SlideShare a Scribd company logo

AWS Security Week | Getting to Continuous Security and Compliance Monitoring on AWS

Download as PPTX, PDF
Lacework
Lacework

This document provides an overview of automated end-to-end security for AWS. It discusses how the majority of compromises are due to credentials being compromised, failure to patch security flaws, insider threats, or human error. An example compromise is described where a developer at a company accidentally committed SSH keys to GitHub, allowing a hacker to access servers and exfiltrate customer data, resulting in a $148 million settlement. The document then outlines how Lacework can help secure workloads, containers, configuration, AWS accounts, and provide continuous auditing and compliance.

Related slideshows

Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security Overview
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application security
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
1 of 16
Automated End-to-End Security for AWS
• Introduction • Anatomy of a compromise • What to Secure • How Lacework can help • Product Demo • Trial Agenda
About Me • Lacework’s 1st Systems Engineer • 15 years in SaaS, Public Cloud, DevOps, and Security • Experience with SOC2, PCI-DSS, NIST 800-53, ISO27001 • AWS Certified Solutions Architect – Professional
The majority of compromises come down to one of these four methods: 1. Compromised credentials 2. Failure to patch known security flaws 3. Insider threats 4. Human error or negligence Anatomy of a Compromise
How are credentials compromised? Many of the recent compromises start with GitHub Specifically when developers move code from local to remote repo’s
Anatomy of a Compromise  People have gotten better!  But mistakes still happen Search  Credentials in GitHub are easy to find
Example Compromise At a well-known company, let’s call them Q’ber, a DevOps engineer accidentally committed SSH keys into GitHub And as you well know:
Example Compromise Q’ber’s security team had no idea the breach had occurred, only until the hacker contacted them with a ransom demand With full access to Q’ber’s servers, the hacker then accessed a database and exfiltrated 50M customer data records
Example Compromise Q’ber then paid the hackers $100K to delete the data and cover up the incident But the incident still became public
Cost of Compromise Q’ber is eventually sued by the US Government for not implementing requisite security controls for their hosts in the cloud $148,000,000Q’ber settles with the government for $148M How many zeroes is that??
Data Leaks Publicly exposed S3 buckets Hijacked Resources Compromised AWS accounts Hijacked Compute Resources Crypto-mining attacks Recent Security Incidents
Shared Responsibility Model AWS Global Infrastructure Customer is expected to: - Add protection layer - Configure AWS security features - Update OS and applications Amazon Web Services Responsible for security “of” the cloud Customer Responsible for security “in” the cloud Application Operating System Configuration AWS Foundation Services Compute Storage Database Networking
Surface of Risk & Threat
What Lacework Does Workload & Container Security Continuous Configuration Audit & Compliance AWS Account Security
Free Trial Signup https://www.lacework.com/security-week
Demo time!

More Related Content

AWS Security Week | Getting to Continuous Security and Compliance Monitoring on AWS

  • 2. • Introduction • Anatomy of a compromise • What to Secure • How Lacework can help • Product Demo • Trial Agenda
  • 3. About Me • Lacework’s 1st Systems Engineer • 15 years in SaaS, Public Cloud, DevOps, and Security • Experience with SOC2, PCI-DSS, NIST 800-53, ISO27001 • AWS Certified Solutions Architect – Professional
  • 4. The majority of compromises come down to one of these four methods: 1. Compromised credentials 2. Failure to patch known security flaws 3. Insider threats 4. Human error or negligence Anatomy of a Compromise
  • 5. How are credentials compromised? Many of the recent compromises start with GitHub Specifically when developers move code from local to remote repo’s
  • 6. Anatomy of a Compromise  People have gotten better!  But mistakes still happen Search  Credentials in GitHub are easy to find
  • 7. Example Compromise At a well-known company, let’s call them Q’ber, a DevOps engineer accidentally committed SSH keys into GitHub And as you well know:
  • 8. Example Compromise Q’ber’s security team had no idea the breach had occurred, only until the hacker contacted them with a ransom demand With full access to Q’ber’s servers, the hacker then accessed a database and exfiltrated 50M customer data records
  • 9. Example Compromise Q’ber then paid the hackers $100K to delete the data and cover up the incident But the incident still became public
  • 10. Cost of Compromise Q’ber is eventually sued by the US Government for not implementing requisite security controls for their hosts in the cloud $148,000,000Q’ber settles with the government for $148M How many zeroes is that??
  • 11. Data Leaks Publicly exposed S3 buckets Hijacked Resources Compromised AWS accounts Hijacked Compute Resources Crypto-mining attacks Recent Security Incidents
  • 12. Shared Responsibility Model AWS Global Infrastructure Customer is expected to: - Add protection layer - Configure AWS security features - Update OS and applications Amazon Web Services Responsible for security “of” the cloud Customer Responsible for security “in” the cloud Application Operating System Configuration AWS Foundation Services Compute Storage Database Networking
  • 13. Surface of Risk & Threat
  • 14. What Lacework Does Workload & Container Security Continuous Configuration Audit & Compliance AWS Account Security