How to stop dreaming about security and start implementing

0 likes308 views

This document provides an overview of how to improve AWS security. It discusses common AWS security problems like publicly accessible buckets and stolen credentials. It recommends starting with a consulting company or security tools to audit compliance. The document then reviews the CIS AWS Benchmark for best practices and configurations. It explains how to implement continuous security monitoring versus periodic auditing. AWS security services like CloudTrail, GuardDuty, and SecurityHub are outlined. Best practices architecture and common lessons learned are also recapped. Estimated costs for implementing these security measures on an AWS account are provided.

Technology

How to stop dreaming
about security and start
implementing
2019 Kromtech

Agenda
- AWS Security problems
- Options to start with …
- AWS Security tools
- AWS CIS Implementation
- Q&A

Intro & speakers
Aleksandr Maklakov
CIO at ZEO Alliance/Kromtech
14 years in IT
MBA
ISO 27001 Internal Auditor
AWS Certified Solutions Architect - Associate
Nazariy Uniyat
IT Security Engineer at Kromtech
8 years in IT

Data breach security trends in cloud
#1 - publicly accessible buckets
#2 - open ports(especially in databases)
#3 - stolen/leaked credentials (access/secret keys) -
cryprominers

Options to start with ...
- Find consulting company
- Find some tools for audit and compliance check
- Find framework/controls

CIS Amazon Web Services Benchmark
Center for Internet Security (CIS) - nonproﬁt organization.
Its mission is to "identify, develop, validate, promote, and
sustain best practice solutions for cyber defense and build and
lead communities to enable an environment of trust in
cyberspace"
Recommended for use by many security vendor and PCI DSS

CIS Amazon Web Services Benchmark
© Sift Security Inc

Continuous audit vs monitoring
Audit
- Owned by External
Company or Internal
Auditor
- Conduct annually (or
often)
- More formal
Monitoring
- Owned by management
team
- On-going process to
ensure processes are
working as intended
- Easely implement
continuous approach

How to stop dreaming about security and start implementing

Lessons
- Lambda Logs
- Encryption S3 logs
- SCP policy only for working regions
- Architecture!

RECAP
- AWS CIS Benchmark as starting point
- AWS Security Services overview (CloudTrail, Macie,
Guard Duty, SecurityHub, etc)
- Best Practices Architecture
- Lessons & Bugs

COST
~ $600/month
~ 200Gb of Logs
~ 17M Events

Links
AWS Security Best Practices
AWS CIS Benchmark
AWS CIS Benchmark Quick Start
AWS CloudTrail
AWS Organizations
Amazon GuardDuty
AWS Security Hub

More Related Content

What's hot (19)

PDF

Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)Priyanka Aash

PPTX

Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber

DOCX

Cloud keybank privacy and owner authorizationPvrtechnologies Nellore

PDF

Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup

DOCX

What is zero trust model of information security?Ahmed Banafa

PDF

How to emrace risk-based Security management in a compliance-driven cultureShahid Shah

PDF

Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec

PDF

What is the Future of SIEM? Elasticsearch

PDF

Forrester no more chewy centers- the zero trust modelCristian Garcia G.

PDF

ATP Technology PillarsPriyanka Aash

PDF

Innovating at speed and scale with implicit securityElasticsearch

PDF

Next-generation enterprise Ethereum managed servicesEugene Aseev

PPTX

Herding Pets and Cattle: Extending Foundational Controls Into the CloudTripwire

PPTX

Zero trust deck 2020Guido Marchetti

PDF

Advantages of privacy by design in IoEMarc Vael

PPTX

Navigating CybersecuritySegun Ebenezer Olaniyan

PPT

Internet Security - Protecting your critical assetsAndre Jankowitz

PDF

Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24

PPTX

Mastering Next Gen SIEM Use Cases (Part 3)DNIF

Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)Priyanka Aash

Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber

Cloud keybank privacy and owner authorizationPvrtechnologies Nellore

Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup

What is zero trust model of information security?Ahmed Banafa

How to emrace risk-based Security management in a compliance-driven cultureShahid Shah

Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec

What is the Future of SIEM? Elasticsearch

Forrester no more chewy centers- the zero trust modelCristian Garcia G.

ATP Technology PillarsPriyanka Aash

Innovating at speed and scale with implicit securityElasticsearch

Next-generation enterprise Ethereum managed servicesEugene Aseev

Herding Pets and Cattle: Extending Foundational Controls Into the CloudTripwire

Zero trust deck 2020Guido Marchetti

Advantages of privacy by design in IoEMarc Vael

Navigating CybersecuritySegun Ebenezer Olaniyan

Internet Security - Protecting your critical assetsAndre Jankowitz

Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24

Mastering Next Gen SIEM Use Cases (Part 3)DNIF

Similar to How to stop dreaming about security and start implementing (20)

PPTX

Automating AWS security and compliance John Varghese

PPTX

CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar

PPTX

AWS Spotlight Series - Modernization and Security with AWSCloudHesive

PPTX

Security on AWSCloudHesive

PPTX

Build and Manage a Highly Secure Cloud Environment on AWS and AzureCloudHesive

PPTX

AWS Cloud SecurityAWS Riyadh User Group

PPTX

Top 10 AWS Security and Compliance best practicesAhmad Khan

PPTX

Security on AWS, 2021 Edition MeetupCloudHesive

PPTX

Security on AWS, 2021 Edition MeetupCloudHesive

PPTX

Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias

PDF

AWS_security_at_scale__From_development_to_production.pdfkantrajnee88

PDF

Security in the cloudReham Maher El-Safarini

PDF

Securing Your Customers Data From Day OneAmazon Web Services LATAM

PDF

AWS Cloud SecurityAmazon Web Services LATAM

PDF

1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM

PDF

Security Best Practices_John HildebrandtHelen Rogers

PPTX

Best Practices in Secure Cloud MigrationCloudHesive

PDF

Introduction to AWS SecurityLalitMohanSharma8

PPTX

Building security from scratchRoman Zelenko

PDF

AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong

Automating AWS security and compliance John Varghese

CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar

AWS Spotlight Series - Modernization and Security with AWSCloudHesive

Security on AWSCloudHesive

Build and Manage a Highly Secure Cloud Environment on AWS and AzureCloudHesive

AWS Cloud SecurityAWS Riyadh User Group

Top 10 AWS Security and Compliance best practicesAhmad Khan

Security on AWS, 2021 Edition MeetupCloudHesive

Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias

AWS_security_at_scale__From_development_to_production.pdfkantrajnee88

Security in the cloudReham Maher El-Safarini

Securing Your Customers Data From Day OneAmazon Web Services LATAM

AWS Cloud SecurityAmazon Web Services LATAM

1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM

Security Best Practices_John HildebrandtHelen Rogers

Best Practices in Secure Cloud MigrationCloudHesive

Introduction to AWS SecurityLalitMohanSharma8

Building security from scratchRoman Zelenko

AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong

More from Aleksandr Maklakov (14)

PDF

GraphQL backend with AWS AppSync & AWS LambdaAleksandr Maklakov

PPTX

AWS Certification from scratchAleksandr Maklakov

PPTX

Chronicle of ReInvent 2019Aleksandr Maklakov

PPTX

Secure perimeter with AWS workspacesAleksandr Maklakov

PPTX

Going Serverless on AWSAleksandr Maklakov

PDF

AWS Security Best PracticesAleksandr Maklakov

PDF

AWS Container servicesAleksandr Maklakov

PPTX

How to implement DevSecOps on AWS for startupsAleksandr Maklakov

PDF

AWS CloudFrontAleksandr Maklakov

PDF

HOW TO DRONE.IO IN CI/CD WORLDAleksandr Maklakov

PDF

Amazon EC2 container serviceAleksandr Maklakov

PDF

Continuous operations in AWSAleksandr Maklakov

PDF

Architecture of NoSQL distributed clusters on AWSAleksandr Maklakov

PDF

Managing users and aws accountsAleksandr Maklakov

GraphQL backend with AWS AppSync & AWS LambdaAleksandr Maklakov

AWS Certification from scratchAleksandr Maklakov

Chronicle of ReInvent 2019Aleksandr Maklakov

Secure perimeter with AWS workspacesAleksandr Maklakov

Going Serverless on AWSAleksandr Maklakov

AWS Security Best PracticesAleksandr Maklakov

AWS Container servicesAleksandr Maklakov

How to implement DevSecOps on AWS for startupsAleksandr Maklakov

AWS CloudFrontAleksandr Maklakov

HOW TO DRONE.IO IN CI/CD WORLDAleksandr Maklakov

Amazon EC2 container serviceAleksandr Maklakov

Continuous operations in AWSAleksandr Maklakov

Architecture of NoSQL distributed clusters on AWSAleksandr Maklakov

Managing users and aws accountsAleksandr Maklakov

Recently uploaded (20)

PDF

Presentation - Vibe Coding The Future of Techyanuarsinggih1

PDF

New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025BookNet Canada

PDF

"AI Transformation: Directions and Challenges", Pavlo ShaternikFwdays

PDF

CIFDAQ Weekly Market Wrap for 11th July 2025CIFDAQ

PDF

Smart Trailers 2025 Update with History and OverviewPaul Menig

PDF

Exolore The Essential AI Tools in 2025.pdfSrinivasan M

PDF

NewMind AI - Journal 100 Insights After The 100th IssueNewMind AI

PDF

Log-Based Anomaly Detection: Enhancing System Reliability with Machine LearningMohammed BEKKOUCHE

PDF

The Builder’s Playbook - 2025 State of AI Report.pdfjeroen339954

PPTX

Q2 FY26 Tableau User Group Leader Quarterly Calllward7

PDF

CIFDAQ Token Spotlight for 9th July 2025CIFDAQ

PDF

Building Real-Time Digital Twins with IBM Maximo & ArcGIS IndoorsSafe Software

PPTX

"Autonomy of LLM Agents: Current State and Future Prospects", Oles` PetrivFwdays

PPTX

WooCommerce Workshop: Bring Your LaptopLaura Hartwig

PPTX

UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst ContentDianaGray10

PDF

Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdfPavel Shukhman

PDF

SWEBOK Guide and Software Services Engineering EducationHironori Washizaki

PDF

Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...AWS Chicago

PPTX

Building Search Using OpenSearch: Limitations and WorkaroundsSease

PPTX

MSP360 Backup Scheduling and Retention Best Practices.pptxMSP360

Presentation - Vibe Coding The Future of Techyanuarsinggih1

New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025BookNet Canada

"AI Transformation: Directions and Challenges", Pavlo ShaternikFwdays

CIFDAQ Weekly Market Wrap for 11th July 2025CIFDAQ

Smart Trailers 2025 Update with History and OverviewPaul Menig

Exolore The Essential AI Tools in 2025.pdfSrinivasan M

NewMind AI - Journal 100 Insights After The 100th IssueNewMind AI

Log-Based Anomaly Detection: Enhancing System Reliability with Machine LearningMohammed BEKKOUCHE

The Builder’s Playbook - 2025 State of AI Report.pdfjeroen339954

Q2 FY26 Tableau User Group Leader Quarterly Calllward7

CIFDAQ Token Spotlight for 9th July 2025CIFDAQ

Building Real-Time Digital Twins with IBM Maximo & ArcGIS IndoorsSafe Software

"Autonomy of LLM Agents: Current State and Future Prospects", Oles` PetrivFwdays

WooCommerce Workshop: Bring Your LaptopLaura Hartwig

UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst ContentDianaGray10

Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdfPavel Shukhman

SWEBOK Guide and Software Services Engineering EducationHironori Washizaki

Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...AWS Chicago

Building Search Using OpenSearch: Limitations and WorkaroundsSease

MSP360 Backup Scheduling and Retention Best Practices.pptxMSP360

How to stop dreaming about security and start implementing

1. How to stop dreaming about security and start implementing 2019 Kromtech

2. Agenda - AWS Security problems - Options to start with … - AWS Security tools - AWS CIS Implementation - Q&A

3. Intro & speakers Aleksandr Maklakov CIO at ZEO Alliance/Kromtech 14 years in IT MBA ISO 27001 Internal Auditor AWS Certified Solutions Architect - Associate Nazariy Uniyat IT Security Engineer at Kromtech 8 years in IT

4. Data breach security trends in cloud #1 - publicly accessible buckets #2 - open ports(especially in databases) #3 - stolen/leaked credentials (access/secret keys) - cryprominers

5. Options to start with ... - Find consulting company - Find some tools for audit and compliance check - Find framework/controls

6. CIS Amazon Web Services Benchmark Center for Internet Security (CIS) - nonproﬁt organization. Its mission is to "identify, develop, validate, promote, and sustain best practice solutions for cyber defense and build and lead communities to enable an environment of trust in cyberspace" Recommended for use by many security vendor and PCI DSS

8. CIS Amazon Web Services Benchmark

9. Continuous audit vs monitoring Audit - Owned by External Company or Internal Auditor - Conduct annually (or often) - More formal Monitoring - Owned by management team - On-going process to ensure processes are working as intended - Easely implement continuous approach

10. Services

11. CloudTrail

12. AWS Conﬁg

15. GuardDuty

17. Macie

22. Security Hub

28. Security Hub Data Sources

29. Enable Them All

31. CloudTrail

36. CloudWatch Logs in Trail

38. AWS Conﬁg

46. Aggregator

55. Guard Duty

59. 111111111111

60. Macie

65. 111111111111

67. Security Hub

72. Lessons - Lambda Logs - Encryption S3 logs - SCP policy only for working regions - Architecture!

73. SUMMARY

74. RECAP - AWS CIS Benchmark as starting point - AWS Security Services overview (CloudTrail, Macie, Guard Duty, SecurityHub, etc) - Best Practices Architecture - Lessons & Bugs

75. COST ~ $600/month ~ 200Gb of Logs ~ 17M Events

76. Links AWS Security Best Practices AWS CIS Benchmark AWS CIS Benchmark Quick Start AWS CloudTrail AWS Organizations Amazon GuardDuty AWS Security Hub

77. Next Steps

78. Incident Management

79. More services Inspector WAF Shield

80. Q&A