相關主題
商品描述
Learn the most important topics in securing AWS environments through a strategic combination of fundamental principles, real-case studies, and hands-on practice to battle new generations of cyber-attacks. The book offers a definitive guide to AWS cybersecurity, ranging from identity and access management, Zero Trust architecture, and cloud threat intelligence through advanced detection methods, forensics, and incident response strategies.
We start with a deep dive into AWS security fundamentals, such as the shared responsibility model, security pillars, reference architecture, and compliance frameworks like NIST, ISO/IEC 27001, PCI DSS, GDPR, and HIPAA. We then demystify cloud security by explaining threat modeling, risk analysis, network security, secure configurations, and automated security monitoring with AWS-native services such as AWS Security Hub, GuardDuty, WAF, and IAM.
In addition to the fundamentals, this book explores attacker tactics, techniques, and procedures (TTPs)--taking a deep dive into cyber adversary activity, such as reconnaissance, lateral movement, persistence, privilege escalation, and exfiltration methods in AWS environments. You will discover how cyber attackers take advantage of poorly configured IAM roles, AWS exposed credentials, cloud reconnaissance methods, and AI-powered phishing campaigns--and learn how to successfully fight back.
Next few chapters offer prescriptive security advice for new technologies such as serverless computing, containerized workloads, hybrid and multi-cloud security, IoT security issues, and cryptocurrency threats. We cover Zero Trust frameworks, presenting real-world implementations founded on NIST SP 800-207, Forrester ZTX, and CSA Zero Trust Architecture principles.
The book finishes with a forward-looking discussion of AI-powered threats such as deepfake attacks, AI-powered malware, and next-generation adversarial attacks and defense countermeasures founded on AI-powered detection and automation. Furthermore, detailed incident response and forensic techniques provide readers with the know-how to examine AWS security incidents, create playbooks, and employ proactive defense.
You Will:
- Examine and remediate cloud security threats using comprehensive risk analysis, proactive monitoring, and AWS-native security tools
- Get hands-on implementation of Zero Trust architectures, identity-based security, and least privilege principles in AWS
- Find out how to detect and respond to sophisticated cyberattacks, including credential theft, cloud-aware malware, and AI-powered phishing campaigns
- Learn to Mitigate ransomware threats in AWS, including prevention, detection, response, and disaster recovery techniques
- Explore how to secure multi-cloud and hybrid deployments, IoT, serverless apps, and containerized workloads
- Understand practical approaches to automating cloud security, monitoring compliance, and creating efficient detection pipelines
Who This Book Is For
The book caters to beginner-to-intermediate cybersecurity professionals, AWS users, solution architects, developers, and cloud security enthusiasts seeking a comprehensive understanding of AWS security.
商品描述(中文翻譯)
學習透過基本原則、實際案例研究和實作練習的策略組合,來保護 AWS 環境中的最重要主題,以應對新一代的網路攻擊。本書提供了 AWS 網路安全的權威指南,涵蓋身份與存取管理、零信任架構、雲端威脅情報、先進的檢測方法、取證和事件回應策略。
我們首先深入探討 AWS 安全的基本概念,例如共享責任模型、安全支柱、參考架構,以及 NIST、ISO/IEC 27001、PCI DSS、GDPR 和 HIPAA 等合規框架。接著,我們通過解釋威脅建模、風險分析、網路安全、安全配置和使用 AWS 原生服務(如 AWS Security Hub、GuardDuty、WAF 和 IAM)進行自動化安全監控,來揭開雲端安全的神秘面紗。
除了基本概念,本書還探討攻擊者的戰術、技術和程序(TTPs),深入分析網路對手的活動,例如偵查、橫向移動、持久性、特權提升和在 AWS 環境中的外洩方法。您將發現網路攻擊者如何利用配置不當的 IAM 角色、AWS 暴露的憑證、雲端偵查方法和 AI 驅動的釣魚攻擊活動,並學習如何成功反擊。
接下來的幾章提供針對新技術的安全建議,例如無伺服器計算、容器化工作負載、混合雲和多雲安全、物聯網安全問題以及加密貨幣威脅。我們涵蓋零信任框架,展示基於 NIST SP 800-207、Forrester ZTX 和 CSA 零信任架構原則的實際實施案例。
本書最後討論了 AI 驅動的威脅,例如深偽攻擊、AI 驅動的惡意軟體以及基於 AI 驅動的下一代對抗攻擊和防禦對策。此外,詳細的事件回應和取證技術為讀者提供了檢查 AWS 安全事件、創建行動手冊和採用主動防禦的專業知識。
您將會:
- 使用全面的風險分析、主動監控和 AWS 原生安全工具來檢查和修復雲端安全威脅
- 實作零信任架構、基於身份的安全和最小特權原則於 AWS
- 瞭解如何檢測和回應複雜的網路攻擊,包括憑證盜竊、雲端感知的惡意軟體和 AI 驅動的釣魚攻擊
- 學習如何在 AWS 中減輕勒索病毒威脅,包括預防、檢測、回應和災難恢復技術
- 探索如何保護多雲和混合部署、物聯網、無伺服器應用和容器化工作負載
- 理解自動化雲端安全、監控合規性和創建高效檢測管道的實用方法
本書適合對象
本書適合初學者到中級的網路安全專業人士、AWS 使用者、解決方案架構師、開發人員和尋求全面了解 AWS 安全的雲端安全愛好者。
作者簡介
Syed Rehan is a technology leader with over two decades of experience across cybersecurity, cloud computing, IoT, AI, and machine learning. As a Senior Cybersecurity Leader within the AWS Services organization, he is instrumental in shaping the security posture of AWS offerings, influencing both strategic direction and technical implementation.
Since joining AWS in 2017, Syed has been at the helm of some of the most critical security initiatives, playing a key role in launching services like AWS Security Hub, AWS Security Incident Response, AWS Verified Access, AWS IoT Device Defender, and AWS IoT Greengrass. His work exemplifies a blend of visionary thinking and deep technical acumen, contributing directly to the secure innovation that AWS customers rely on.
Recognized globally for his thought leadership, Syed is a regular speaker at AWS re: Invent and major industry conferences, where he shares insights on cybersecurity, IoT, AI, and cloud infrastructure. He is also a prolific author of technical blogs, whitepapers, and training workshops that empower the broader cloud community.
Among his many achievements, Syed was one of the first specialist solution architects for AWS IoT in EMEA and became the first specialist SA for Amazon Connect. His passion for innovation and leadership continues to inspire the next generation of tech enthusiasts.
作者簡介(中文翻譯)
Syed Rehan 是一位技術領導者,擁有超過二十年的經驗,涵蓋網路安全、雲端運算、物聯網 (IoT)、人工智慧 (AI) 和機器學習。作為 AWS 服務組織中的資深網路安全領導者,他在塑造 AWS 產品的安全態勢方面發揮了重要作用,影響了戰略方向和技術實施。
自 2017 年加入 AWS 以來,Syed 一直在一些最關鍵的安全倡議中擔任領導角色,對於推出 AWS Security Hub、AWS Security Incident Response、AWS Verified Access、AWS IoT Device Defender 和 AWS IoT Greengrass 等服務發揮了關鍵作用。他的工作展現了前瞻性思維與深厚技術專業知識的結合,直接促進了 AWS 客戶所依賴的安全創新。
Syed 在全球範圍內因其思想領導力而受到認可,是 AWS re:Invent 和主要行業會議的常客演講者,分享有關網路安全、物聯網、人工智慧和雲端基礎設施的見解。他也是技術部落格、白皮書和培訓工作坊的多產作者,賦能更廣泛的雲端社群。
在他的眾多成就中,Syed 是 EMEA 地區 AWS IoT 的首批專家解決方案架構師之一,並成為 Amazon Connect 的首位專家 SA。他對創新和領導的熱情持續激勵著下一代的科技愛好者。
