(sec313) updating security operations for the cloud | aws re:invent 2014
DESCRIPTION
Learn how to increase the effectiveness of your security operations as you move to the cloud. This session for architects and IT administrators covers considerations for optimizing your incident response, monitoring, and audit response tactics to take advantage of built-in capabilities in AWS. This session provides practical advice you can apply today, pulled from industry research, direct experience helping customers migrate to the cloud, and from the speaker's own hard-earned lessons. Sponsored by Trend Micro.TRANSCRIPT
![Page 1: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/1.jpg)
![Page 2: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/2.jpg)
@marknca
![Page 3: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/3.jpg)
Strategy
Tactics
![Page 4: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/4.jpg)
Traditional Responsibility Model
You
![Page 5: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/5.jpg)
AWS You
Shared Responsibility Model
![Page 6: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/6.jpg)
AWS
Facilities
Physical
Network
Virtualization Layer
You
Shared Responsibility Model
![Page 7: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/7.jpg)
Monitoring
Forensics
4 pillars of practice
![Page 8: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/8.jpg)
![Page 9: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/9.jpg)
![Page 10: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/10.jpg)
![Page 11: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/11.jpg)
SANS incident response process
![Page 12: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/12.jpg)
SANS incident response process
![Page 13: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/13.jpg)
Business point of view
![Page 14: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/14.jpg)
Incident response before
Server
Analyze Repair Improve
Replacement
![Page 15: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/15.jpg)
Incident response before
Instance
Analyze Repair Improve
Replacement
![Page 16: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/16.jpg)
Advantages
![Page 17: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/17.jpg)
In action…
![Page 18: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/18.jpg)
![Page 19: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/19.jpg)
Optimized response
![Page 20: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/20.jpg)
Optimized response
Instance
Script
Analyze
Improve
API
Replacement
![Page 21: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/21.jpg)
![Page 22: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/22.jpg)
![Page 23: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/23.jpg)
![Page 24: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/24.jpg)
Business point of view
![Page 25: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/25.jpg)
Creating an audit trail before
Servers
Change
RecordStorage Logs
Firewall / IPS
![Page 26: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/26.jpg)
Creating an audit trail before
Instances
Change
Record
Central
ManagementLogs
AWS Services
![Page 27: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/27.jpg)
![Page 28: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/28.jpg)
In action…
![Page 29: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/29.jpg)
![Page 30: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/30.jpg)
![Page 31: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/31.jpg)
![Page 32: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/32.jpg)
![Page 33: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/33.jpg)
![Page 34: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/34.jpg)
![Page 35: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/35.jpg)
![Page 36: (SEC313) Updating Security Operations for the Cloud | AWS re:Invent 2014](https://reader033.vdocuments.us/reader033/viewer/2022060121/55935e1f1a28ab54648b46d6/html5/thumbnails/36.jpg)
Please give us your feedback on this session.
Complete session evaluations and earn re:Invent swag.
http://bit.ly/awsevals