New Service launch: SecOps AWS Best Practices Training and Workshop

by UnderDefense

Dec 25, 2018

Max 10min read

Home

5

Blog

We at UnderDefense believe that cybersecurity is a must-have for any successful business. As far as the threat landscape continues to evolve, many customers now demand it more than before. Almost all new companies utilize Cloud for their operations as well as big enterprises.

Recently our Threat Intelligence and SecOps team has designed and delivered a practical Workshop “SecOps AWS workshop” for one of our Gaming clients. And now this training and workshop is available for everyone.

WHO NEEDS IT?

Short answer

  • DevOps,
  • IT Admins,
  • CISOs,
  • Software Engineers,
  • Operations and Support teams,
  • Database administrators,
  • SecOps,
  • Security engineers.

Long answer

It’s very common for a company to suddenly understand that they are growing rapidly and they need to switch to the cloud due to their scalability needs. In such a hectic mode, you may not follow all the security requirements. Also, you may not put security as your priority and chase the best price swapping different cloud providers. However, at one moment you may realize that you are far behind the safety zone and there are many holes because you haven’t started with security in mind from the beginning. Another use case may be that the IT team simply lacks the hands-on experience with implementing security on all levels in the cloud and can not cover all gaps by lacking the experience.

In DevOps there is an idea of Continuous Delivery and Continuous Integration (CI/CD). For Cloud Security you should apply Continuous Security Assurance (CSA).

WHY DO YOU NEED IT?

Together with lots of benefits of using Cloud technologies, there comes an ocean of unknown and new threats. Let us give you some cybersecurity statistics about the main risks that a business faces in the Cloud:

Loss of Data

  • 58% have over 100,000 folders open to everyone (Varonis)
  • 41% of companies have over 1,000 sensitive files open to everyone including credit card numbers and health records left unprotected (Varonis)
  • 21% of all folders are open to everyone (Varonis
  • 95% of cybersecurity breaches are due to human error (Cybint)

Financial loss

  • The most expensive component of a cyber attack is information loss, which represents 43% of costs (Accenture)
  • The average cost of lost/stolen records is $141.00 per individual (Varonis)

Client trust loss

  • The information that apps most often leak are phone numbers 63% and device location 37% (Symantec)
  • Availability risks

Reputational Damage

  • In this case, everything depends on your communication, however, if the breach gets publicized, the reputational damage can be unpredictably big

Compliance violations and regulatory actions

  • GDPR fines, PCI DSS, California Privacy act
  • Data breach requiring disclosure and notification to the victim

To learn more about a world of Cloud, check out the articles where our CEO Nazar Tymoshyk shared his knowledge:

  1. Cloud Security – What you Need to Know
  2. Emerging cloud threats and how to address them

WHAT WILL YOU LEARN?

After 3 days of this intensive learning and hands-on experience, your team will be ready for any of these tasks:

  • Assimilate and leverage the AWS shared security responsibility model.
  • Manage user identity and access management in the AWS cloud. Leverage the least privilege principle with least efforts.
  • Use AWS security services and implement better security controls for your resources.
  • Manage and audit your AWS resources from a security perspective.
  • Utilize Open Source AWS security tools.
  • Monitor and log access and usage of AWS compute, storage, networking, and database.
  • Configuration and monitoring: Log filters and alarms.
  • Identify AWS services and tools to help automate, monitor, and manage security operations on AWS.
  • Perform security incident management, cloud resiliency, and business continuity in the AWS cloud.
  • Worst practices to avoid: Common misconfigurations that lead to data exposure with examples.

To sum up, SecOps AWS training is a short and complex course that gives your IT and security teams understanding and summary of the best methods and tools to keep in mind working with AWS. It is a great opportunity for an IT team, CISO or CIO to benefit from practicing the solutions to the most common traps from a cybersecurity perspective.

In order to get tuned up, we are ready to teach you our SecOps AWS workshop. To get more details, please, contact us.

More from UnderDefense:

Questions about cyber security?

Let’s talk