At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Best Practices to Mitigate from the Emerging Vectors of Network AttackAmazon Web Services
Â
This document discusses best practices for mitigating attacks from emerging network threats. It covers common attack types and trends seen in Q1 2020, including a 23% increase in total attacks and the largest attack reaching 2.3 terabits per second. The document compares traditional challenge of DDoS mitigation with AWS's approach, highlighting how AWS Shield Standard and Advanced provide pre-configured, automated protection against DDoS and application layer attacks without requiring changes to applications. It also shows how AWS WAF integrates with CloudFront to inspect and filter web requests.
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
Â
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security Services
In this session you will learn how to build a self-defending border to protect your Internet-facing applications. We will show you how you can automatically respond to the dynamic threats facing online assets by using our managed threat detection services combined with information from applications.
Shane Baldacchino, Solutions Architect, Amazon Web Services
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Amazon Web Services
Â
In this session, we'll walk through the fundamentals of Amazon VPC, including: build-out, design details, picking your IP space, subnetting, routing, security and NAT. Then, we'll look at different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This session is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with Amazon VPC.
The document discusses network design and capabilities for Amazon VPC. It provides an overview of VPC functionality including creating an internet-connected VPC with subnets in different Availability Zones and assigning IP address ranges and routing. It also covers security groups, connecting VPCs through peering or to on-premises networks using VPN or AWS Direct Connect, and restricting internet access through routing or NAT gateways.
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Amazon Web Services
Â
This document discusses AWS services for threat detection and response. It begins with an introduction and overview of challenges around threat detection. It then describes AWS services that provide log and activity data for detection. These include GuardDuty and Macie which use machine learning for intelligent detection. Security Hub provides a centralized view of findings. Services like CloudWatch Events and Lambda can be used to automate response actions. The document outlines typical attacker lifecycles and example GuardDuty findings. It provides high-level and detailed playbooks for using AWS services in a threat detection and response workflow.
Continuous security monitoring and threat detection with AWS services - SEC20...Amazon Web Services
Â
This document discusses continuous security monitoring and threat detection using AWS services. It describes how AWS services like GuardDuty, Macie, and Security Hub use machine learning to detect threats in customer environments by analyzing log data and security findings. It also discusses how to build threat detection solutions using these services and how to automate threat response using services like Lambda, CloudWatch Events, and Systems Manager.
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
Â
This document discusses strategies for protecting applications from DDoS and bot attacks using AWS and F5 technologies. It outlines common external threats such as SQL injection and SYN floods. It then describes AWS services like Shield Standard, Shield Advanced, WAF, and Firewall Manager that provide detection, mitigation and protection capabilities. The benefits of these services include automatic protection, custom rule creation, access to response teams, and central management. It also outlines F5's managed security solutions for bot protection, threat intelligence and firewall management that are designed for multi-cloud environments.
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksAmazon Web Services
Â
Learning Objectives:
- Using the new AWS Shield Advanced for EC2 to protect your internet-facing game servers
- How to build an architecture best suited for your title
- Best Practices Checklist for your new release
Best Practices to Mitigate from the Emerging Vectors of Network AttackAmazon Web Services
Â
This document discusses best practices for mitigating attacks from emerging network threats. It covers common attack types and trends seen in Q1 2020, including a 23% increase in total attacks and the largest attack reaching 2.3 terabits per second. The document compares traditional challenge of DDoS mitigation with AWS's approach, highlighting how AWS Shield Standard and Advanced provide pre-configured, automated protection against DDoS and application layer attacks without requiring changes to applications. It also shows how AWS WAF integrates with CloudFront to inspect and filter web requests.
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
Â
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security Services
In this session you will learn how to build a self-defending border to protect your Internet-facing applications. We will show you how you can automatically respond to the dynamic threats facing online assets by using our managed threat detection services combined with information from applications.
Shane Baldacchino, Solutions Architect, Amazon Web Services
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Amazon Web Services
Â
In this session, we'll walk through the fundamentals of Amazon VPC, including: build-out, design details, picking your IP space, subnetting, routing, security and NAT. Then, we'll look at different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This session is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with Amazon VPC.
The document discusses network design and capabilities for Amazon VPC. It provides an overview of VPC functionality including creating an internet-connected VPC with subnets in different Availability Zones and assigning IP address ranges and routing. It also covers security groups, connecting VPCs through peering or to on-premises networks using VPN or AWS Direct Connect, and restricting internet access through routing or NAT gateways.
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Amazon Web Services
Â
This document discusses AWS services for threat detection and response. It begins with an introduction and overview of challenges around threat detection. It then describes AWS services that provide log and activity data for detection. These include GuardDuty and Macie which use machine learning for intelligent detection. Security Hub provides a centralized view of findings. Services like CloudWatch Events and Lambda can be used to automate response actions. The document outlines typical attacker lifecycles and example GuardDuty findings. It provides high-level and detailed playbooks for using AWS services in a threat detection and response workflow.
Continuous security monitoring and threat detection with AWS services - SEC20...Amazon Web Services
Â
This document discusses continuous security monitoring and threat detection using AWS services. It describes how AWS services like GuardDuty, Macie, and Security Hub use machine learning to detect threats in customer environments by analyzing log data and security findings. It also discusses how to build threat detection solutions using these services and how to automate threat response using services like Lambda, CloudWatch Events, and Systems Manager.
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
Â
This document discusses strategies for protecting applications from DDoS and bot attacks using AWS and F5 technologies. It outlines common external threats such as SQL injection and SYN floods. It then describes AWS services like Shield Standard, Shield Advanced, WAF, and Firewall Manager that provide detection, mitigation and protection capabilities. The benefits of these services include automatic protection, custom rule creation, access to response teams, and central management. It also outlines F5's managed security solutions for bot protection, threat intelligence and firewall management that are designed for multi-cloud environments.
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksAmazon Web Services
Â
Learning Objectives:
- Using the new AWS Shield Advanced for EC2 to protect your internet-facing game servers
- How to build an architecture best suited for your title
- Best Practices Checklist for your new release
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
Â
With Amazon Virtual Private Cloud (Amazon VPC) you can build your own virtual data center networks in seconds. Every VPC is free, but it comes with enterprise-grade capabilities that would cost millions of dollars in a traditional data center. How is this possible? Come hear how Amazon VPC works under the hood. We uncover how we use Amazon-designed hardware to deliver high-assurance security and ultra-fast performance that makes the speed of light feel slow. Leave with insights and tips for how to optimize your own applications, and even whole organizations, to deliver faster than ever.
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
Â
In this session, we first cover build-out and design fundamentals for VPCs, including selecting your IP space, subnetting, routing, security, and more. We then discuss different approaches and scenarios for connecting your VPC to your data center with AWS VPN or AWS Direct Connect. Throughout this presentation, we discuss our latest networking services and updates, including AWS Transit Gateway and AWS PrivateLink. This mid-level architecture discussion is for architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how to connect VPCs with your offices and data center footprint.
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...Amazon Web Services
Â
Rebeker Choi, Solutions Architect, AWS
In this session you will learn how to build a self-defending border to protect your Internet-facing applications. We will show you how you can deal with the dynamic threats facing online assets by using our managed threat detection services combined with information from applications.
Products & Services: AWS WAF, AWS Shield, Amazon CloudFront, ELB, VPC, AWS Lambda, AWS Certificate Manager, Amazon Inspector, EC2 System Manager.
This document discusses how to protect web applications from DDoS attacks on AWS. It covers the types and trends of DDoS threats, best practices for web architecture, and AWS security services like AWS Shield, AWS WAF, and Firewall Manager that provide built-in and customizable DDoS mitigation. It also includes a demo and discusses pricing models for AWS DDoS protection services.
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionAmazon Web Services
Â
There are four common challenges that CISOs and their security teams struggle with even in the most secure and mature organizational datacenters: visibility, resilience, defense-in-depth, and automation. Learn how these challenges become benefits when using the AWS Cloud and why cybersecurity is becoming a driving force behind commercial cloud adoption.
CIOs, CISOs, technical managers, senior architects and engineers new to AWS, and technically savvy business managers are invited to this session are invited to explore key technical concepts and capabilities to meet business security and compliance objectives.
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
Â
AWS GovCloud (US) is an isolated AWS region designated to allow US government agencies and organizations in highly-regulated industries to move sensitive data and regulated IT workloads to the cloud by addressing their specific regulatory and compliance requirements. These organizations are increasingly integrating SaaS technologies into their IT environments; however, they often require SaaS products to address the same compliance features of the GovCloud region. This session will discuss how SaaS vendors should approach migrating to GovCloud (US), key architecture, compliance and operational considerations and best practices for bringing a SaaS product on GovCloud (US) to market. This session also shows you how to meet acquisition and procurement policies with AWS Marketplace for AWS GovCloud (US).
This document provides an overview of AWS networking fundamentals including VPC concepts such as IP addressing, subnets, routing, security groups, and connecting VPCs. It discusses choosing IP address ranges and creating subnets across availability zones. It also covers routing and traffic flow, DNS options, network security using security groups and network ACLs, and VPC flow logs. Methods for connecting VPCs like VPC peering, Transit Gateway, VPN connections, and Direct Connect are also summarized.
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
Â
Whether you are part of a large organization moving your applications to the cloud, or a new application owner just getting started, you always need a baseline security for your web applications. In addition, large organizations with common security requirements frequently need to standardize their security posture across many applications. With compliance initiatives, such as PCI, OFAC, and GDPR, there is a need to effectively manage this posture with minimal error. In this session, learn how to use services like AWS WAF, AWS Shield, and AWS Firewall Manager to deploy and manage rules and protections uniformly across many accounts and resources. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
Â
Speaker: Andrew Kane, AWS
Level: 300/400
Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as AWS Web Application Firewall, AWS Shield, AWS CloudWatch, and more. You will also learn how to use Lambda functions to automate event response and integrate with your security operations tools.
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWSAmazon Web Services
Â
Strengthening the security of federal networks, systems, and data is one of the most important challenges we face as a nation. The Office of Management and Budget (OMB) issued guidance that all federal agencies must establish information exchanges between their dashboards and the central federal dashboard. To assist in this requirement, we explore how agencies can implement a continuous diagnostics and mitigation (CDM) program using AWS. Topics include AWS services that map to CDM requirements; how to enforce compliance with standards; ways to provide visibility into current and actual states; how to centralize service data to build a dashboard; and how to create a chief information officer FISMA dashboard using AWS native services.
This document provides an overview of Amazon Virtual Private Clouds (VPC) and networking fundamentals on AWS. It discusses key VPC concepts like IP addressing, subnets, routing, security groups, network access control lists and internet connectivity. It also covers options for connecting VPCs like VPC peering and the AWS Transit Gateway which allows connections between multiple VPCs and on-premises networks.
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitAmazon Web Services
Â
The document discusses Amazon Virtual Private Cloud (VPC) networking concepts such as IP addressing, subnets, routing, security groups, network access control lists, DNS, internet connectivity, connecting VPCs, and connecting to on-premises networks. It provides examples and explanations of how to configure these VPC networking features on AWS.
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitAmazon Web Services
Â
Networking is the foundation supporting many applications and services on AWS. As such, it is one of the first and most important things to consider when architecting with AWS. In this session, we discuss planning for your advanced AWS networking architectures.
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...Amazon Web Services
Â
The document provides an overview of Amazon Virtual Private Clouds (VPCs) and connectivity options. It begins with a basic walkthrough of setting up an internet-connected VPC, including choosing an IP address range, creating subnets, adding a route to the internet, and configuring security groups. It then discusses additional connectivity options such as private subnets, VPC peering, VPN connections, and VPC endpoints. The document is intended to help users understand fundamental VPC concepts and how to configure basic network connectivity and security.
Edge immersion days module 2 - protect your application at the edge using a...RoiElbaz1
Â
The document discusses Amazon Web Services' (AWS) cloud-native protections against distributed denial-of-service (DDoS) attacks and web application threats. It describes AWS WAF for inspecting and mitigating layer 7 attacks, AWS Shield Standard for automatic protection against common network attacks, and AWS Shield Advanced for additional detection and monitoring capabilities. The document also provides an overview of DDoS trends, the benefits of a cloud-native defense approach, and example customer implementations of AWS WAF and Shield services.
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesTom Laszewski
Â
Application modernization projects with AWS start with creating an AWS Landing Zone. Based on AWS best practices, AWS Landing Zones help ensure a secure, performant, highly available, and cost-efficient AWS environment. Common hybrid cloud use cases, such as cloud migration, data center extension, disaster recovery, cloud bursting, and edge computing, require data integration, operations management and monitoring, security, and networking as the foundational components of a hybrid cloud architecture. In this session, we dive deep on the networking, security, account management structure, operating management, and monitoring best practices to build your own AWS Landing Zone that can be extended into your data center. AWS partner, GreenPages, demonstrates a repeatable hybrid cloud architecture to secure, manage, and integrate your network across on-premises and multiple AWS regions using an AWS Landing Zone. AWS customer, Finch Therapeutics, then discusses how the company utilized the GreenPages hybrid cloud reference implementation to deploy, secure, and manage its hybrid cloud environment.
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
Â
In this chalk talk, we cover a number of AWS services involved with threat detection and mitigation, and we walk through some real-world threat scenarios. We discuss the threat detection capabilities of Amazon GuardDuty, Amazon Macie, AWS Config, and the available remediation options. For each scenario, we review methods to remediate the threat using the following services: AWS CloudFormation, Amazon S3, AWS CloudTrail, Amazon VPC Flow Logs, Amazon CloudWatch Events, Amazon SNS, Amazon Macie, DNS logs, AWS Lambda, AWS Config, Amazon Inspector and, of course, Amazon GuardDuty. Come with your questions on threat detection on AWS.
AWS SSA Webinar 11 - Getting started on AWS: SecurityCobus Bernard
Â
In this session, we will take a deeper look at the security services and features available on AWS. We will look at how Identity and Access Management (IAM) works by covering IAM users, policies, roles, groups. We will also look at AWS Security groups and how they are applied to the different infrastructure components, e.g. Amazon EC2 instances, Load Balancers, Databases (via Amazon RDS). Lastly, we will take a quick look at Amazon Certificate Manager for SSL certificates and mention additional services like Amazon Detective, GuardDuty, Macie, WAF.
"What does it really mean for your system to be available, or how to define w...Fwdays
Â
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
"Microservices and multitenancy - how to serve thousands of databases in one ...Fwdays
Â
Imagine you are designing a B2B service that will serve millions of businesses. This service will have dozens of different microservices with their own data, which can contain millions of records. How do you design such a database? Why is sharding not always the answer? What other options are there for such an architectural solution?
I'll tell you how we at Uspacy came to serve thousands of small databases instead of a few large ones, what we've encountered and what we plan to face)
More Related Content
Similar to "Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
Â
With Amazon Virtual Private Cloud (Amazon VPC) you can build your own virtual data center networks in seconds. Every VPC is free, but it comes with enterprise-grade capabilities that would cost millions of dollars in a traditional data center. How is this possible? Come hear how Amazon VPC works under the hood. We uncover how we use Amazon-designed hardware to deliver high-assurance security and ultra-fast performance that makes the speed of light feel slow. Leave with insights and tips for how to optimize your own applications, and even whole organizations, to deliver faster than ever.
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
Â
In this session, we first cover build-out and design fundamentals for VPCs, including selecting your IP space, subnetting, routing, security, and more. We then discuss different approaches and scenarios for connecting your VPC to your data center with AWS VPN or AWS Direct Connect. Throughout this presentation, we discuss our latest networking services and updates, including AWS Transit Gateway and AWS PrivateLink. This mid-level architecture discussion is for architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how to connect VPCs with your offices and data center footprint.
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...Amazon Web Services
Â
Rebeker Choi, Solutions Architect, AWS
In this session you will learn how to build a self-defending border to protect your Internet-facing applications. We will show you how you can deal with the dynamic threats facing online assets by using our managed threat detection services combined with information from applications.
Products & Services: AWS WAF, AWS Shield, Amazon CloudFront, ELB, VPC, AWS Lambda, AWS Certificate Manager, Amazon Inspector, EC2 System Manager.
This document discusses how to protect web applications from DDoS attacks on AWS. It covers the types and trends of DDoS threats, best practices for web architecture, and AWS security services like AWS Shield, AWS WAF, and Firewall Manager that provide built-in and customizable DDoS mitigation. It also includes a demo and discusses pricing models for AWS DDoS protection services.
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionAmazon Web Services
Â
There are four common challenges that CISOs and their security teams struggle with even in the most secure and mature organizational datacenters: visibility, resilience, defense-in-depth, and automation. Learn how these challenges become benefits when using the AWS Cloud and why cybersecurity is becoming a driving force behind commercial cloud adoption.
CIOs, CISOs, technical managers, senior architects and engineers new to AWS, and technically savvy business managers are invited to this session are invited to explore key technical concepts and capabilities to meet business security and compliance objectives.
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
Â
AWS GovCloud (US) is an isolated AWS region designated to allow US government agencies and organizations in highly-regulated industries to move sensitive data and regulated IT workloads to the cloud by addressing their specific regulatory and compliance requirements. These organizations are increasingly integrating SaaS technologies into their IT environments; however, they often require SaaS products to address the same compliance features of the GovCloud region. This session will discuss how SaaS vendors should approach migrating to GovCloud (US), key architecture, compliance and operational considerations and best practices for bringing a SaaS product on GovCloud (US) to market. This session also shows you how to meet acquisition and procurement policies with AWS Marketplace for AWS GovCloud (US).
This document provides an overview of AWS networking fundamentals including VPC concepts such as IP addressing, subnets, routing, security groups, and connecting VPCs. It discusses choosing IP address ranges and creating subnets across availability zones. It also covers routing and traffic flow, DNS options, network security using security groups and network ACLs, and VPC flow logs. Methods for connecting VPCs like VPC peering, Transit Gateway, VPN connections, and Direct Connect are also summarized.
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
Â
Whether you are part of a large organization moving your applications to the cloud, or a new application owner just getting started, you always need a baseline security for your web applications. In addition, large organizations with common security requirements frequently need to standardize their security posture across many applications. With compliance initiatives, such as PCI, OFAC, and GDPR, there is a need to effectively manage this posture with minimal error. In this session, learn how to use services like AWS WAF, AWS Shield, and AWS Firewall Manager to deploy and manage rules and protections uniformly across many accounts and resources. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
Â
Speaker: Andrew Kane, AWS
Level: 300/400
Security professionals and full-stack engineers will learn how to defend against distributed denial of service (DDoS) attacks and web application exploits by using automation to monitor activity, configure rate limiting, and deploy network filtering rules. You will become an expert in advanced techniques to help you protect and monitor your AWS networks and resources using services such as AWS Web Application Firewall, AWS Shield, AWS CloudWatch, and more. You will also learn how to use Lambda functions to automate event response and integrate with your security operations tools.
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWSAmazon Web Services
Â
Strengthening the security of federal networks, systems, and data is one of the most important challenges we face as a nation. The Office of Management and Budget (OMB) issued guidance that all federal agencies must establish information exchanges between their dashboards and the central federal dashboard. To assist in this requirement, we explore how agencies can implement a continuous diagnostics and mitigation (CDM) program using AWS. Topics include AWS services that map to CDM requirements; how to enforce compliance with standards; ways to provide visibility into current and actual states; how to centralize service data to build a dashboard; and how to create a chief information officer FISMA dashboard using AWS native services.
This document provides an overview of Amazon Virtual Private Clouds (VPC) and networking fundamentals on AWS. It discusses key VPC concepts like IP addressing, subnets, routing, security groups, network access control lists and internet connectivity. It also covers options for connecting VPCs like VPC peering and the AWS Transit Gateway which allows connections between multiple VPCs and on-premises networks.
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitAmazon Web Services
Â
The document discusses Amazon Virtual Private Cloud (VPC) networking concepts such as IP addressing, subnets, routing, security groups, network access control lists, DNS, internet connectivity, connecting VPCs, and connecting to on-premises networks. It provides examples and explanations of how to configure these VPC networking features on AWS.
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitAmazon Web Services
Â
Networking is the foundation supporting many applications and services on AWS. As such, it is one of the first and most important things to consider when architecting with AWS. In this session, we discuss planning for your advanced AWS networking architectures.
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...Amazon Web Services
Â
The document provides an overview of Amazon Virtual Private Clouds (VPCs) and connectivity options. It begins with a basic walkthrough of setting up an internet-connected VPC, including choosing an IP address range, creating subnets, adding a route to the internet, and configuring security groups. It then discusses additional connectivity options such as private subnets, VPC peering, VPN connections, and VPC endpoints. The document is intended to help users understand fundamental VPC concepts and how to configure basic network connectivity and security.
Edge immersion days module 2 - protect your application at the edge using a...RoiElbaz1
Â
The document discusses Amazon Web Services' (AWS) cloud-native protections against distributed denial-of-service (DDoS) attacks and web application threats. It describes AWS WAF for inspecting and mitigating layer 7 attacks, AWS Shield Standard for automatic protection against common network attacks, and AWS Shield Advanced for additional detection and monitoring capabilities. The document also provides an overview of DDoS trends, the benefits of a cloud-native defense approach, and example customer implementations of AWS WAF and Shield services.
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesTom Laszewski
Â
Application modernization projects with AWS start with creating an AWS Landing Zone. Based on AWS best practices, AWS Landing Zones help ensure a secure, performant, highly available, and cost-efficient AWS environment. Common hybrid cloud use cases, such as cloud migration, data center extension, disaster recovery, cloud bursting, and edge computing, require data integration, operations management and monitoring, security, and networking as the foundational components of a hybrid cloud architecture. In this session, we dive deep on the networking, security, account management structure, operating management, and monitoring best practices to build your own AWS Landing Zone that can be extended into your data center. AWS partner, GreenPages, demonstrates a repeatable hybrid cloud architecture to secure, manage, and integrate your network across on-premises and multiple AWS regions using an AWS Landing Zone. AWS customer, Finch Therapeutics, then discusses how the company utilized the GreenPages hybrid cloud reference implementation to deploy, secure, and manage its hybrid cloud environment.
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
Â
In this chalk talk, we cover a number of AWS services involved with threat detection and mitigation, and we walk through some real-world threat scenarios. We discuss the threat detection capabilities of Amazon GuardDuty, Amazon Macie, AWS Config, and the available remediation options. For each scenario, we review methods to remediate the threat using the following services: AWS CloudFormation, Amazon S3, AWS CloudTrail, Amazon VPC Flow Logs, Amazon CloudWatch Events, Amazon SNS, Amazon Macie, DNS logs, AWS Lambda, AWS Config, Amazon Inspector and, of course, Amazon GuardDuty. Come with your questions on threat detection on AWS.
AWS SSA Webinar 11 - Getting started on AWS: SecurityCobus Bernard
Â
In this session, we will take a deeper look at the security services and features available on AWS. We will look at how Identity and Access Management (IAM) works by covering IAM users, policies, roles, groups. We will also look at AWS Security groups and how they are applied to the different infrastructure components, e.g. Amazon EC2 instances, Load Balancers, Databases (via Amazon RDS). Lastly, we will take a quick look at Amazon Certificate Manager for SSL certificates and mention additional services like Amazon Detective, GuardDuty, Macie, WAF.
Similar to "Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk (20)
"What does it really mean for your system to be available, or how to define w...Fwdays
Â
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
"Microservices and multitenancy - how to serve thousands of databases in one ...Fwdays
Â
Imagine you are designing a B2B service that will serve millions of businesses. This service will have dozens of different microservices with their own data, which can contain millions of records. How do you design such a database? Why is sharding not always the answer? What other options are there for such an architectural solution?
I'll tell you how we at Uspacy came to serve thousands of small databases instead of a few large ones, what we've encountered and what we plan to face)
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
Â
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
"NATO Hackathon Winner: AI-Powered Drug Search", Taras KlobaFwdays
Â
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
"Black Monday: The Story of 5.5 Hours of Downtime", Dmytro DziubenkoFwdays
Â
We will explore the most significant incident in our product's history. We'll discuss the causes that led to the failure, how our team responded, and the measures we took to prevent future incidents. Special attention will be paid to identifying the root cause of the incident and the role of the VACUUM mechanism in PostgreSQL.
"Reaching 3_000_000 HTTP requests per second — conclusions from participation...Fwdays
Â
In this talk, we will get acquainted with TechEmpower Web Framework Benchmarks, consider generalized (programming language-independent) approaches to optimizing a web application and its environment to achieve extreme loads, and most importantly, how some of these things can be applied in practice in your projects.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Â
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
"Choosing proper type of scaling", Olena SyrotaFwdays
Â
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
"What I learned through reverse engineering", Yuri ArtiukhFwdays
Â
In recent years, I have gained most of my knowledge through reverse engineering, how I did it and what I learned during this period, I decided to share. All this concerns graphic programming, performance, best practices in the frontend.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
Â
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
"Micro frontends: Unbelievably true life story", Dmytro PavlovFwdays
Â
A real life story about the experience of using Micro frontends in an existing Enterprise product. Problems and their solutions on the way from the integration of a separate component to an extensible No-code platform.
"Objects validation and comparison using runtime types (io-ts)", Oleksandr SuhakFwdays
Â
A common task in modern JS is parsing, validating and then comparing JSON objects. In this talk I will quickly go through most common ways to parse/validate and compare objects we use today and then focus more on how runtime types (based on io-ts) can help make such tasks easier and quicker to implement.
"JavaScript. Standard evolution, when nobody cares", Roman SavitskyiFwdays
Â
Should we take a look at JavaScript when everyone is writing in TypeScript? What happens to the standard? What did we get last year? What new features can we expect this and next year? And most importantly, when will Observer be standardized?
Let's try to answer all these questions and even a little more, dream about the future, and enjoy that Observer is alive (or not).
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...Fwdays
Â
Case study of how small team in Preply started with inheriting an existing ranking model to being able to produce a model per day. In this talk we'll cover steps to take if you find yourself in a similar situation: what kind of technology and processes can you introduce in order to achieve a great speedup in a development speed.
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil TopchiiFwdays
Â
In my talk, I will tell about the world of GenAI services beyond GPT-wrappers and how we developed and scaled GenAI-centric applications. I'll share personal experiences about the obstacles, lessons, and strategic tools and methodologies that were key in taking GenAI applications from 0 to 1. I'll talk about the challenges we faced when launching LLM-based and image generative applications and delivering them to end users, and what conclusions and solutions were made.
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
Â
Python engineers are introduced to the transformative potential of Large Language Models (LLMs) in the realm of advanced data analysis and the application of Semantic Kernel techniques. We will talk about how LLMs like ChatGPT can be integrated into Python environments to automate data processing, enhance predictive modeling, and unlock deeper insights from complex datasets. The session will delve into practical strategies for embedding Semantic Kernel methods within Python projects, illustrating how these advanced techniques can refine the accuracy of machine learning models by embedding domain-specific knowledge directly into the analysis process. Attendees will leave with a clear roadmap for leveraging the combined power of LLMs and Semantic Kernels, equipped with actionable knowledge to drive innovation in their data analysis projects and beyond, marking a significant leap forward in the evolution of Python engineering practices.
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
Â
Federated learning. Algorithmic solution to the problem of privacy preserving ML. Pieces involved to support the training with NVIDIA Flare as example. How newest legislation affects federated learning.
"What is a RAG system and how to build it",Dmytro SpodaretsFwdays
Â
Today, large language models are becoming an integral part of almost every IT solution. However, their use is often accompanied by certain limitations, such as the relevance of information or its depth and specificity. One of the ways to overcome these limitations is the method of working with LLMs - RAG (Retrieval Augmented Generation).
In an ideal world, you would write Python code and then it would work perfectly. But unfortunately, it doesn't work in this manner. In my talk, I'll cover how to efficiently debug your programs, especially in cloud environments or inside Kubernetes.
MLOps (Machine Learning Operations) is a recent buzzword, that trends a lot. Let's figure out together how maintaining applications with machine learning components is significantly different from maintaining applications without them.
We will look into MLOps best practices and typical problems and their implementations/solutions in real world production.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
đź“• Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
đź’» Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
What is an RPA CoE? Session 2 – CoE RolesDianaGray10
Â
In this session, we will review the players involved in the CoE and how each role impacts opportunities.
Topics covered:
• What roles are essential?
• What place in the automation journey does each role play?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Guidelines for Effective Data VisualizationUmmeSalmaM1
Â
This PPT discuss about importance and need of data visualization, and its scope. Also sharing strong tips related to data visualization that helps to communicate the visual information effectively.
For senior executives, successfully managing a major cyber attack relies on your ability to minimise operational downtime, revenue loss and reputational damage.
Indeed, the approach you take to recovery is the ultimate test for your Resilience, Business Continuity, Cyber Security and IT teams.
Our Cyber Recovery Wargame prepares your organisation to deliver an exceptional crisis response.
Event date: 19th June 2024, Tate Modern
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Â
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
Â
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
Introducing BoxLang : A new JVM language for productivity and modularity!Ortus Solutions, Corp
Â
Just like life, our code must adapt to the ever changing world we live in. From one day coding for the web, to the next for our tablets or APIs or for running serverless applications. Multi-runtime development is the future of coding, the future is to be dynamic. Let us introduce you to BoxLang.
Dynamic. Modular. Productive.
BoxLang redefines development with its dynamic nature, empowering developers to craft expressive and functional code effortlessly. Its modular architecture prioritizes flexibility, allowing for seamless integration into existing ecosystems.
Interoperability at its Core
With 100% interoperability with Java, BoxLang seamlessly bridges the gap between traditional and modern development paradigms, unlocking new possibilities for innovation and collaboration.
Multi-Runtime
From the tiny 2m operating system binary to running on our pure Java web server, CommandBox, Jakarta EE, AWS Lambda, Microsoft Functions, Web Assembly, Android and more. BoxLang has been designed to enhance and adapt according to it's runnable runtime.
The Fusion of Modernity and Tradition
Experience the fusion of modern features inspired by CFML, Node, Ruby, Kotlin, Java, and Clojure, combined with the familiarity of Java bytecode compilation, making BoxLang a language of choice for forward-thinking developers.
Empowering Transition with Transpiler Support
Transitioning from CFML to BoxLang is seamless with our JIT transpiler, facilitating smooth migration and preserving existing code investments.
Unlocking Creativity with IDE Tools
Unleash your creativity with powerful IDE tools tailored for BoxLang, providing an intuitive development experience and streamlining your workflow. Join us as we embark on a journey to redefine JVM development. Welcome to the era of BoxLang.
Discover the Unseen: Tailored Recommendation of Unwatched ContentScyllaDB
Â
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
From Natural Language to Structured Solr Queries using LLMsSease
Â
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
An All-Around Benchmark of the DBaaS MarketScyllaDB
Â
The entire database market is moving towards Database-as-a-Service (DBaaS), resulting in a heterogeneous DBaaS landscape shaped by database vendors, cloud providers, and DBaaS brokers. This DBaaS landscape is rapidly evolving and the DBaaS products differ in their features but also their price and performance capabilities. In consequence, selecting the optimal DBaaS provider for the customer needs becomes a challenge, especially for performance-critical applications.
To enable an on-demand comparison of the DBaaS landscape we present the benchANT DBaaS Navigator, an open DBaaS comparison platform for management and deployment features, costs, and performance. The DBaaS Navigator is an open data platform that enables the comparison of over 20 DBaaS providers for the relational and NoSQL databases.
This talk will provide a brief overview of the benchmarked categories with a focus on the technical categories such as price/performance for NoSQL DBaaS and how ScyllaDB Cloud is performing.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Â
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Â
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
Â
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
đź“• Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
đź’» Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsScyllaDB
Â
ScyllaDB monitoring provides a lot of useful information. But sometimes it’s not easy to find the root of the problem if something is wrong or even estimate the remaining capacity by the load on the cluster. This talk shares our team's practical tips on: 1) How to find the root of the problem by metrics if ScyllaDB is slow 2) How to interpret the load and plan capacity for the future 3) Compaction strategies and how to choose the right one 4) Important metrics which aren’t available in the default monitoring setup.
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...AlexanderRichford
Â
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation Functions to Prevent Interaction with Malicious QR Codes.
Aim of the Study: The goal of this research was to develop a robust hybrid approach for identifying malicious and insecure URLs derived from QR codes, ensuring safe interactions.
This is achieved through:
Machine Learning Model: Predicts the likelihood of a URL being malicious.
Security Validation Functions: Ensures the derived URL has a valid certificate and proper URL format.
This innovative blend of technology aims to enhance cybersecurity measures and protect users from potential threats hidden within QR codes đź–Ą đź”’
This study was my first introduction to using ML which has shown me the immense potential of ML in creating more secure digital environments!