
 
Stu Hirst - Thinking Out cLoud July 2019
byStu Hirst
 
Security on AWS, 2021 Edition Meetup
byCloudHesive
 
Security Best Practices_John Hildebrandt
byHelen Rogers
 
AWS Spotlight Series - Modernization and Security with AWS
byCloudHesive
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
byCloudHesive
 

More from 2nd Sight Lab

PPTX
Threat Modeling a Batch Job System - AWS Security Community Day
by2nd Sight Lab
 
PPTX
AzureSecurity - Day3 - Storage And Key Vault
by2nd Sight Lab
 
PPTX
Azure Security - Day5 - Governance And Architecture
by2nd Sight Lab
 
PPTX
Azure for Auditors
by2nd Sight Lab
 
PPTX
AzureSecurity Day4 Compute And Application Service Security
by2nd Sight Lab
 
PPTX
AzureSecurity Day1: Identity and Access Management
by2nd Sight Lab
 
PPTX
AzureSecurity - Day2 - Azure Network Security
by2nd Sight Lab
 
PPTX
Azure Security - Day6 - Operations And Risk
by2nd Sight Lab
 
PPTX
Threat Modeling a Batch Job Framework - Teri Radichel - AWS re:Inforce 2025
by2nd Sight Lab
 
PPTX
So You Want a Job in Cybersecurity
by2nd Sight Lab
 
PPTX
Are you ready for a cloud pentest? AWS re:Inforce 2019
by2nd Sight Lab
 
PPTX
Cross-Cloud Comparison and Security Notes
by2nd Sight Lab
 
PPTX
Cloud Offense Informs Cloud Defense.pptx
by2nd Sight Lab
 
PPTX
Top Priorities for Cloud Application Security
by2nd Sight Lab
 
PPTX
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
by2nd Sight Lab
 
PPTX
Serverless Attack Vectors
by2nd Sight Lab
 
PPTX
Red Team vs. Blue Team on AWS ~ re:Invent 2018
by2nd Sight Lab
 
PPTX
How the Cloud Changes Cyber Security
by2nd Sight Lab
 
PPTX
Red Team vs Blue Team on AWS - RSA 2018
by2nd Sight Lab
 
PPTX
Real World Cloud Compromise
by2nd Sight Lab
 
Threat Modeling a Batch Job System - AWS Security Community Day
by2nd Sight Lab
 
AzureSecurity - Day3 - Storage And Key Vault
by2nd Sight Lab
 
Azure Security - Day5 - Governance And Architecture
by2nd Sight Lab
 
Azure for Auditors
by2nd Sight Lab
 
AzureSecurity Day4 Compute And Application Service Security
by2nd Sight Lab
 
AzureSecurity Day1: Identity and Access Management
by2nd Sight Lab
 
AzureSecurity - Day2 - Azure Network Security
by2nd Sight Lab
 
Azure Security - Day6 - Operations And Risk
by2nd Sight Lab
 
Threat Modeling a Batch Job Framework - Teri Radichel - AWS re:Inforce 2025
by2nd Sight Lab
 
So You Want a Job in Cybersecurity
by2nd Sight Lab
 
Are you ready for a cloud pentest? AWS re:Inforce 2019
by2nd Sight Lab
 
Cross-Cloud Comparison and Security Notes
by2nd Sight Lab
 
Cloud Offense Informs Cloud Defense.pptx
by2nd Sight Lab
 
Top Priorities for Cloud Application Security
by2nd Sight Lab
 
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
by2nd Sight Lab
 
Serverless Attack Vectors
by2nd Sight Lab
 
Red Team vs. Blue Team on AWS ~ re:Invent 2018
by2nd Sight Lab
 
How the Cloud Changes Cyber Security
by2nd Sight Lab
 
Red Team vs Blue Team on AWS - RSA 2018
by2nd Sight Lab
 
Real World Cloud Compromise
by2nd Sight Lab
 

Recently uploaded

PDF
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
PDF
Dev Dives: Unlocking Enterprise Data with UiPath Data Fabric
byUiPathCommunity
 
PDF
GDG Cloud Southlake #47: Bala Desikan: Build Autonomous Agentic AI Apps on GCP
byJames Anderson
 
PDF
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PPTX
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 
PDF
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
PDF
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
PDF
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
PPTX
Practical tips for keeping your C# code base clean
byDennis Doomen
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PDF
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
PDF
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
DOCX
The Rise of AI-Powered Software Development
byordersoftwarekeys
 
PDF
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
PPTX
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
PDF
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
PDF
OpenObserve as a replacement for Elasticsearch
byAlireza Kamrani
 
PPTX
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
PDF
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
Dev Dives: Unlocking Enterprise Data with UiPath Data Fabric
byUiPathCommunity
 
GDG Cloud Southlake #47: Bala Desikan: Build Autonomous Agentic AI Apps on GCP
byJames Anderson
 
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
Practical tips for keeping your C# code base clean
byDennis Doomen
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
The Rise of AI-Powered Software Development
byordersoftwarekeys
 
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
OpenObserve as a replacement for Elasticsearch
byAlireza Kamrani
 
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 

AWS Security Ideas - re:Invent 2016

  • 1.
    © 2016, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Teri Radichel | @teriradichel 11/28/2016 AWS Security Ideas Leverage The Platform - Enhance Security
  • 2.
    Many companies havegotten past the belief that the cloud is not secure... But you still have to secure it. Here are some ideas for a more secure cloud. @teriradichel
  • 3.
    Architect Systems ForSecurity First If system is designed by security professionals, Security is built in from the ground up. @teriradichel
  • 4.
    Centralize and AutomateSecurity Functions Manage security via trained professionals. Limit mistakes due to lack of knowledge. @teriradichel
  • 5.
    Build System asGatekeeper If changes have to go through gatekeeper… Every change can be monitored. @teriradichel
  • 6.
    Build System asSecurity Training System Automate security checks at deployment… Train developers at the point of action. @teriradichel
  • 7.
    Leverage Event DrivenSecurity Automation Monitor for unwanted behavior… Automatically respond. @teriradichel
  • 8.
    Separation of Dutiesby Design If it takes multiple people to make a mistake… Chances are someone will catch the problem. @teriradichel
  • 9.
    Immutable Infrastructure If itcannot change once it has been deployed… Malware cannot be installed after deployment. @teriradichel
  • 10.
    Eliminate Published CVEs Accordingto 2016 Verizon Data Breach Report: Known CVEs cause majority of breaches. @teriradichel
  • 11.
    A Key isa Password Keys: brute forced, lost, shared, stolen. RBAC may be more easily managed. @teriradichel
  • 12.
    Use Key Hierarchies Limituse of each key to subset of data. If one key is stolen, limits the damage. @teriradichel
  • 13.
    Make It EasyFor Developers Automate common security related functions. Simplify: authenticate, log, encrypt, deploy. @teriradichel
  • 14.
    Consider Process vs.Technical Controls Think encrypting data in memory. May be more feasible to secure via process. @teriradichel
  • 15.
    Think About WhoCan Change Controls If the control can be changed by lots of people… It is not an effective control. @teriradichel
  • 16.
    Understand Reconnaissance Network scanslook for vulnerabilities to attack. Secure all endpoints. @teriradichel
  • 17.
    The Benefit ofNetwork Security A kernel mode root kit makes machines lie. The network doesn’t lie. @teriradichel
  • 18.
    Most Developers !=Network Professionals Implementing is not the same as securing. One hole in the fence enables intrusion. @teriradichel
  • 19.
    Secure Your Logs Writeonce, read only, replicated. Ensure logs are not missing or deceiving. @teriradichel
  • 20.
    Thank you! Teri Radichel| WatchGuard Technologies | @teriradichel