Cloud security�from zero to one
Harsh Varagiya
agenda
3
day 1: security is not an afterthought
how do you define security challenges in cloud?
Risk Based Approach vs Maturity Based Approach
risk based approach
define threats by conducting threat modelling in cloud
defenders are entangled with integrating complex security tools, maintaining compliance posture and running behind latest industry buzzwords while overlooking the fundamentals
AWS security arsenal
An AWS organization consolidates your AWS accounts so that you can administer them as a single unit
It has one management account along with zero or more member accounts
Most of your workloads should reside in member accounts, except for some centrally managed processes that must reside in either the management account or in accounts assigned as delegated administrators for specific AWS services
security best practices which were baked in from day 1
our approach towards building security from day 1
setting up first line of defense on cloud (zero to 1 story)
AWS enterprise support team to rescue
Log4j exploit case study
Log4j exploit - SNS alert
AWS Advanced Shield
security logging the right way from zero to one
detection engg from zero to one - building DIAL
DIAL architecture & benefits
benefits of DIAL
DIAL alerts
detection engg from zero to one - building Xenon
access keys leakage is one of the prominent cause for data breaches across the globe
ways access keys can get leaked?
Xenon - key features
detection engg from zero to one - network anomaly detection
VPC traffic mirroring
traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface. You can then send the traffic to out-of-band security and monitoring appliances for:
anomaly detection using VPC Traffic Mirroring
traffic mirroring use cases
alerts generated using suricata
preventive controls in AWS cloud
data security
key takeaways