Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS

Please download to get full document.

View again

All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
 5
 
  1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SecurityFrameworkShakedown MapeiesuajornadacomasmelhorespráticasdaAWS MelissaRavanini…
Share
Transcript
  • 1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SecurityFrameworkShakedown MapeiesuajornadacomasmelhorespráticasdaAWS MelissaRavanini ArquitetadeSoluções–EspecialistaemHealthcare
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Cloud Adoption Framework: perspectiva de segurança • AWS Well-Architected Framework: pilar de segurança
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSshared responsibilitymodel
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWScloudadoptionframework
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security-Corefiveepics
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Defineastrategy Identify your workloads moving to AWSIdentify stakeholders
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Delivera securityprogram Rationalize security requirements Define data protections and controls Document security architecture
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Securitycartography
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CAFbestpractices Inventory current security requirements Adopt a security framework Identify workload security controls Map current security controls cloud controls Create a security RACI Create a risk register
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Robustsecurityoperations Deploy architecture Automation Continuous monitoring Testing and Gamedays
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity & Access Mgmt Detective Control Infrastructure Security Data Protection Incident Response Week 1 Week 2 Week 5Week 3 Week 4 Sample security Epics journey
  • 13. https://console.aws.amazon.com/wellarchitected
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is theAWSWell-ArchitectedFramework? Pillars Design Principles Questions
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PillarsofAWSWell-Architected Security Reliability Performance Efficiency Cost Optimization Operational Excellence
  • 16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTrustedAdvisor https://console.aws.amazon.com/trustedadvisor
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Topbestpractices:Strongidentityfoundation Root account should never be used Consider AWS Organizations Set account security questions & contacts Centralize identities Audit periodically
  • 18. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cross-accountAccess https://docs.aws.amazon.com/pt_br/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Topbestpractices:Strongidentityfoundation Never store credentials or secrets in code Enforce MFA Use IAM roles for users and services Establish least privileged policies Use temporary credentials
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Howto:EnforceMFA User can only assume a role with MFA MFA token Permissions RoleUser AWS CloudPermissions http://bit.ly/AWSWALabs
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Topbestpractices:Enabletraceability Consider Amazon GuardDuty Configure application & infrastructure logging Centralize using a SIEM Proactively monitor Regular reviews of news & best practices
  • 23. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AmazonGuard Duty https://console.aws.amazon.com/guardduty/
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Topbestpractices:Networkprotection Amazon CloudFront + AWS WAF Amazon VPC and security groups Private connectivity – Transit Gateway, VPN, AWS Direct Connect Service endpoints Enforce service level permission
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Howto:Networkprotection Bucket Instances Region VPC Users https://amzn.to/2PbHOpz WAF Automation www.example.com
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Topbestpractices:Applysecurityatall layers Harden operating systems & defaults Use anti-malware + intrusion detection Scan infrastructure Scan code Patch vulnerabilities
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Howto:Scanvulnerabilities Scan instances with Amazon Inspector https://amzn.to/2DT9jyg Scan code in the pipeline Dependency Check: http://bit.ly/2SPzUAp Testing OWASP Zap: http://bit.ly/2yWwzqN
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Howto:computeprotection
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Topbestpractices:Automatesecuritybestpractices Template infra: AWS CloudFormation / AWS SAM Automate build and test AWS Config rules for verification Automate response to non-compliance Automate response to events
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Howto:Automatechecks Config Rules https://console.aws.amazon.com/config
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Howto:Automatemanagement Automation Patch manager State manager https://amzn.to/2AaOwSg https://amzn.to/2DSTLdK https://amzn.to/2Qihzxm
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Topbestpractices:Incidentresponse Prepare for different scenarios Pre-deploy tools using automation Pre-provision access for response teams Practice responding through game days Continuously improve your processes
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Howto:Runincidentresponsegameday 1. Schedule a four to eight hour block 2. Find a prize (bribery) 3. Supply junk food & beverages 4. Pick relevant scenarios from: https://amzn.to/2PetNro 5. Create a runbook 6. Practice 7. Have fun!
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Howto:Simplerunbook Event description [Attack Type] [Attack Description] Data to gather for troubleshooting [Evaluation of current data] Steps to troubleshoot and fix [Contain / impact / recovery / forensics] Urgency category [Critical, Important, moderate, informational] Communications & escalation
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Take action! CAF: aws.amazon.com/professional-services/CAF/ W-A: aws.amazon.com/well-architected W-A Labs: http://bit.ly/AWSWALabs AWS sec twitter: @AWSSecurityInfo AWS sec blog: https://aws.amazon.com/blogs/security/
  • 36. Obrigada!
  • Related Search
    Similar documents
    View more
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks
    SAVE OUR EARTH

    We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

    More details...

    Sign Now!

    We are very appreciated for your Prompt Action!

    x