Upload
evidentio
View
107
Download
1
Tags:
Embed Size (px)
Citation preview
©2015 evident.io I confidential I evident.io
Agenda
▪What is Evident.io? ▪Shared Security Responsibility: the AWS
Perspective ▪Shared Security Responsibility: the Customer
Perspective ▪Anatomy of a security incident ▪How can Evident.io help? ▪Panel Q&A
1/27/20152
January 27
©2015 evident.io I confidential I evident.io
The Speakers
▪Ryan Holland - Partner Solutions Architect Sr. Manager @ AWS [email protected] ▪ Justin Lundy - CTO @ Evident.io [email protected] @justinlundy_ ▪ John Martinez - Principal Solutions Architect @ Evident.io
[email protected] @johnmartinez
1/27/20153
©2015 evident.io I confidential I evident.io
What is Evident.io?
Evident Security Platform is the Cloud-first Security and Threat Analysis Platform. ESP provides may security best practice checks that give you visibility into your part of the AWS Shared Security Responsibility model.
1/27/20154
©2015 evident.io I confidential I evident.io
Shared Security Responsibilities?
1/27/20155
©2015 evident.io I confidential I evident.io
The minute we gave developers the power to
create infrastructure, security became their responsibility,
too!
1/27/20156
©2015 evident.io I confidential I evident.io
Shared Security ResponsibilitiesThe AWS Perspective
1/27/20157
©2015 evident.io I confidential I evident.io
What is AWS Responsible for?
▪ Data center access ▪ Physical infrastructure ▪ Network security ▪ API end points ▪ Full details found in the AWS Security Best Practices White Paper http://
aws.amazon.com/security/
1/27/20158
©2015 evident.io I confidential I evident.io
Shared Security ResponsibilitiesThe Customer Perspective
1/27/20159
©2015 evident.io I confidential I evident.io
What am I responsible for?
▪ Root user hygiene ▪ Multi-factor authentication tokens ▪ Maintaining API Access Keys and Secret Keys ▪ Managing IAM entities: users, groups, roles, policies ▪ EC2 Security groups and rules ▪ VPC NACLs ▪ OS patching, users, firewalls, logs ▪ And many other things described in the AWS Security Best Practices White
Paper http://aws.amazon.com/security/
1/27/201510
©2015 evident.io I confidential I evident.io
Top 10 Best Practices to Implement ASAP
▪Disable root API access key and secret key ▪Enable MFA tokens everywhere ▪Reduce number of IAM users with Admin rights ▪Use Roles for EC2 ▪ Least privilege: limit what IAM entities can do with strong/explicit policies ▪Rotate all the keys regularly ▪Use IAM roles with STS AssumeRole where possible ▪Use AutoScaling to dampen DDoS effects ▪Do not allow 0.0.0.0/0 in any EC2/ELB security group unless you mean it ▪Watch world-readable/listable S3 bucket policies
1/27/201511
©2015 evident.io I confidential I evident.io
Anatomy of a Security IncidentWhat now?
1/27/201512
©2015 evident.io I confidential I evident.io
How can Evident.io help?
1/27/201513
©2015 evident.io I confidential I evident.io
Security in AWS Can be Magical!
1/27/201514
©2015 evident.io I confidential I evident.io
Signatures are our Strength
▪Evident.io checks for all of the recommended security best practices in the previous list, and then some, a lot some! ▪Security reports tell your story - what is the state of my AWS security
configurations right now? ▪Actionable - every signature tells you how to fix the issue ▪Custom Signatures allow you to extend the signature engine with checks that are
important for you ▪Historical - reports from the time you sign up ▪DevSecOps anyone? Extend the reach of Evident.io with a full REST API, Ruby
SDK and 3rd party integrations ▪And we’ll never, ever, ever ask you for an API access key (did we say never?)
1/27/201515
©2015 evident.io I confidential I evident.io
The Beer Challenge
If it takes you more than 5 minutes to sign up for Evident.io,
we’ll send you a case of beer - Tim Prendergast, CEO
<[email protected]>1/27/2015
16
©2015 evident.io I confidential I evident.io
We are your Partners in Security
▪Evident.io is made up of real Cloud and Security Pros ▪We speak AWS, Security and DevOps ▪Active in the AWS, Security and DevOps communities ▪We know and feel your pain as we’ve about seen it all ▪We love to hear your stories beyond our product - email us any time at
[email protected] ▪More resources, blog, and 30-day free trial await at https://www.evident.io/
1/27/201517
©2015 evident.io I confidential I evident.io
Evident.io @ AWS Loft
▪Twice a month daytime Cloud Security training sessions ▪Once a month evening events ▪Our next session: Security Incident Response on AWS Workshop ▪ Look for dates soon!
1/27/201518
@evidentdotio
Thank you!