SlideShare ist ein Scribd-Unternehmen logo

Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 - AWS re:Inforce 2019

Amazon Web Services
Amazon Web Services

Liberty Mutual is opinionated about how application teams deliver and deploy code into AWS. Applications must be able to secure all data types, meet security standards, and deploy via automation. Radar is an event-driven, rules-based service for validating and remediating AWS cloud resources, and it ensures that security standards are enforced. In this session, learn about Radar, which is built on AWS and designed to ensure compliance across hundreds of AWS accounts in 14 regions while providing flexibility for rule variation. Whether risks are prevented during continuous integration or detected upon deployment and remediated, the goal is the same: all policy is enforced at the earliest moment of risk.

1 von 19
Downloaden Sie, um offline zu lesen
© 2019,Liberty Mutual Insurance Company Presenting Radar: Validation and remediation of AWS cloud resources Jason Mahosky Technologist Secure DevOps Platforms Liberty Mutual Insurance Twitter: @jmahosky G R C 3 4 3 Jai Schniepp Director of Product Secure DevOps Platforms Liberty Mutual Insurance Twitter: @jebbstudio
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How we use AWS ▪ 14 regions ▪ 157 accounts ▪ 187 VPCs ▪ 6,795 Amazon EC2 instances ▪ 2,139 Amazon RDS instances
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How many of you have unencrypted S3 buckets in your environment?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Who has instances that have been running since 2015?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Anyone have access keys in use older than 90 days?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Do you know the risk profile of your entire AWS footprint?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Does the security team need to be the department of no?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security documented everything.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. “Dance like no one is watching. Encrypt like everyone is.” – Werner Vogels
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. One of the greatest concerns security teams have in moving to developer- managed infrastructure is the possibility of well-intentioned developers implementing misconfigurations that could expose systems or data to enhanced risk.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Automating policy enables teams to scale.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. We are enforcing security policy—as code. Prevent Detect Correct Remediate Enforce Visualize
© 2019,Liberty Mutual Insurance Company s3-encrypted: action: enableEncryption remediate-report: true trigger-events: - name: 'CreateBucket' - name: 'DeleteBucketEncryption' Policy as code
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Radar ▪ Rules engine ▪ Declarative ▪ Event-driven ▪ Active reporting
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Radar architecture Account Region Y Cloud Account Region X Region X Region Y Region Y Region Y
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Policy coverage ?
© 2019,Liberty Mutual Insurance Company
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Radar forecast ▪ Rules ▪ Operational excellence ▪ Alternatives
Thank you! © 2019,Liberty Mutual Insurance Company

Empfohlen

Contactless tachometer
Contactless tachometerContactless tachometer
Contactless tachometerpradeepyadav380
 
BCD,GRAY and EXCESS 3 codes
BCD,GRAY and EXCESS 3 codesBCD,GRAY and EXCESS 3 codes
BCD,GRAY and EXCESS 3 codesstudent
 
Lecture 08
Lecture 08Lecture 08
Lecture 08Sehrish Rafiq
 
Traffic information system
Traffic information systemTraffic information system
Traffic information systemPresi
 
Adders
AddersAdders
Adderskitturashmikittu
 
TRAFFIC SIMULATION AT TOLL ROAD SECTION USING VISSIM SOFTWARE
TRAFFIC SIMULATION AT TOLL ROAD SECTION USING VISSIM SOFTWARETRAFFIC SIMULATION AT TOLL ROAD SECTION USING VISSIM SOFTWARE
TRAFFIC SIMULATION AT TOLL ROAD SECTION USING VISSIM SOFTWAREshrikrishna kesharwani
 
IRJET- Automatic Engine Locking System through Alcohol Detection in Ardui...
IRJET- Automatic Engine Locking System through Alcohol Detection in Ardui...IRJET- Automatic Engine Locking System through Alcohol Detection in Ardui...
IRJET- Automatic Engine Locking System through Alcohol Detection in Ardui...IRJET Journal
 
ACCIDENT PREVENTION AND DETECTION SYSTEM
ACCIDENT PREVENTION AND DETECTION SYSTEMACCIDENT PREVENTION AND DETECTION SYSTEM
ACCIDENT PREVENTION AND DETECTION SYSTEManand bedre
 

Empfohlen

Contactless tachometer
Contactless tachometerContactless tachometer
Contactless tachometerpradeepyadav380
 
BCD,GRAY and EXCESS 3 codes
BCD,GRAY and EXCESS 3 codesBCD,GRAY and EXCESS 3 codes
BCD,GRAY and EXCESS 3 codesstudent
 
Lecture 08
Lecture 08Lecture 08
Lecture 08Sehrish Rafiq
 
Traffic information system
Traffic information systemTraffic information system
Traffic information systemPresi
 
Adders
AddersAdders
Adderskitturashmikittu
 
TRAFFIC SIMULATION AT TOLL ROAD SECTION USING VISSIM SOFTWARE
TRAFFIC SIMULATION AT TOLL ROAD SECTION USING VISSIM SOFTWARETRAFFIC SIMULATION AT TOLL ROAD SECTION USING VISSIM SOFTWARE
TRAFFIC SIMULATION AT TOLL ROAD SECTION USING VISSIM SOFTWAREshrikrishna kesharwani
 
IRJET- Automatic Engine Locking System through Alcohol Detection in Ardui...
IRJET- Automatic Engine Locking System through Alcohol Detection in Ardui...IRJET- Automatic Engine Locking System through Alcohol Detection in Ardui...
IRJET- Automatic Engine Locking System through Alcohol Detection in Ardui...IRJET Journal
 
ACCIDENT PREVENTION AND DETECTION SYSTEM
ACCIDENT PREVENTION AND DETECTION SYSTEMACCIDENT PREVENTION AND DETECTION SYSTEM
ACCIDENT PREVENTION AND DETECTION SYSTEManand bedre
 
adc dac converter
adc dac converteradc dac converter
adc dac converterGaurav Rai
 
Swiggy .. case study
Swiggy .. case studySwiggy .. case study
Swiggy .. case studyRajNandini20
 
geometric design ppt unit 3 (1).ppt
geometric design ppt unit 3 (1).pptgeometric design ppt unit 3 (1).ppt
geometric design ppt unit 3 (1).pptGate20241
 
Switches and LEDs interface to the 8051 microcontroller
Switches and LEDs interface to the 8051 microcontrollerSwitches and LEDs interface to the 8051 microcontroller
Switches and LEDs interface to the 8051 microcontrollerUniversity of Technology - Iraq
 
ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.
ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.
ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.bangaloretrpolice
 
Parallel Adder and Subtractor
Parallel Adder and SubtractorParallel Adder and Subtractor
Parallel Adder and SubtractorSmit Shah
 
Internet of Things Technology for Fire Monitoring System
Internet of Things Technology for Fire Monitoring SystemInternet of Things Technology for Fire Monitoring System
Internet of Things Technology for Fire Monitoring SystemIRJET Journal
 
Type of traffic signals Ppt
Type of traffic signals PptType of traffic signals Ppt
Type of traffic signals Pptrathodjaydeep2
 
8253,8254
8253,8254 8253,8254
8253,8254 jemimajerome
 
A new method to prevent accidents in railways using microcontroller based on
A new method to prevent accidents in railways using microcontroller based onA new method to prevent accidents in railways using microcontroller based on
A new method to prevent accidents in railways using microcontroller based onIAEME Publication
 
Binary parallel adder
Binary parallel adderBinary parallel adder
Binary parallel adderanu surya
 
Traffic flow model
Traffic flow modelTraffic flow model
Traffic flow modelHarikesh Kumar
 
Computer System Architecture Lecture Note 8.2 Cache Memory
Computer System Architecture Lecture Note 8.2 Cache MemoryComputer System Architecture Lecture Note 8.2 Cache Memory
Computer System Architecture Lecture Note 8.2 Cache MemoryBudditha Hettige
 
Fire Alarm, Smoke Detector and Automatic Sprinkle System
Fire Alarm, Smoke Detector and Automatic Sprinkle SystemFire Alarm, Smoke Detector and Automatic Sprinkle System
Fire Alarm, Smoke Detector and Automatic Sprinkle SystemKhairul Azhar
 
4 bit Binary to Gray converter using XOR
4 bit Binary to Gray converter using XOR4 bit Binary to Gray converter using XOR
4 bit Binary to Gray converter using XORArif, Mohammed Nazrul Islam
 
Traffic problem of Silchar
Traffic problem of SilcharTraffic problem of Silchar
Traffic problem of SilcharSuresh Bishnoi
 
Road Safety Challenges & Solutions
Road Safety Challenges & SolutionsRoad Safety Challenges & Solutions
Road Safety Challenges & SolutionsMohsin Ghori
 
Empathy-Based Personas: Shifting Your View from Inside-Out to Outside-In
Empathy-Based Personas: Shifting Your View from Inside-Out to Outside-InEmpathy-Based Personas: Shifting Your View from Inside-Out to Outside-In
Empathy-Based Personas: Shifting Your View from Inside-Out to Outside-InHilary Marsh, Content Company, Inc.
 
Traffic regulatory measures subjective assignment 2 - academic writing
Traffic regulatory measures subjective assignment 2 - academic writingTraffic regulatory measures subjective assignment 2 - academic writing
Traffic regulatory measures subjective assignment 2 - academic writingChockalingam T
 
Carvana auctioned kicked car prediction
Carvana auctioned kicked car predictionCarvana auctioned kicked car prediction
Carvana auctioned kicked car predictionSohil Shah
 
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Amazon Web Services LATAM
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSAmazon Web Services LATAM
 

Weitere ähnliche Inhalte

Was ist angesagt?

adc dac converter
adc dac converteradc dac converter
adc dac converterGaurav Rai
 
Swiggy .. case study
Swiggy .. case studySwiggy .. case study
Swiggy .. case studyRajNandini20
 
geometric design ppt unit 3 (1).ppt
geometric design ppt unit 3 (1).pptgeometric design ppt unit 3 (1).ppt
geometric design ppt unit 3 (1).pptGate20241
 
ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.
ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.
ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.bangaloretrpolice
 
Parallel Adder and Subtractor
Parallel Adder and SubtractorParallel Adder and Subtractor
Parallel Adder and SubtractorSmit Shah
 
Internet of Things Technology for Fire Monitoring System
Internet of Things Technology for Fire Monitoring SystemInternet of Things Technology for Fire Monitoring System
Internet of Things Technology for Fire Monitoring SystemIRJET Journal
 
Type of traffic signals Ppt
Type of traffic signals PptType of traffic signals Ppt
Type of traffic signals Pptrathodjaydeep2
 
A new method to prevent accidents in railways using microcontroller based on
A new method to prevent accidents in railways using microcontroller based onA new method to prevent accidents in railways using microcontroller based on
A new method to prevent accidents in railways using microcontroller based onIAEME Publication
 
Binary parallel adder
Binary parallel adderBinary parallel adder
Binary parallel adderanu surya
 
Computer System Architecture Lecture Note 8.2 Cache Memory
Computer System Architecture Lecture Note 8.2 Cache MemoryComputer System Architecture Lecture Note 8.2 Cache Memory
Computer System Architecture Lecture Note 8.2 Cache MemoryBudditha Hettige
 
Fire Alarm, Smoke Detector and Automatic Sprinkle System
Fire Alarm, Smoke Detector and Automatic Sprinkle SystemFire Alarm, Smoke Detector and Automatic Sprinkle System
Fire Alarm, Smoke Detector and Automatic Sprinkle SystemKhairul Azhar
 
Traffic problem of Silchar
Traffic problem of SilcharTraffic problem of Silchar
Traffic problem of SilcharSuresh Bishnoi
 
Road Safety Challenges & Solutions
Road Safety Challenges & SolutionsRoad Safety Challenges & Solutions
Road Safety Challenges & SolutionsMohsin Ghori
 
Empathy-Based Personas: Shifting Your View from Inside-Out to Outside-In
Empathy-Based Personas: Shifting Your View from Inside-Out to Outside-InEmpathy-Based Personas: Shifting Your View from Inside-Out to Outside-In
Empathy-Based Personas: Shifting Your View from Inside-Out to Outside-InHilary Marsh, Content Company, Inc.
 
Traffic regulatory measures subjective assignment 2 - academic writing
Traffic regulatory measures subjective assignment 2 - academic writingTraffic regulatory measures subjective assignment 2 - academic writing
Traffic regulatory measures subjective assignment 2 - academic writingChockalingam T
 
Carvana auctioned kicked car prediction
Carvana auctioned kicked car predictionCarvana auctioned kicked car prediction
Carvana auctioned kicked car predictionSohil Shah
 

Was ist angesagt? (20)

adc dac converter
adc dac converteradc dac converter
adc dac converter
 
Swiggy .. case study
Swiggy .. case studySwiggy .. case study
Swiggy .. case study
 
geometric design ppt unit 3 (1).ppt
geometric design ppt unit 3 (1).pptgeometric design ppt unit 3 (1).ppt
geometric design ppt unit 3 (1).ppt
 
Switches and LEDs interface to the 8051 microcontroller
Switches and LEDs interface to the 8051 microcontrollerSwitches and LEDs interface to the 8051 microcontroller
Switches and LEDs interface to the 8051 microcontroller
 
ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.
ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.
ROAD ACCIDENTS ANALYSIS REPORT FOR BANGALORE CITY, DTD 31.1.2014.
 
Parallel Adder and Subtractor
Parallel Adder and SubtractorParallel Adder and Subtractor
Parallel Adder and Subtractor
 
Internet of Things Technology for Fire Monitoring System
Internet of Things Technology for Fire Monitoring SystemInternet of Things Technology for Fire Monitoring System
Internet of Things Technology for Fire Monitoring System
 
Type of traffic signals Ppt
Type of traffic signals PptType of traffic signals Ppt
Type of traffic signals Ppt
 
8253,8254
8253,8254 8253,8254
8253,8254
 
A new method to prevent accidents in railways using microcontroller based on
A new method to prevent accidents in railways using microcontroller based onA new method to prevent accidents in railways using microcontroller based on
A new method to prevent accidents in railways using microcontroller based on
 
Binary parallel adder
Binary parallel adderBinary parallel adder
Binary parallel adder
 
Traffic flow model
Traffic flow modelTraffic flow model
Traffic flow model
 
Computer System Architecture Lecture Note 8.2 Cache Memory
Computer System Architecture Lecture Note 8.2 Cache MemoryComputer System Architecture Lecture Note 8.2 Cache Memory
Computer System Architecture Lecture Note 8.2 Cache Memory
 
Fire Alarm, Smoke Detector and Automatic Sprinkle System
Fire Alarm, Smoke Detector and Automatic Sprinkle SystemFire Alarm, Smoke Detector and Automatic Sprinkle System
Fire Alarm, Smoke Detector and Automatic Sprinkle System
 
4 bit Binary to Gray converter using XOR
4 bit Binary to Gray converter using XOR4 bit Binary to Gray converter using XOR
4 bit Binary to Gray converter using XOR
 
Traffic problem of Silchar
Traffic problem of SilcharTraffic problem of Silchar
Traffic problem of Silchar
 
Road Safety Challenges & Solutions
Road Safety Challenges & SolutionsRoad Safety Challenges & Solutions
Road Safety Challenges & Solutions
 
Empathy-Based Personas: Shifting Your View from Inside-Out to Outside-In
Empathy-Based Personas: Shifting Your View from Inside-Out to Outside-InEmpathy-Based Personas: Shifting Your View from Inside-Out to Outside-In
Empathy-Based Personas: Shifting Your View from Inside-Out to Outside-In
 
Traffic regulatory measures subjective assignment 2 - academic writing
Traffic regulatory measures subjective assignment 2 - academic writingTraffic regulatory measures subjective assignment 2 - academic writing
Traffic regulatory measures subjective assignment 2 - academic writing
 
Carvana auctioned kicked car prediction
Carvana auctioned kicked car predictionCarvana auctioned kicked car prediction
Carvana auctioned kicked car prediction
 

Ähnlich wie Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 - AWS re:Inforce 2019

Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Amazon Web Services LATAM
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSAmazon Web Services LATAM
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...Amazon Web Services LATAM
 
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...Amazon Web Services Korea
 
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 
Automate Security Event Management Using Trust-Based Decision Models - AWS Su...
Automate Security Event Management Using Trust-Based Decision Models - AWS Su...Automate Security Event Management Using Trust-Based Decision Models - AWS Su...
Automate Security Event Management Using Trust-Based Decision Models - AWS Su...Amazon Web Services
 
Threat Detection using artificial intelligence
Threat Detection using artificial intelligenceThreat Detection using artificial intelligence
Threat Detection using artificial intelligenceAmazon Web Services
 
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS SummitThreat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS SummitAmazon Web Services
 
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...Amazon Web Services
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayAmazon Web Services
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
 
AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.Amazon Web Services
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Amazon Web Services
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 

Ähnlich wie Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 - AWS re:Inforce 2019 (20)

Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
 
AWS Initiate: Security framework shakedown
AWS Initiate: Security framework shakedownAWS Initiate: Security framework shakedown
AWS Initiate: Security framework shakedown
 
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
 
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
 
Automate Security Event Management Using Trust-Based Decision Models - AWS Su...
Automate Security Event Management Using Trust-Based Decision Models - AWS Su...Automate Security Event Management Using Trust-Based Decision Models - AWS Su...
Automate Security Event Management Using Trust-Based Decision Models - AWS Su...
 
Threat Detection using artificial intelligence
Threat Detection using artificial intelligenceThreat Detection using artificial intelligence
Threat Detection using artificial intelligence
 
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS SummitThreat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
 
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
 
Automated Security Remediation
Automated Security RemediationAutomated Security Remediation
Automated Security Remediation
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...
 
AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 - AWS re:Inforce 2019

  • 1. © 2019,Liberty Mutual Insurance Company Presenting Radar: Validation and remediation of AWS cloud resources Jason Mahosky Technologist Secure DevOps Platforms Liberty Mutual Insurance Twitter: @jmahosky G R C 3 4 3 Jai Schniepp Director of Product Secure DevOps Platforms Liberty Mutual Insurance Twitter: @jebbstudio
  • 2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How we use AWS ▪ 14 regions ▪ 157 accounts ▪ 187 VPCs ▪ 6,795 Amazon EC2 instances ▪ 2,139 Amazon RDS instances
  • 3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How many of you have unencrypted S3 buckets in your environment?
  • 4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Who has instances that have been running since 2015?
  • 5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Anyone have access keys in use older than 90 days?
  • 6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Do you know the risk profile of your entire AWS footprint?
  • 7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Does the security team need to be the department of no?
  • 8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security documented everything.
  • 9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. “Dance like no one is watching. Encrypt like everyone is.” – Werner Vogels
  • 10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. One of the greatest concerns security teams have in moving to developer- managed infrastructure is the possibility of well-intentioned developers implementing misconfigurations that could expose systems or data to enhanced risk.
  • 11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Automating policy enables teams to scale.
  • 12. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. We are enforcing security policy—as code. Prevent Detect Correct Remediate Enforce Visualize
  • 13. © 2019,Liberty Mutual Insurance Company s3-encrypted: action: enableEncryption remediate-report: true trigger-events: - name: 'CreateBucket' - name: 'DeleteBucketEncryption' Policy as code
  • 14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Radar ▪ Rules engine ▪ Declarative ▪ Event-driven ▪ Active reporting
  • 15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Radar architecture Account Region Y Cloud Account Region X Region X Region Y Region Y Region Y
  • 16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Policy coverage ?
  • 17. © 2019,Liberty Mutual Insurance Company
  • 18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Radar forecast ▪ Rules ▪ Operational excellence ▪ Alternatives
  • 19. Thank you! © 2019,Liberty Mutual Insurance Company