Back To Schedule
Wednesday, January 25 • 10:30am - 11:20am
AWS Survival Guide

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

An increasing number of organizations are using AWS or are migrating to AWS. Security teams with traditional datacenter security knowledge are trying to catch-up and grasp the new attack surface, security concerns, and develop defensive techniques. Developers are often given the power to deploy infrastructure in ways that were previously restricted without the traditional insight and controls security would normally implement. At the same time, AWS customers are being exploited in ways that are easily preventable but highly damaging to the customer's organization; this fact is well documented.

Fortunately, AWS does provide the technology to harden, monitor, and even recover should an incident occur. Unfortunately, these defensive practices are not widely discussed or well-known amongst both security professionals as well as developers.

In this talk, we discuss harnessing existing AWS functionality to strengthen your organization's AWS infrastructure against practical attacks. Ken will show you what attackers are looking for, how they are finding you, and how to secure your environment. Additionally, attendees will be given code that assists those using AWS in better understanding how their environment's IAM policies are configured and automate tasks like S3 bucket policy review, volume encryption statuses, and security group configurations.

Finally, this talk will delve deep into practical alerting/monitoring and demonstrate implementing notifications that are descriptive and pinpoint active attacks.

AWS Technologies discussed:

- Config
- CloudWatch
- CloudTrail
- *(Other) Security features of other services

avatar for Ken Johnson

Ken Johnson

CTO, nVisium
Ken Johnson, CTO of nVisium, has been hacking web applications professionally for 8 years. Ken is both a breaker and builder and currently leads the nVisium product team. Previously, Ken has spoken at DerbyCon, AppSec USA, RSA, AppSec DC, AppSec California, DevOpsDays DC, LASCON... Read More →

Wednesday January 25, 2017 10:30am - 11:20am PST
Sand and Sea Room