O'Reilly logo
live online training icon Live Online training

AWS advanced security with Config, GuardDuty, and Macie

Using machine learning and AI to detect and protect

Vincent Castro

AWS adoption has reached the point where many companies rely on it for at least some if not all production workloads. EC2 and S3 remain the most popular service offerings, and protecting your instances and buckets can be a challenge in large environments.

Join Vincent Castro to learn how to improve your AWS security posture with AWS Config, Amazon GuardDuty, and Amazon Macie—services that can alert you to changes in the environment, notify you of malicious behavior in your account, and help protect sensitive data via continuous monitoring and machine learning. You'll review each service in detail and learn how to implement it in your own projects.

What you'll learn-and how you can apply it

By the end of this live, online course, you’ll understand:

  • AWS Config basic concepts and how to use it
  • Amazon GuardDuty basic concepts, how it works with data sources, and the types of findings it can alert on
  • Amazon Macie basic concepts, how to enable it for specific S3 buckets and directories, and potential future expansion for service (EBS, EFS, etc.)
  • The cost of each of these services

And you’ll be able to:

  • Enable Config and begin using it immediately with AWS-provided rules
  • Enable GuardDuty and begin monitoring your account for security threats
  • Generate example alerts to help configure SNS and email notifications
  • Enable Macie and configure monitoring for specific S3 buckets and resources to protect sensitive data

This training course is for you because...

  • You're a systems engineer who wants to improve the security posture of the AWS accounts that you support.
  • You're a security engineer who wants be notified of changes to the environment with AWS Config, configure notifications for suspicious activity in your AWS account with Amazon GuardDuty, and protect sensitive data that is being stored in S3 with Amazon Macie.

Prerequisites

  • An intermediate understanding of AWS (1+ years of experience)
  • Familiarity with computer network and security concepts

Recommended preparation:

Assignments to be completed prior to the training course:

  • Set up a new AWS account that is isolated and separate from any account associated with production-related workloads

Recommended follow-up:

About your instructor

  • I have 15+ years of industry experience and have served as the VMware Subject Matter Expert (SME) at Kabam, Palantir Technologies and Uber Technologies. I currently hold four relevant certifications: VMware VCP-DCV 6 and AWS Certified: Solutions Architect, Developer, and SysOps Administrator.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Introducing Config, GuardDuty, and Macie (5 minutes)

  • Lecture: What does it mean to have a strong security posture in AWS?; different ways to enforce security in your AWS account; service-specific security measures; Config for continuous monitoring; GuardDuty for threat detection; Macie to protect sensitive data; bringing the three services together

AWS Config (20 minutes)

  • Lecture: Overview of the service; rules; use cases—DB backups, encryption, and CloudTrail; pricing; demo
  • Hands-on exercise: Enable Config and add rules
  • Q&A

Amazon GuardDuty (35 minutes)

  • Lecture: Overview of the service; data sources; findings; remediation; AWS Lambda; SNS notifications; pricing; demo
  • Hands-on exercise: Enable GuardDuty (30-day free trial) and generate sample findings
  • Q&A

Break (10 minutes)

Amazon Macie (15 minutes)

  • Lecture: Overview of the service; how it works; machine learning and artificial intelligence; future integration with other AWS storage services; limitations and region availability; pricing; demo
  • Q&A

Wrap-up and Q&A (5 minutes)