Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Elevated By Ahmed AbuGharbia

AWS MENA Community
September 25, 2020
Technology
2
56

Security Elevated By Ahmed AbuGharbia

Security Elevated
By Ahmed AbuGharbia

AWS MENA Community

September 25, 2020
Tweet

More Decks by AWS MENA Community

See All by AWS MENA Community
AWS UG DXB 2021 container series- IV
awsmena
1
73
Building Modern Applications on AWS with Persistent Storage
awsmena
0
45
Getting started with AWS Device Farm and Selenium WebDriver
awsmena
3
1k
Terraform CICD Best Practices
awsmena
2
80
How to select the righ EBS?
awsmena
1
70
AWS MENA Community Day - GitOps on AWS_ Codifying multi-cloud operations
awsmena
0
78
Serverless SaaS By Ali El Kontar
awsmena
1
68
Continuous verification for serverless applications By Gunnar Grosch
awsmena
1
32
AI/ML on AWS By Ahmed Raafat
awsmena
1
97

Other Decks in Technology

See All in Technology
なんで、私がAWS Heroに!? 〜社外の広い世界に一歩踏み出そう〜
minorun365
PRO
4
860
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
49k
WINTICKETアプリで実現した高可用性と高速リリースを支えるエコシステム / winticket-eco-system
cyberagentdevelopers
PRO
1
180
生成AIの強みと弱みを理解して、生成AIがもたらすパワーをプロダクトの価値へ繋げるために実践したこと / advance-ai-generating
cyberagentdevelopers
PRO
0
140
わたしとトラックポイント / TrackPoint tips
masahirokawahara
1
220
サイロ化した金融システムを、packwerk を利用して無事故でリファクタリングした話
coincheck_recruit
3
3.5k
日経電子版におけるリアルタイムレコメンドシステム開発の事例紹介/nikkei-realtime-recommender-system
yng87
0
190
で、ValhallaのValue Classってどうなったの?
skrb
1
600
AI Builder について
miyakemito
1
140
TinyMLの技術動向
kyotomon
2
280
現実のRuby/Railsアップグレード
takeyuweb
3
4.8k
フルカイテン株式会社 採用資料
fullkaiten
0
36k

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
32
1.8k
Building Better People: How to give real-time feedback that sticks.
wjessup
363
19k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.1k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
3
360
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Why You Should Never Use an ORM
jnunemaker
PRO
53
9k
YesSQL, Process and Tooling at Scale
rocio
167
14k
How to train your dragon (web standard)
notwaldorf
88
5.6k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k

Transcript

  1. Security Elevated MENA AWS Community Day 2020

  2. ◦ Passionate about security since high school ◦ 12 years

    in Security ◦ “Discovered” the cloud and fell in love! ◦ Managed Security Services, Sirius computer Solutions ◦ A Jiu Jitsu Practitioner ◦ Look me up on Linkedin ▪ https://www.linkedin.com/in/ahmadabugharbieh/ ▪ Email: [email protected] Ahmed Abugharbia

  3. Broadcasting from Chicago

  4. Agenda • Traditional Security • Cloud Security Challenges • Approaching

    Cloud Security

  5. Traditional Security • Network Security • Vulnerability Management • Security

    Operation Centers • Red Team (Penetration Testers) • Applications Security • Governance and Compliance

  6. AWS Cloud • AWS Cloud is just different ◦ Agile

    ◦ Fast ◦ Comprehensive ( So many Services) ◦ Changes often ◦ New Terminology

  7. New concepts • EC2 Instances • S3 Buckets • Containers

    • Lambdas • API Gateways • And much more

  8. We went from this:

  9. To something like this:

  10. So what has changed? Less emphasis on network security •

    Smaller Attack surface • New “types” of infrastructure ◦ API Gateways, S3s, Lambda • Attackers’ focus is shifting

  11. So what has changed? More emphasis on Application Security •

    New attack vectors ◦ AWS Infra related ◦ Applications related

  12. So what has changed? Infrastructure as code • DevOps Integrated

    security (DevSecOps) • Faster Changes • Easier to Audit?

  13. So what has changed? Security as code • Automated remediation

    • Automated Incident response

  14. How to deal with this? • Learning • Adapt •

    Don't be a blocker

  15. Shared Responsibility Model

  16. Approaching Cloud Security Secure by default • Cloud Security Framework

    • DevOps Pipelines • Security Pipelines

  17. Approaching Cloud Security Manage Access • Who has access? •

    Is access too permissive?

  18. Approaching Cloud Security Code Version Control • Access to Repos

    • Secrets in Github • Public Code

  19. Approaching Cloud Security Secrets Management • SSM • Hashicorp Vault

  20. Approaching Cloud Security Logging • Cloud watch • Cloud Trail

    • VPC Flow • S3 Access Logs

  21. Approaching Cloud Security Incident Handling • IH Plan ◦ Detect

    Incidents ◦ Respond to Incident • IH as Code

  22. Utilize Native Services • IAM • KMS • GuardDuty •

    Cognito • WAf & Shield • Security Hub

  23. Utilize Third party tools • Cloud Custodian ◦ https://cloudcustodian.io/ •

    Security Monkey ◦ https://github.com/Netflix/se curity_monkey • A Secure Cloud ◦ https://asecure.cloud/

  24. Summary • Everything is faster as code • Cloud Elevated

    Development • With that, Security was Elevated