SlideShare a Scribd company logo

NIST Cybersecurity Framework (CSF) on the Public Cloud

Download as PPTX, PDF
C
CloudHesive

The document discusses how public cloud services align with the NIST Cybersecurity Framework (CSF). It provides an overview of the CSF functions and an example of how they apply to end user computing security on AWS. It also discusses adjacent security frameworks like CIS benchmarks and how automation and processes tie into lifecycle management. Cloud adoption frameworks like CAF and WAF are summarized in relation to their alignment with CSF and security best practices.

1 of 52
Downloaded 18 times
NIST Cybersecurity Framework (CSF) on the Public Cloud
Topics • Introduction • ExampleWorkload: End User Computing • What can go wrong? Ransomware Incident Response in End User Computing • End User Computing Security Best Practices • Modernizing Security Controls • NIST Cybersecurity Framework • Adjacent Frameworks • Public Cloud Services alignment to NIST Cybersecurity Framework
Introduction
Public Cloud Revenue – has/is forecasted to increaseYoY
Users andVulnerable Software – Still a Challenge Verizon 2021 Data Breach Investigations Report https://www.verizon.com/business/resources/reports/2021-data-breach-investigations-report.pdfx
CustomerWorkload Personas – Growth inVariety • Migrated • Server Based • Migrated & Optimized • Blends of Server and Service Based • Serverless/Native • Service Based • Orchestrated • ECS, EKS, K8s • Inherited • Wildcard! • Hybrid • Wildcard!
Service Categories – Also Growth inVariety • Analytics • Application Integration • AR &VR • AWS Cost Management • Blockchain • Business Applications • Compute • Customer Engagement • Database • Developer Tools • End User Computing • GameTech • Internet ofThings • Machine Learning • Management & Governance • Media Services • Migration &Transfer • Mobile • Networking & Content Delivery • QuantumTechnologies • Robotics • Satellite • Security, Identity, & Compliance • Storage
The Scenario
Shared Responsibility Model
End User Computing Sample Deployment
What’s missing? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
End User Computing Sample Deployment
What could go wrong? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
The Approach
Overview • Through the lens of the NIST Cybersecurity Framework we will look at frameworks developed by, and services available onAWS. • Cloud Services, such as those offered by AWS either/both play a supporting role in your security posture, supporting both non-AWS resources andAWS resources alike but secure configuration of AWS resources can also play a role in supporting your security posture. • The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
The Cybersecurity Framework Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core ImplementationTiers A qualitative measure of organizational cybersecurity risk management practices
The Cybersecurity Framework - Functions • Identify • Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. • Protect • Develop and implement appropriate safeguards to ensure delivery of critical services. • Detect • Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. • Respond • Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. • Recover • Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
An Excerpt from the Framework Core 5 Functions 23 Categories 108 Subcategories 6 Informative References
ImplementationTiers 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk • benefits my sharing or receiving information from outside parties
CIS Controls & Benchmarks • Controls • Similar, though more prescriptive than NIST CSF • Can be mapped to CSF • Benchmarks • Prescriptive steps to apply controls to specific technologies • AWS • Workspaces • Windows/Linux • Other Services
CIS Benchmark End User Computing Example
CloudWorkload Lifecycle Management Framework • Workload • Architecture • Monitoring • Automation • Processes
Workload + Architecture Drives Service Selection • Virtual Machines • AMI • Patching • Multi-threaded/Multi-task • Hours to Months • PerVM/Per Hour • Functions/Services • Code • Versioning • Single-threaded/Single-task • Microseconds to Seconds • Per Memory/Second/Per Request • Containers • Container File • Versioning • Multi-threaded/Single-task • Minutes to Days • PerVM/Per Hour
Integration
Automation + Processes Drives Lifecycle Management Selection • Organizations • Cross-AccountAsset Management + Governance • ControlTower • Account vending/default standardization • Service Catalog • Workload platform vending/default standardization • CloudFormation • IaC • Ephemeral Compute + API Managed Data/Control Plane for PersistenceTiers • Hands off/Lights out
Processes • Patching • Backup/RestoreTesting • FailoverTesting (AZ) • Credential Rotation/CredentialAudit • Event ResponseTesting • Incident ResponseTesting • PerformanceTesting • Performance/Cost Review • Vulnerability/PenetrationTesting
Cloud Adoption Framework (CAF) https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/accelerating-business-outcomes.html
Cloud Adoption Framework (CAF) • Perspectives • Business • Value Realization • People • Roles & Readiness • Governance • Prioritization & Control • Platform • Applications & Infrastructure • Security • Risk & Compliance • Operations • Manage & Scale
Cloud Adoption Framework (CAF) - Capabilities https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html
Cloud Adoption Framework (CAF) – Capabilities - Security https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html
CAF – Security Perspective • Directive • Account Ownership and contact information • Change and asset management • Least privilege access • Preventive • Identity and access • Infrastructure protection • Data protection • Detective • Logging and monitoring • Asset inventory • Change detection • Responsive • Vulnerabilities • Privilege escalation • DDoS attack
Well Architected Framework (WAF) • General • Event-Triggered • Workload-Focused • General Design Principals • Pillars • Design Principals • Best Practices • Lenses
WAF – Pillars • Operational Excellence • Security • Reliability • Performance Efficiency • Cost Optimization • Sustainability – New!
WAF – Lenses • High Performance Computing (HPC) • Serverless • Internet ofThings (IOT) • Financial Services Industry (FinServ) • FoundationalTechnical Review (FTR) • SaaS • Streaming Media • Machine Learning • SAP • DataAnalytics • Games Industry • Hybrid Networking • Management and Governance –Well Aligned!
WAF – General Design Principals • Stop guessing your capacity needs • Test systems at production scale • Automate to make architectural experimentation easier • Allow for evolutionary architectures • Drive architectures using data • Improve through game days
WAF – Game Days • Prepare • Is the process/are the processes to be tested during the game day well defined? Is access in place? Has training been performed? • Define • Workload, Personnel, Scenario, Environment, Schedule • Execute • Start, Middle, End • Analyze • Debrief, Examine, Document, Root Cause Analysis (RCA), Correction of Error (CoE)
WAF – Security Pillar • Design Principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events • Best Practices • Identity and Access Management • Detection • Infrastructure Protection • Data Protection • Incident Response
Let’s tie it all together… https://aws.amazon.com/blogs/security/optimizing-cloud-governance-on-aws-integrating-the-nist-cybersecurity-framework-aws- cloud-adoption-framework-and-aws-well-architected/
Identify
Identify • Everything on the previous slides 
Identify • Audit Manager • Cost Management Services (Individual Services) • Certificate Manager (Public + Private) • Firewall Manager (WAF + Security Groups) • Directory Service + Identity and Access Management (+ Services with their own Policies) • AccessAdvisor,Access Analyzer,Organization Activity • Inspector • Key Management Service + Secrets Manager • Macie • Premium Support +Trusted Advisor + Personal Health Dashboard • Systems Manager • Security Hub + Config + Config Rules • Tags
Identify – Organizations • Tag policies • Artifact • Backup • CloudFormation StackSets • CloudTrail • Config • Directory Service • Firewall Manager • Resource Access Manager • Service Catalog • Single Sign-On • Systems Manager
Protect/Detect
Protect • VPC: Security Groups (Stateful Firewall) + NACLs (Stateless Firewall), Network Firewall, DNS Firewall,Gateway Load Balancer • WAF: Layer 7WAF • Shield + AutoScaling + ELB + Cloud Front: DoS/DDoS Protection • VPC:VGW (Point to Point and IPSECConnectivity) + Peering (VPC toVPC Connectivity) + Endpoints (Private Connectivity to AWS Services), ClientVPN (Client toVPC Connectivity) • IAM + Directory Service + SSO: Standalone and Federated AAA • KMS: FIPS 140-2 Certified cryptographic module with integration to various AWS services, provides expiration and ability to provide self-generated cryptographic material • ACM: Public and Private PKI Certificate Authority • Secure Credential Storage: Secrets Manager, Systems Manager • Nitro Enclaves
Protect • AWS Auto Scaling: EC2, Dynamo,Aurora Autoscaling • Code Commit/ECS (Image Scanning)/Signer: Secure Application and Artifact Repository + dedicated account • Code Deploy/Systems Manager: “Hands off” OS and configuration management + application deployment • EC2: Systems Manager (OS and above patching + auditing), Amazon Linux 2 Live Patching • AWS Backup: EC2, RDS, EFS, Dynamo Backups + dedicated account • Workspaces: Secure Bastion • CloudFormation + OpsWorks + Elastic Beanstalk: “Hands off” infrastructure management • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention • Host Based Security
Detect
Detect • Guard Duty • Config: Point in time snapshots of configuration items, Exportable as JSON to idempotent storage • VPC: Flow Logs (NetFlow) + Port Mirroring • CloudWatch Logs: OS and above log management • CloudTrail: AuditTrail, Exportable as JSON to idempotent storage • Cloudfront, ALB andWAF: All log (CloudFront and ALB in S3,WAF in Kinesis) • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention + dedicated account
Respond/Recover
Respond • Detective • Disk Snapshots • Don’t forget to remove from retention policy • Automated withThreatResponse,GRR • Memory Snapshots • Automated withThreatResponse,GRR,Volatility, Rekall • Logs • Don’t forget to remove from retention policy • Query and Correlate with Athena • Measure
Recover • Block Access (WAF, Security Group, ACL, IAM) • Revert to Known Good State (Snapshots,Versioning) • Identify/Correct Root Cause (Logs!) • Rotate Credentials (people and things) • Measure
Conclusion • Iterate introduction of your security controls – some in the short term is better than none in the long term. • Detective Controls are just as important as Preventative Controls, they play a significant response in incident detection and response. • Whether your workload is onAWS or not,AWS services can be used to supplement your controls. • There is no lack of frameworks – pick and choose from them to make a framework that works best for your organization’s needs.
ThankYou!
Ad

Recommended

Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
Muhammad Abdel Aal
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
Michael Gough
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
John Yeoh
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Nicholas Vossburg
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
Pituphong Yavirach
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
dotco
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
Maganathin Veeraragaloo
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPT
ADEPT TECHNOLOGY
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
CloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
CloudHesive
 
Ad

More Related Content

What's hot (20)

AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Nicholas Vossburg
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
Pituphong Yavirach
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
dotco
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
Maganathin Veeraragaloo
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPT
ADEPT TECHNOLOGY
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Nicholas Vossburg
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
Pituphong Yavirach
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
dotco
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
Maganathin Veeraragaloo
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPT
ADEPT TECHNOLOGY
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 

Similar to NIST Cybersecurity Framework (CSF) on the Public Cloud (20)

Security on AWS
Security on AWSSecurity on AWS
Security on AWS
CloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
CloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
CloudHesive
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWS
CloudHesive
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on security
CloudHesive
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing Overview
Manju Srinivas
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Himani Singh
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
Jason Chan
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Incident response in Cloud
Incident response in CloudIncident response in Cloud
Incident response in Cloud
Vandana Verma
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Lucas Jellema
 
Unified Security Governance
Unified Security GovernanceUnified Security Governance
Unified Security Governance
Can Demirel
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two clouds
Andrew Siemer
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
CloudHesive
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]
Symantec
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
CloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
CloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
CloudHesive
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWS
CloudHesive
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on security
CloudHesive
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing Overview
Manju Srinivas
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Himani Singh
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
Jason Chan
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Incident response in Cloud
Incident response in CloudIncident response in Cloud
Incident response in Cloud
Vandana Verma
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Lucas Jellema
 
Unified Security Governance
Unified Security GovernanceUnified Security Governance
Unified Security Governance
Can Demirel
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two clouds
Andrew Siemer
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
CloudHesive
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]Wipro's Compliance as a Service [CAAS]
Wipro's Compliance as a Service [CAAS]
Symantec
 
Ad

More from CloudHesive (20)

CloudHesive x Datadog Multi Generational Observability
CloudHesive x Datadog Multi Generational ObservabilityCloudHesive x Datadog Multi Generational Observability
CloudHesive x Datadog Multi Generational Observability
CloudHesive
 
Modernization of your AWS based SaaS platform - Short
Modernization of your AWS based SaaS platform - ShortModernization of your AWS based SaaS platform - Short
Modernization of your AWS based SaaS platform - Short
CloudHesive
 
Modernization of your AWS based SaaS platform
Modernization of your AWS based SaaS platformModernization of your AWS based SaaS platform
Modernization of your AWS based SaaS platform
CloudHesive
 
Serverless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaServerless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of Florida
CloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
CloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
CloudHesive
 
Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...
CloudHesive
 
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxAmazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
CloudHesive
 
ConnectPath Introduction
ConnectPath IntroductionConnectPath Introduction
ConnectPath Introduction
CloudHesive
 
Modernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfModernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdf
CloudHesive
 
Modernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfModernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdf
CloudHesive
 
End User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxEnd User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptx
CloudHesive
 
Analytics at CloudHesive
Analytics at CloudHesiveAnalytics at CloudHesive
Analytics at CloudHesive
CloudHesive
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
CloudHesive
 
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsBest Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
CloudHesive
 
Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations
CloudHesive
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022
CloudHesive
 
Serverless without Code (Lambda)
Serverless without Code (Lambda)Serverless without Code (Lambda)
Serverless without Code (Lambda)
CloudHesive
 
AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)
CloudHesive
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
CloudHesive x Datadog Multi Generational Observability
CloudHesive x Datadog Multi Generational ObservabilityCloudHesive x Datadog Multi Generational Observability
CloudHesive x Datadog Multi Generational Observability
CloudHesive
 
Modernization of your AWS based SaaS platform - Short
Modernization of your AWS based SaaS platform - ShortModernization of your AWS based SaaS platform - Short
Modernization of your AWS based SaaS platform - Short
CloudHesive
 
Modernization of your AWS based SaaS platform
Modernization of your AWS based SaaS platformModernization of your AWS based SaaS platform
Modernization of your AWS based SaaS platform
CloudHesive
 
Serverless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaServerless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of Florida
CloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
CloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
CloudHesive
 
Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...
CloudHesive
 
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxAmazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
CloudHesive
 
ConnectPath Introduction
ConnectPath IntroductionConnectPath Introduction
ConnectPath Introduction
CloudHesive
 
Modernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfModernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdf
CloudHesive
 
Modernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfModernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdf
CloudHesive
 
End User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxEnd User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptx
CloudHesive
 
Analytics at CloudHesive
Analytics at CloudHesiveAnalytics at CloudHesive
Analytics at CloudHesive
CloudHesive
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
CloudHesive
 
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsBest Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
CloudHesive
 
Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations
CloudHesive
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022
CloudHesive
 
Serverless without Code (Lambda)
Serverless without Code (Lambda)Serverless without Code (Lambda)
Serverless without Code (Lambda)
CloudHesive
 
AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)
CloudHesive
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
Ad

Recently uploaded (20)

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 

NIST Cybersecurity Framework (CSF) on the Public Cloud

  • 1. NIST Cybersecurity Framework (CSF) on the Public Cloud
  • 2. Topics • Introduction • ExampleWorkload: End User Computing • What can go wrong? Ransomware Incident Response in End User Computing • End User Computing Security Best Practices • Modernizing Security Controls • NIST Cybersecurity Framework • Adjacent Frameworks • Public Cloud Services alignment to NIST Cybersecurity Framework
  • 4. Public Cloud Revenue – has/is forecasted to increaseYoY
  • 5. Users andVulnerable Software – Still a Challenge Verizon 2021 Data Breach Investigations Report https://www.verizon.com/business/resources/reports/2021-data-breach-investigations-report.pdfx
  • 6. CustomerWorkload Personas – Growth inVariety • Migrated • Server Based • Migrated & Optimized • Blends of Server and Service Based • Serverless/Native • Service Based • Orchestrated • ECS, EKS, K8s • Inherited • Wildcard! • Hybrid • Wildcard!
  • 7. Service Categories – Also Growth inVariety • Analytics • Application Integration • AR &VR • AWS Cost Management • Blockchain • Business Applications • Compute • Customer Engagement • Database • Developer Tools • End User Computing • GameTech • Internet ofThings • Machine Learning • Management & Governance • Media Services • Migration &Transfer • Mobile • Networking & Content Delivery • QuantumTechnologies • Robotics • Satellite • Security, Identity, & Compliance • Storage
  • 10. End User Computing Sample Deployment
  • 11. What’s missing? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
  • 12. End User Computing Sample Deployment
  • 13. What could go wrong? • Ingress Security Group toWorkspace • Egress Security Group fromWorkspace to (Internet) • Security Groups to/from other Services (AWS and On Premises) • Security of the Workspace Environment • Security of supporting servers (Active Directory) • Security of other network-accessible resources (Web Servers) • User Permissions (Non-Local Admin, Local Admin, Global Admin) • Access of the Workspace (PKI Cert, PKI PIV, Network, MFA) • The rest of the AWSAccount?The rest of the AWSAccount! (Services, APIs)
  • 15. Overview • Through the lens of the NIST Cybersecurity Framework we will look at frameworks developed by, and services available onAWS. • Cloud Services, such as those offered by AWS either/both play a supporting role in your security posture, supporting both non-AWS resources andAWS resources alike but secure configuration of AWS resources can also play a role in supporting your security posture. • The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
  • 16. The Cybersecurity Framework Core Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls Profiles Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core ImplementationTiers A qualitative measure of organizational cybersecurity risk management practices
  • 17. The Cybersecurity Framework - Functions • Identify • Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. • Protect • Develop and implement appropriate safeguards to ensure delivery of critical services. • Detect • Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. • Respond • Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. • Recover • Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
  • 18. An Excerpt from the Framework Core 5 Functions 23 Categories 108 Subcategories 6 Informative References
  • 19. ImplementationTiers 1 2 3 4 Partial Risk Informed Repeatable Adaptive Risk Management Process The functionality and repeatability of cybersecurity risk management Integrated Risk Management Program The extent to which cybersecurity is considered in broader risk management decisions External Participation The degree to which the organization: • monitors and manages supply chain risk • benefits my sharing or receiving information from outside parties
  • 20. CIS Controls & Benchmarks • Controls • Similar, though more prescriptive than NIST CSF • Can be mapped to CSF • Benchmarks • Prescriptive steps to apply controls to specific technologies • AWS • Workspaces • Windows/Linux • Other Services
  • 21. CIS Benchmark End User Computing Example
  • 22. CloudWorkload Lifecycle Management Framework • Workload • Architecture • Monitoring • Automation • Processes
  • 23. Workload + Architecture Drives Service Selection • Virtual Machines • AMI • Patching • Multi-threaded/Multi-task • Hours to Months • PerVM/Per Hour • Functions/Services • Code • Versioning • Single-threaded/Single-task • Microseconds to Seconds • Per Memory/Second/Per Request • Containers • Container File • Versioning • Multi-threaded/Single-task • Minutes to Days • PerVM/Per Hour
  • 25. Automation + Processes Drives Lifecycle Management Selection • Organizations • Cross-AccountAsset Management + Governance • ControlTower • Account vending/default standardization • Service Catalog • Workload platform vending/default standardization • CloudFormation • IaC • Ephemeral Compute + API Managed Data/Control Plane for PersistenceTiers • Hands off/Lights out
  • 26. Processes • Patching • Backup/RestoreTesting • FailoverTesting (AZ) • Credential Rotation/CredentialAudit • Event ResponseTesting • Incident ResponseTesting • PerformanceTesting • Performance/Cost Review • Vulnerability/PenetrationTesting
  • 27. Cloud Adoption Framework (CAF) https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/accelerating-business-outcomes.html
  • 28. Cloud Adoption Framework (CAF) • Perspectives • Business • Value Realization • People • Roles & Readiness • Governance • Prioritization & Control • Platform • Applications & Infrastructure • Security • Risk & Compliance • Operations • Manage & Scale
  • 29. Cloud Adoption Framework (CAF) - Capabilities https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html
  • 30. Cloud Adoption Framework (CAF) – Capabilities - Security https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html
  • 31. CAF – Security Perspective • Directive • Account Ownership and contact information • Change and asset management • Least privilege access • Preventive • Identity and access • Infrastructure protection • Data protection • Detective • Logging and monitoring • Asset inventory • Change detection • Responsive • Vulnerabilities • Privilege escalation • DDoS attack
  • 32. Well Architected Framework (WAF) • General • Event-Triggered • Workload-Focused • General Design Principals • Pillars • Design Principals • Best Practices • Lenses
  • 33. WAF – Pillars • Operational Excellence • Security • Reliability • Performance Efficiency • Cost Optimization • Sustainability – New!
  • 34. WAF – Lenses • High Performance Computing (HPC) • Serverless • Internet ofThings (IOT) • Financial Services Industry (FinServ) • FoundationalTechnical Review (FTR) • SaaS • Streaming Media • Machine Learning • SAP • DataAnalytics • Games Industry • Hybrid Networking • Management and Governance –Well Aligned!
  • 35. WAF – General Design Principals • Stop guessing your capacity needs • Test systems at production scale • Automate to make architectural experimentation easier • Allow for evolutionary architectures • Drive architectures using data • Improve through game days
  • 36. WAF – Game Days • Prepare • Is the process/are the processes to be tested during the game day well defined? Is access in place? Has training been performed? • Define • Workload, Personnel, Scenario, Environment, Schedule • Execute • Start, Middle, End • Analyze • Debrief, Examine, Document, Root Cause Analysis (RCA), Correction of Error (CoE)
  • 37. WAF – Security Pillar • Design Principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events • Best Practices • Identity and Access Management • Detection • Infrastructure Protection • Data Protection • Incident Response
  • 38. Let’s tie it all together… https://aws.amazon.com/blogs/security/optimizing-cloud-governance-on-aws-integrating-the-nist-cybersecurity-framework-aws- cloud-adoption-framework-and-aws-well-architected/
  • 40. Identify • Everything on the previous slides 
  • 41. Identify • Audit Manager • Cost Management Services (Individual Services) • Certificate Manager (Public + Private) • Firewall Manager (WAF + Security Groups) • Directory Service + Identity and Access Management (+ Services with their own Policies) • AccessAdvisor,Access Analyzer,Organization Activity • Inspector • Key Management Service + Secrets Manager • Macie • Premium Support +Trusted Advisor + Personal Health Dashboard • Systems Manager • Security Hub + Config + Config Rules • Tags
  • 42. Identify – Organizations • Tag policies • Artifact • Backup • CloudFormation StackSets • CloudTrail • Config • Directory Service • Firewall Manager • Resource Access Manager • Service Catalog • Single Sign-On • Systems Manager
  • 44. Protect • VPC: Security Groups (Stateful Firewall) + NACLs (Stateless Firewall), Network Firewall, DNS Firewall,Gateway Load Balancer • WAF: Layer 7WAF • Shield + AutoScaling + ELB + Cloud Front: DoS/DDoS Protection • VPC:VGW (Point to Point and IPSECConnectivity) + Peering (VPC toVPC Connectivity) + Endpoints (Private Connectivity to AWS Services), ClientVPN (Client toVPC Connectivity) • IAM + Directory Service + SSO: Standalone and Federated AAA • KMS: FIPS 140-2 Certified cryptographic module with integration to various AWS services, provides expiration and ability to provide self-generated cryptographic material • ACM: Public and Private PKI Certificate Authority • Secure Credential Storage: Secrets Manager, Systems Manager • Nitro Enclaves
  • 45. Protect • AWS Auto Scaling: EC2, Dynamo,Aurora Autoscaling • Code Commit/ECS (Image Scanning)/Signer: Secure Application and Artifact Repository + dedicated account • Code Deploy/Systems Manager: “Hands off” OS and configuration management + application deployment • EC2: Systems Manager (OS and above patching + auditing), Amazon Linux 2 Live Patching • AWS Backup: EC2, RDS, EFS, Dynamo Backups + dedicated account • Workspaces: Secure Bastion • CloudFormation + OpsWorks + Elastic Beanstalk: “Hands off” infrastructure management • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention • Host Based Security
  • 47. Detect • Guard Duty • Config: Point in time snapshots of configuration items, Exportable as JSON to idempotent storage • VPC: Flow Logs (NetFlow) + Port Mirroring • CloudWatch Logs: OS and above log management • CloudTrail: AuditTrail, Exportable as JSON to idempotent storage • Cloudfront, ALB andWAF: All log (CloudFront and ALB in S3,WAF in Kinesis) • S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention + dedicated account
  • 49. Respond • Detective • Disk Snapshots • Don’t forget to remove from retention policy • Automated withThreatResponse,GRR • Memory Snapshots • Automated withThreatResponse,GRR,Volatility, Rekall • Logs • Don’t forget to remove from retention policy • Query and Correlate with Athena • Measure
  • 50. Recover • Block Access (WAF, Security Group, ACL, IAM) • Revert to Known Good State (Snapshots,Versioning) • Identify/Correct Root Cause (Logs!) • Rotate Credentials (people and things) • Measure
  • 51. Conclusion • Iterate introduction of your security controls – some in the short term is better than none in the long term. • Detective Controls are just as important as Preventative Controls, they play a significant response in incident detection and response. • Whether your workload is onAWS or not,AWS services can be used to supplement your controls. • There is no lack of frameworks – pick and choose from them to make a framework that works best for your organization’s needs.