You will earn 4 CPE credits for attending this virtual event
Forum Format: Virtual
Looking for practical guidance on security in the AWS Cloud? Join SANS instructors and other cloud security leaders as they share tactics, techniques, and procedures for operating effectively and securely in the cloud.
This virtual event is based on the recently released book Practical Guide for Security in the AWS Cloud. This book features contributions from over one dozen leading security practitioners that provide you with the foundational knowledge to help develop your cloud security roadmap.
Topics covered in this event include:
10:30 - 10:50 AM EST - Welcome & Keynote
Three Keys for Cloud Security Success
Come learn about three key items that determine cloud security success: identity, monitoring, and automation. Walk away with tips and techniques for implementing these items including free and open source tools as well as cloud provider specific services you can use to build your security capabilities.
10:50 - 11:25 AM EST - AWS - Cloud Security Architecture
Accelerate Your Multi-account AWS Setup Securely with AWS Control Tower and Okta
When expanding your multi-account and multi-role AWS environment, cloud setup and IAM management quickly become cumbersome and complex. In the process of speeding up, organizations can unintentionally undermine security if they have inconsistent or incomplete identity policies. In this session, AWS Sr. Partner Solutions Architect, Nam Le, will walk you through how to quickly and securely scale your cloud infrastructure through Okta integrations with AWS Control Tower.
Join this webcast and learn how to: '
11:25 AM - 12:00 PM EST - SANS - Cloud Security Architecture
Moving Operations to the Cloud '
When an organization moves an application or service from one environment to another without stopping to redesign the application, this is often referred to as 'lift ' and 'shift '. Many organizations, as an initial effort to move applications and services into the cloud, choose this strategy to make the move less painful and more familiar to their existing operating environment. This results in a mainly Infrastructure as a Service (IaaS) hosting environment. Although this is not the most efficient use of cloud, it is still a very common occurrence.
This talk will guide you through some of the nuances that cloud brings to your organization when transitioning from on-premise to an IaaS cloud environment and to better prepare you to defend these, now cloud-hosted, applications and services. Several, of which, are discussed in much greater detail in SEC488: Cloud Security Essentials.
12:00 - 12:10 PM EST - Break
12:10 PM - 12:45 PM EST - AWS - DevSecOps and Security Automation
Security Guardrail based Access Management Strategy for DevOps in AWS
Technology transformation or enterprise modernization is often achieved by adopting a DevOps or DevSecOps operating model to support the business objectives. However, integrating security in a DevOps operating model comes with a number of challenges, which includes changing existing security processes, re-organizing governance structure, and upgrading security guardrails and observability capabilities. To enable fast application deployment and feature enhancements with appropriate security, one of the initial steps is to ensure the access management strategy is aligned to support DevOps. In this session, Somasundaram Subbu, Sr. Category Lead at AWS Marketplace, will describe a framework to increase your confidence in your AWS access management strategy among your application, infrastructure and security leaders. This session will provide a structured approach with common example controls to manage access guardrails and observability capabilities for access management.
12:45 - 1:20 PM EST - SANS - DevSecOps and Security Automation
More Servers, More Problems: How Serverless Changes and Reduces Risk
Security professionals face the daunting challenge of keeping up with constantly changing technology trends. By the time security has a handle on a new programming paradigm, product development has been using it in production for months, if not years. Worse yet, new tech is normally designed with security as an afterthought, introducing risks that will need to be managed rapidly.
Despite all of this, in this presentation, SANS Instructor Brandon Evans will illustrate that Serverless is actually a breath of fresh air for security. Although it might initially seem complex and intimidating, it reduces risk when compared to traditional application architecture by shrinking the customer's portion of the Shared Responsibility Model. Additionally, it empowers security automation that would otherwise be impractical. Overall, as Serverless continues to mature, Brandon argues that it will become the recommended practice from security teams.
1:20 - 1:55 PM EST - AWS - Security Monitoring and Threat Detection
Maturing your Threat Detection and Incident Response in AWS Cloud
To continuously mature your Threat Detection and Incident Response in AWS you need a well thought out strategy that aligns with your business requirements and goals. While there are several tools available in this category, a mature practice requires an integrated framework that combines people, process and technology. In reality, CISOs and Security Operations Managers have to plan their strategy around budget and resource constraints without compromising on business outcomes. In this session we will begin with a high level overview of a mature Threat Detection and Incident Response model in the cloud, and discuss the stages in this maturity model one can target to meet their requirements. We will discuss native AWS security services and third party solutions as part of this model based on how some AWS customers, small to very large enterprises, have successfully implemented their Threat Detection and Incident Response programs.
1:55 - 2:05 PM EST - Break
2:05 - 2:40 PM EST - SANS - Security Monitoring and Threat Detection
Cloud Security Monitoring and Threat Hunting in AWS
In this talk, Shaun McCullough SANS Certified Instructor and author of the brand new class SEC541: Cloud Monitoring and Threat Hunting, will talk about Threat Hunting in a cloud environment. 'We will work through what is Hunting, and how it should be approached for Cloud environments.'then, we will look at some specific threats, and investigate the AWS tools that generate the log data we can use to detect those threats.'services such as CloudTrail, VPC Flow Logs and CloudWatch can be used to collect and analyze the data, while GuardDuty, Config and Inspector have their own detections built in. '
2:40 - 3:25 PM EST - Cloud Security Controls and Services Panel Discussion
Josh Thurston, @JoshT_Thurston, Security Technologist
3:25 - 3:30 PM EST - Closing Remarks