Sonatype , profile picture
Uploaded bySonatype
PDF, PPTX1,186 views

Automated Infrastructure Security: Monitoring using FOSS

The document discusses automated infrastructure security monitoring using the ELK stack and AWS Lambda, highlighting the use of Elastalert to defend against SSH brute force attacks. It details the architecture, use cases, and specific implementations to enhance security, including IP whitelisting and real-time logging. The presentation also emphasizes the need for more attack signatures and discusses potential alternatives to the current stack.

Embed presentation

Download as PDF, PPTX
Automated Infrastructure Security Monitoring using FOSS #AllDayDevOps @madhuakula, Automation Ninja Appsecco
About Me ! Automation Ninja at Appsecco Appsecco is a specialist application security company Interested in Security, DevOps & Cloud Found bugs in Google, Microsoft, Yahoo, etc Never ending learner! Follow (or) Tweet to me @madhuakula 2
What we are covering today? ELK stack to analyse and visualise logs in near real­time ElastAlert to create rules to automatically defend against SSH bruteforce attacks AWS Lambda to do this, since our infra is hosted on AWS Python based Chalice framework for using AWS Lambda 3
Architecture 4
Automated Defence Demo Appsecco Automated Infrastructure Security Monitoring Demo (ELK + AWS Lambda) http://bit.ly/addo­aism 5
AWS Lambda ­ Chalice Code https://github.com/appsecco/alldaydevops­aism 6
Security for our AWS Lambda We are primarily doing the following two things 1. A sufficiently random token to protect the request when we post the IP address from ElastAlert 2. Whitelist the IP address of the host where the  HTTP POST  request originates from 7
Use Cases for Automated Defence 1. Automated Defender (Attack Alerts + Automated Firewall) 2. Security Analytics + Reports 3. Near real­time Centralised Log Monitoring 8
Attack Scenario : Wordpress XML­RPC https://blog.appsecco.com/analysing­attacks­on­a­wordpress­xml­rpc­using­an­ elk­stack­3bf25a7e36cc 9
Needs Improvement More attack signatures required For example OSSEC Wazuh Ruleset Improve the ElastAlert Alerter custom code Any suggestions from your side 10
Alternatives to our stack Stack  Elastic  Graylog  TICK Stack  Prometheus + Grafana Serverless  AWS Lambda  Azure Functions  Cloud Functions 11
Our assumptions You are already monitoring in near real­time using the ELK stack You are under attack for a specific service You have configured ElastAlert for your alerting 12
In Summary We created attack threshold rules in ElastAlert We created an AWS Lambda endpoint to be able to modify AWS VPC Network ACLs We have a real­time blocking system infinitely scalable 13
References Blog Post Elastic Elast Alert AWS Lambda Chalice 14
Thanks @madhuakula | @appseccouk | http://appsecco.com

More Related Content

PDF
Prepare to defend thyself with Blue/Green
bySonatype
 
PDF
Static Analysis For Security and DevOps Happiness w/ Justin Collins
bySonatype
 
PDF
There is No Server: Immutable Infrastructure and Serverless Architecture
bySonatype
 
PDF
Serverless security - how to protect what you don't see?
bySqreen
 
PDF
Security as Code: DOES15
byEd Bellis
 
PDF
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
byMatt Raible
 
PDF
Kubernetes security
byThomas Fricke
 
PDF
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
bySonatype
 
Prepare to defend thyself with Blue/Green
bySonatype
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
bySonatype
 
There is No Server: Immutable Infrastructure and Serverless Architecture
bySonatype
 
Serverless security - how to protect what you don't see?
bySqreen
 
Security as Code: DOES15
byEd Bellis
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
byMatt Raible
 
Kubernetes security
byThomas Fricke
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
bySonatype
 

What's hot

PDF
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
byLacework
 
PDF
Policy as code what helm developers need to know about security
byLibbySchulze
 
PDF
DevSecCon London 2017: Hands-on secure software development from design to de...
byDevSecCon
 
PDF
Application Security in a Container World - Akash Mahajan - BCC 2017
byCodeOps Technologies LLP
 
PPTX
DevOps & Security: Here & Now
byCheckmarx
 
PPT
Continuous integration
byAndrey Zhupanenko
 
PDF
Securing your AWS Deployments with Spinnaker and Armory Enterprise
byDevOps.com
 
PDF
The Future of Security and Productivity in Our Newly Remote World
byDevOps.com
 
PDF
Create Disposable Test Environments with Vagrant and Puppet
byGene Gotimer
 
PPTX
Automated Infrastructure Testing
byRanjib Dey
 
PPTX
Third Party Performance (Velocity, 2014)
byGuy Podjarny
 
PDF
Security Patterns for Microservice Architectures - SpringOne 2020
byMatt Raible
 
PDF
Security as Code: A DevSecOps Approach
byVMware Tanzu
 
PDF
System Hardening Using Ansible
bySonatype
 
PDF
Security Patterns for Microservice Architectures - London Java Community 2020
byMatt Raible
 
PPTX
Pipeline your pipelines!
byGiulio Vian
 
PPTX
Shift Left - How to improve your security with checkov before it’s going to p...
byAnton Grübel
 
PDF
Android Tamer: Virtual Machine for Android (Security) Professionals
byAnant Shrivastava
 
PDF
NetflixOSS: The Netflix Way
byDiego Pacheco
 
PDF
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
byFelipe Prado
 
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
byLacework
 
Policy as code what helm developers need to know about security
byLibbySchulze
 
DevSecCon London 2017: Hands-on secure software development from design to de...
byDevSecCon
 
Application Security in a Container World - Akash Mahajan - BCC 2017
byCodeOps Technologies LLP
 
DevOps & Security: Here & Now
byCheckmarx
 
Continuous integration
byAndrey Zhupanenko
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
byDevOps.com
 
The Future of Security and Productivity in Our Newly Remote World
byDevOps.com
 
Create Disposable Test Environments with Vagrant and Puppet
byGene Gotimer
 
Automated Infrastructure Testing
byRanjib Dey
 
Third Party Performance (Velocity, 2014)
byGuy Podjarny
 
Security Patterns for Microservice Architectures - SpringOne 2020
byMatt Raible
 
Security as Code: A DevSecOps Approach
byVMware Tanzu
 
System Hardening Using Ansible
bySonatype
 
Security Patterns for Microservice Architectures - London Java Community 2020
byMatt Raible
 
Pipeline your pipelines!
byGiulio Vian
 
Shift Left - How to improve your security with checkov before it’s going to p...
byAnton Grübel
 
Android Tamer: Virtual Machine for Android (Security) Professionals
byAnant Shrivastava
 
NetflixOSS: The Netflix Way
byDiego Pacheco
 
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
byFelipe Prado
 

Viewers also liked

PPTX
Developing highly scalable applications with Symfony and RabbitMQ
byAlexey Petrov
 
PPTX
CloudStack EU user group - Trillian
byShapeBlue
 
PDF
Linux Malware Analysis
byCysinfo Cyber Security Community
 
PDF
Chicago AWS user group meetup - May 2014 at Cohesive
byAWS Chicago
 
DOC
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
byGaurav Srivastav
 
PDF
Aws + Puppet = Dynamic Scale
byPuppet
 
PPTX
e-Extortion Trends and Defense
byErik Iker
 
PDF
Astricon 2016 - Scaling ARI and Production
byDan Jenkins
 
PPTX
Python Pants Build System for Large Codebases
byAngad Singh
 
PPTX
Apache Ambari: Managing Hadoop and YARN
byHortonworks
 
PDF
Bridging the Gap: Connecting AWS and Kafka
byPengfei (Jason) Li
 
PDF
Powerupcloud - Customer Case Studies
byJonathyan Maas ☁
 
PDF
Platform - Technical architecture
byDavid Rundle
 
PPT
Jake Fox Pd. 5
byLigScience2
 
PDF
Gartner 2017 London: How to re-invent your IT Architecture?
byLeanIX GmbH
 
PPTX
Reversing malware analysis training part2 introduction to windows internals
byCysinfo Cyber Security Community
 
PDF
Application Deployment at UC Riverside
byMichael Kennedy
 
PPT
Docker introduction
byPhuc Nguyen
 
PPTX
Software Architectures, Week 3 - Microservice-based Architectures
byAngelos Kapsimanis
 
PDF
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
byPrecisely
 
Developing highly scalable applications with Symfony and RabbitMQ
byAlexey Petrov
 
CloudStack EU user group - Trillian
byShapeBlue
 
Linux Malware Analysis
byCysinfo Cyber Security Community
 
Chicago AWS user group meetup - May 2014 at Cohesive
byAWS Chicago
 
Gaurav dev ops (AWS, Linux, Automation-ansible, jenkins:CI and CD:Ansible)
byGaurav Srivastav
 
Aws + Puppet = Dynamic Scale
byPuppet
 
e-Extortion Trends and Defense
byErik Iker
 
Astricon 2016 - Scaling ARI and Production
byDan Jenkins
 
Python Pants Build System for Large Codebases
byAngad Singh
 
Apache Ambari: Managing Hadoop and YARN
byHortonworks
 
Bridging the Gap: Connecting AWS and Kafka
byPengfei (Jason) Li
 
Powerupcloud - Customer Case Studies
byJonathyan Maas ☁
 
Platform - Technical architecture
byDavid Rundle
 
Jake Fox Pd. 5
byLigScience2
 
Gartner 2017 London: How to re-invent your IT Architecture?
byLeanIX GmbH
 
Reversing malware analysis training part2 introduction to windows internals
byCysinfo Cyber Security Community
 
Application Deployment at UC Riverside
byMichael Kennedy
 
Docker introduction
byPhuc Nguyen
 
Software Architectures, Week 3 - Microservice-based Architectures
byAngelos Kapsimanis
 
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
byPrecisely
 

Similar to Automated Infrastructure Security: Monitoring using FOSS

PDF
Automating Security in Cloud Workloads with DevSecOps
byKristana Kane
 
PPTX
AWS Security Architecture - Overview
bySai Kesavamatham
 
PDF
Advanced Security Automation Made Simple
byMark Nunnikhoven
 
PPTX
Automating AWS security and compliance
byJohn Varghese
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
PDF
Shared Responsibility In Action
byMark Nunnikhoven
 
PPTX
5 minutes on security
byCloudHesive
 
PPTX
AWS Lambda Security Inside & Out
byPureSec
 
PDF
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
byapidays
 
PPTX
Security Risk Advisors - BSides PGH 2018 - Red Team SIEM
byDouglas Webster
 
PDF
Threat stack aws
byJen Andre
 
PDF
Pragmatic Cloud Security Automation
byCloudVillage
 
PDF
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
byAWS Chicago
 
PPTX
Stephen Sadowski - Securely automating infrastructure in the cloud
byDevSecCon
 
PPTX
Automating your AWS Security Operations
byEvident.io
 
PDF
Serverless Security Automation on AWS - Hamburg AWS User Group
byDennis Traub
 
PPTX
Cloud Security (AWS)
byScott Arveseth
 
PPTX
Ghost Environment
byPratipD
 
PDF
Practical AWS Security - Scott Hogg
byTrish McGinity, CCSK
 
PDF
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
byAlgoSec
 
Automating Security in Cloud Workloads with DevSecOps
byKristana Kane
 
AWS Security Architecture - Overview
bySai Kesavamatham
 
Advanced Security Automation Made Simple
byMark Nunnikhoven
 
Automating AWS security and compliance
byJohn Varghese
 
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
Shared Responsibility In Action
byMark Nunnikhoven
 
5 minutes on security
byCloudHesive
 
AWS Lambda Security Inside & Out
byPureSec
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
byapidays
 
Security Risk Advisors - BSides PGH 2018 - Red Team SIEM
byDouglas Webster
 
Threat stack aws
byJen Andre
 
Pragmatic Cloud Security Automation
byCloudVillage
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
byAWS Chicago
 
Stephen Sadowski - Securely automating infrastructure in the cloud
byDevSecCon
 
Automating your AWS Security Operations
byEvident.io
 
Serverless Security Automation on AWS - Hamburg AWS User Group
byDennis Traub
 
Cloud Security (AWS)
byScott Arveseth
 
Ghost Environment
byPratipD
 
Practical AWS Security - Scott Hogg
byTrish McGinity, CCSK
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
byAlgoSec
 

More from Sonatype

PPTX
DevOps Days Columbus - Derek Weeks - 2019
bySonatype
 
PDF
2019 DevSecOps Reference Architectures
bySonatype
 
PDF
RSAC DevSecOpsDays 2018 - We are all Equifax
bySonatype
 
PPTX
DevSecOps reference architectures 2018
bySonatype
 
PDF
30+ Nexus Integrations to Accelerate DevOps
bySonatype
 
PDF
2017 DevSecOps Survey
bySonatype
 
PPTX
Starting and Scaling DevOps In the Enterprise
bySonatype
 
PPTX
DevOps Friendly Doc Publishing for APIs & Microservices
bySonatype
 
PDF
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
bySonatype
 
PPTX
DevOps and All the Continuouses w/ Helen Beal
bySonatype
 
PDF
Serverless and the Way Forward
bySonatype
 
PDF
A Small Association's Journey to DevOps w/ Edward Ruiz
bySonatype
 
PDF
What's My Security Policy Doing to My Help Desk w/ Chris Swan
bySonatype
 
PDF
Getting out of the Job Jungle with Jenkins
bySonatype
 
PDF
Modern Infrastructure Automation
bySonatype
 
PDF
Continuous Everyone: Engaging People Across the Continuous Pipeline
bySonatype
 
PDF
The Road to Continuous Deployment
bySonatype
 
PDF
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...
bySonatype
 
PDF
I, For One, Welcome Our New Robot Overlords
bySonatype
 
PDF
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...
bySonatype
 
DevOps Days Columbus - Derek Weeks - 2019
bySonatype
 
2019 DevSecOps Reference Architectures
bySonatype
 
RSAC DevSecOpsDays 2018 - We are all Equifax
bySonatype
 
DevSecOps reference architectures 2018
bySonatype
 
30+ Nexus Integrations to Accelerate DevOps
bySonatype
 
2017 DevSecOps Survey
bySonatype
 
Starting and Scaling DevOps In the Enterprise
bySonatype
 
DevOps Friendly Doc Publishing for APIs & Microservices
bySonatype
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
bySonatype
 
DevOps and All the Continuouses w/ Helen Beal
bySonatype
 
Serverless and the Way Forward
bySonatype
 
A Small Association's Journey to DevOps w/ Edward Ruiz
bySonatype
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
bySonatype
 
Getting out of the Job Jungle with Jenkins
bySonatype
 
Modern Infrastructure Automation
bySonatype
 
Continuous Everyone: Engaging People Across the Continuous Pipeline
bySonatype
 
The Road to Continuous Deployment
bySonatype
 
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...
bySonatype
 
I, For One, Welcome Our New Robot Overlords
bySonatype
 
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...
bySonatype
 

Recently uploaded

PDF
DSD-INT 2025 Validation of SFINCS on Historical River Floods at the Global Sc...
byDeltares
 
PDF
inSis suite - Digital Maintenance Logbooks
byKondapi V Siva Rama Brahmam
 
PDF
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
PDF
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
PDF
SiyanoAV 20GB Cloud Backup & Antivirus Protection
bysunilsiyanoav
 
PDF
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
PDF
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
PPTX
Zoho Commerce Empowers Modern Businesses.pptx
byNaestinn
 
PDF
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
PDF
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
PPTX
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
PDF
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
PPTX
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
PDF
W2Authentication and Social Engineering.pdf
bySyedShahbazRxa
 
PDF
An Agent Walks Into a Bar... and Meets Another Agent: Multi-Agent Systems in ...
byMaxim Salnikov
 
PDF
DSD-INT 2025 Modelling the effect of wetlands on hydrodynamics in SFINCS-Snap...
byDeltares
 
PDF
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
PDF
7 Levels of a Web Performance Journey @ Google DevFest Brooklyn 2025
bySergeyChernyshev
 
PDF
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
PDF
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 
DSD-INT 2025 Validation of SFINCS on Historical River Floods at the Global Sc...
byDeltares
 
inSis suite - Digital Maintenance Logbooks
byKondapi V Siva Rama Brahmam
 
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
SiyanoAV 20GB Cloud Backup & Antivirus Protection
bysunilsiyanoav
 
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
Zoho Commerce Empowers Modern Businesses.pptx
byNaestinn
 
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
W2Authentication and Social Engineering.pdf
bySyedShahbazRxa
 
An Agent Walks Into a Bar... and Meets Another Agent: Multi-Agent Systems in ...
byMaxim Salnikov
 
DSD-INT 2025 Modelling the effect of wetlands on hydrodynamics in SFINCS-Snap...
byDeltares
 
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
7 Levels of a Web Performance Journey @ Google DevFest Brooklyn 2025
bySergeyChernyshev
 
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 

Automated Infrastructure Security: Monitoring using FOSS