3 secrets to becoming a cloud security superhero

Download 3 Secrets to Becoming a Cloud Security Superhero

Post on 15-Apr-2017

883 views

Category:

Technology

1 download

Embed Size (px)

TRANSCRIPT

PowerPoint Presentation

3 Secrets to becoming acloud security superhero

Pat McDowell, Solutions Architect with AWSTuesday, May 10 2016Dawn Smeaton, Director - Cloud Workload Security with Trend Micro

AWS and you share responsibility for security

AWS Foundation ServicesComputeStorageDatabaseNetworkingAWS Global InfrastructureRegionsAvailability ZonesEdge LocationsIdentity & Access ControlNetworkSecurityCustomer applications & content

You get to define your controls ON the CloudAWS takes care of the security OF the CloudYouInventory & ConfigData Encryption

2

This is you

This is you with Trend Micro + AWS

Your new superpowersInvisibilityX-ray VisionShapeshifting

Shapeshift

Design a workload-centric security architectureSuperpower #1

WebTierAppTier

DBTier

On-premises

BeforeLoadBalancer

Firewall

IPS

Amazon S3

DynamoDB

Amazon RDSWebTieron Amazon EC2AppTieron Amazon EC2

ElasticLoadBalancing

LoadBalancer

DBTier

WebTierAppTier

IAM

CloudTrail

After

Amazon VPC&SecurityGroups

AWS

Firewall

IPS

Crypt-o

Heartbleed

CVE-2014-0160

AmazonEC2

8

Shapeshift superpower demo

AmazonEC2

Dont ReplicateWARNING:Single Point of FailureLimited Throughput

Shapeshift

Mission Accomplished:No Single Point of FailureUnlimited Throughput

Elastic Load Balancer

Confidential under NDA | Copyright 2016 Trend Micro Inc,http://cloudsecurity.trendmicro.com/us/technology-innovation/customers-partners/healthdirect-australia/index.html

Enable rapid innovation with host-based securityReduced risk and adopted automated, workload centric securityEnabled DevOps with shift from unmanageable open source solution to Deep SecurityPrevented over 5,000 attacks in 7 days with IPSImmediate vulnerability protection met 2 day patch pace, bought time for proper patch cycleDeep Security helps Healthdirect achieve rapid innovation. It takes us the least amount of time to manage in our environment. We put it in and it just works.

CASE STUDY

5/10/2016Confidential | Copyright 2012 Trend Micro Inc.13

Shapeshift for Amazon Web ServicesSecurity inside each workloadProtect instance-to-instance trafficMake it context sensitive (fast and low false-positive)No bottleneckNo single point of failure= Cloud friendly

IPS

InvisibilityAutomate and blend in, dont bolt onSuperpower #2

Audit-o

Invisibility superpower demo

ServersStorage Area NetworkOn-premises

FirewallIPS

Central logging

ChangeRecords

Report

Creating an audit trail, before

Payment

Client DataOn-premisesAWSCloudTrailAmazon EC2 instancesDeep Security Management consoleAmazon S3

CloudFrontAmazon RDSReport

Creating an audit trail, after

Audit-o

CloudTrail& AWS ConfigDeep Security

Top 10 global sports brand delivered high performance, scalable applications, while meeting rigid security requirementsSecurity seamlessly scaled with Amazon EC2Provided audit evidence needed for internal and PCI DSS compliance requirementsUnified policies across hybrid architecture with IPS, Integrity Monitoring and Anti-malware

Confidential under NDA | Copyright 2016 Trend Micro Inc,Agile protection with audit evidence

CASE STUDY

5/10/2016Confidential | Copyright 2012 Trend Micro Inc.21

Make Security Invisible for Amazon Web ServicesBuild it in, not bolt onFully automate security Automate record keeping for auditors = Security designed for AWS

X-Ray Vision

Improve visibility of AWS and hybrid environmentsSuperpower #3

Change-o

Creating an invincible web siteProtects site against malicious changes with a Deep Security driven auto-recovery mechanism Reduced risk of cyberattack for high profile product launch (RoBoHoN)Immediately fixes unauthorized changes by using FIM and CMS to restore original content Sped response to cyberattack from 2+ days to seconds, without server shutdown

Deep Security defends from the communication layer to the application layer. There is no other software product on the market that offers that depth of protection

http://cloudsecurity.trendmicro.com/us/technology-innovation/customers-partners/sharp/index.html

CASE STUDY

5/10/2016Confidential | Copyright 2012 Trend Micro Inc.25

Use X-ray vision on AWSUse Integrity Monitoring and Log monitoring to see inside instancesDetect suspicious changes that are indicators of compromise and unintended changes= Total visibility

Securing your data on AWS

27

Better Security

$6.53M56%70%Your data and IP are your most valuable assetsIncrease in theft of hard intellectual property

http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey.htmlOf consumers indicated theyd avoid businesses following a security breach

https://www.csid.com/resources/stats/data-breaches/

Average cost of adata breach

https://www.csid.com/resources/stats/data-breaches/

In June 2015, IDC released a report which found that most customers can be more secure in AWS than their on-premises environment. How?AWS can be more secure than your existing environmentAutomating logging and monitoring

Simplifying resource access

Making it easy to encrypt properly

Enforcing strong authentication

The AWS infrastructure is protected by extensive network and security monitoring systems:

Network access is monitored by AWS security managers dailyCloudTrail lets you monitor and record all API callsAmazon Inspector automatically assesses applications for vulnerabilitiesConstantly monitored

The AWS infrastructure footprint protects your data from costly downtime:

33 Availability Zones in 12 regions for multi-synchronous geographic redundancyRetain control of where your data resides for compliance with regulatory requirementsMitigate the risk of DDoS attacks using services like AutoScaling, Route 53Highly available

AWS enables you to improve your security using many of your existing tools and practices:

Integrate your existing Active DirectoryUse dedicated connections as a secure, low-latency extension of your data centerProvide and manage your own encryption keys if you chooseIntegrated with your existing resources

Key AWS Certifications and Assurance Programs

34

ShapeshiftingInvisibilityX-ray VisionYour new superpowers

Gartner Best Practices for Securing AWS workloadshttp://aws.amazon.com/featured-partners/trendmicro/

Get your copy at:

trendmicro.com/aws