Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-up Loft

©2015 evident.io I confidential I evident.io

Agenda

▪What is Evident.io? ▪Shared Security Responsibility: the AWS

Perspective ▪Shared Security Responsibility: the Customer

Perspective ▪Anatomy of a security incident ▪How can Evident.io help? ▪Panel Q&A

1/27/20152

January 27


The Speakers

▪Ryan Holland - Partner Solutions Architect Sr. Manager @ AWS [email protected] ▪ Justin Lundy - CTO @ Evident.io [email protected] @justinlundy_ ▪ John Martinez - Principal Solutions Architect @ Evident.io

[email protected] @johnmartinez

1/27/20153

mailto:[email protected]




What is Evident.io?

Evident Security Platform is the Cloud-first Security and Threat Analysis Platform. ESP provides may security best practice checks that give you visibility into your part of the AWS Shared Security Responsibility model.

1/27/20154


Shared Security Responsibilities?

1/27/20155


The minute we gave developers the power to

create infrastructure, security became their responsibility,

too!

1/27/20156


Shared Security ResponsibilitiesThe AWS Perspective

1/27/20157


What is AWS Responsible for?

▪ Data center access ▪ Physical infrastructure ▪ Network security ▪ API end points ▪ Full details found in the AWS Security Best Practices White Paper http://

aws.amazon.com/security/

1/27/20158

http://aws.amazon.com/security/


Shared Security ResponsibilitiesThe Customer Perspective

1/27/20159


What am I responsible for?

▪ Root user hygiene ▪ Multi-factor authentication tokens ▪ Maintaining API Access Keys and Secret Keys ▪ Managing IAM entities: users, groups, roles, policies ▪ EC2 Security groups and rules ▪ VPC NACLs ▪ OS patching, users, firewalls, logs ▪ And many other things described in the AWS Security Best Practices White

Paper http://aws.amazon.com/security/

1/27/201510

http://aws.amazon.com/security/


Top 10 Best Practices to Implement ASAP

▪Disable root API access key and secret key ▪Enable MFA tokens everywhere ▪Reduce number of IAM users with Admin rights ▪Use Roles for EC2 ▪ Least privilege: limit what IAM entities can do with strong/explicit policies ▪Rotate all the keys regularly ▪Use IAM roles with STS AssumeRole where possible ▪Use AutoScaling to dampen DDoS effects ▪Do not allow 0.0.0.0/0 in any EC2/ELB security group unless you mean it ▪Watch world-readable/listable S3 bucket policies

1/27/201511


Anatomy of a Security IncidentWhat now?

1/27/201512


How can Evident.io help?

1/27/201513


Security in AWS Can be Magical!

1/27/201514


Signatures are our Strength

▪Evident.io checks for all of the recommended security best practices in the previous list, and then some, a lot some! ▪Security reports tell your story - what is the state of my AWS security

configurations right now? ▪Actionable - every signature tells you how to fix the issue ▪Custom Signatures allow you to extend the signature engine with checks that are

important for you ▪Historical - reports from the time you sign up ▪DevSecOps anyone? Extend the reach of Evident.io with a full REST API, Ruby

SDK and 3rd party integrations ▪And we’ll never, ever, ever ask you for an API access key (did we say never?)

1/27/201515


The Beer Challenge

If it takes you more than 5 minutes to sign up for Evident.io,

we’ll send you a case of beer - Tim Prendergast, CEO

<[email protected]>1/27/2015

16



We are your Partners in Security

▪Evident.io is made up of real Cloud and Security Pros ▪We speak AWS, Security and DevOps ▪Active in the AWS, Security and DevOps communities ▪We know and feel your pain as we’ve about seen it all ▪We love to hear your stories beyond our product - email us any time at

[email protected] ▪More resources, blog, and 30-day free trial await at https://www.evident.io/

1/27/201517


https://www.evident.io/


Evident.io @ AWS Loft

▪Twice a month daytime Cloud Security training sessions ▪Once a month evening events ▪Our next session: Security Incident Response on AWS Workshop ▪ Look for dates soon!

1/27/201518

@evidentdotio

Thank you!

Technology

Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-up Loft