Security Elevated By Ahmed AbuGharbia

Transcript

1. Security Elevated MENA AWS Community Day 2020

2. ◦ Passionate about security since high school ◦ 12 years

   in Security ◦ “Discovered” the cloud and fell in love! ◦ Managed Security Services, Sirius computer Solutions ◦ A Jiu Jitsu Practitioner ◦ Look me up on Linkedin ▪ https://www.linkedin.com/in/ahmadabugharbieh/ ▪ Email: [email protected] Ahmed Abugharbia

3. Broadcasting from Chicago

4. Agenda • Traditional Security • Cloud Security Challenges • Approaching

   Cloud Security

5. Traditional Security • Network Security • Vulnerability Management • Security

   Operation Centers • Red Team (Penetration Testers) • Applications Security • Governance and Compliance

6. AWS Cloud • AWS Cloud is just different ◦ Agile

   ◦ Fast ◦ Comprehensive ( So many Services) ◦ Changes often ◦ New Terminology

7. New concepts • EC2 Instances • S3 Buckets • Containers

   • Lambdas • API Gateways • And much more

8. We went from this:

9. To something like this:

10. So what has changed? Less emphasis on network security •

    Smaller Attack surface • New “types” of infrastructure ◦ API Gateways, S3s, Lambda • Attackers’ focus is shifting

11. So what has changed? More emphasis on Application Security •

    New attack vectors ◦ AWS Infra related ◦ Applications related

12. So what has changed? Infrastructure as code • DevOps Integrated

    security (DevSecOps) • Faster Changes • Easier to Audit?

13. So what has changed? Security as code • Automated remediation

    • Automated Incident response

14. How to deal with this? • Learning • Adapt •

    Don't be a blocker

15. Shared Responsibility Model

16. Approaching Cloud Security Secure by default • Cloud Security Framework

    • DevOps Pipelines • Security Pipelines

17. Approaching Cloud Security Manage Access • Who has access? •

    Is access too permissive?

18. Approaching Cloud Security Code Version Control • Access to Repos

    • Secrets in Github • Public Code

19. Approaching Cloud Security Secrets Management • SSM • Hashicorp Vault

20. Approaching Cloud Security Logging • Cloud watch • Cloud Trail

    • VPC Flow • S3 Access Logs

21. Approaching Cloud Security Incident Handling • IH Plan ◦ Detect

    Incidents ◦ Respond to Incident • IH as Code

22. Utilize Native Services • IAM • KMS • GuardDuty •

    Cognito • WAf & Shield • Security Hub

23. Utilize Third party tools • Cloud Custodian ◦ https://cloudcustodian.io/ •

    Security Monkey ◦ https://github.com/Netflix/se curity_monkey • A Secure Cloud ◦ https://asecure.cloud/

24. Summary • Everything is faster as code • Cloud Elevated

    Development • With that, Security was Elevated