Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Transcription

1 Look Who s Hiring! AWS Solution Architect AWS Cloud TAM AWS Principal Cloud Architect (Professional Services) VGaOWIhaklSw9idiTA8gCkJ2cKsaJL40SLqgBI/yqgZ6WtJiObPVOM6A6g==&utm _source=linkedin&utm_campaign=reqcloud_jobpost

2 AWS & Alert Logic Minoo Duraipandy, Solution Architect, AWS David Hillock, Territory Manager, Alert Logic

3 Grab beer and food Introduction to AWS Security AWS Shared Security Model AWS & Alert Logic Top 13 must-do security hardening measures Show & Tell sessions (hopefully it will work!) AWS Network Security (will we have time to get here?) Leave you with reference docs and videos

4 Job Zero Physical Security Network Security Platform Security People & Procedures

5 constantly improving GxP ISO AS9100 ISO/TS AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Availability Zones Regions Edge Locations AWS is responsible for the security OF the Cloud

6 SHARED

7 Customers shared responsibility Customer applications & content Platform, Applications, Identity & Access Management Operating System, Network, & Firewall Configuration Client-side Data Encryption AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Server-side Data Encryption Availability Zones Regions Network Traffic Protection Edge Locations Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud

8 ALERT LOGIC MANAGED SECURITY AS A SERVICE David Hillock Territory Manager

9 Leading Provider of Security & Compliance for the Cloud Providing fully managed and monitored security and compliance for cloud, hybrid, and on-premises infrastructure, with the benefits of deep insight, continuous protection, and lower costs Deep Security Insight Continuous Protection Lower Total Costs Revenue: $91M+/year Growth rate: 42% Customers: 3,600+ Founded: 2002 Employees: 650+ Headquarters: Houston, Texas INDUSTRY RECOGNITION and CERTIFICATIONS

10 Over 3,500 Organizations Worldwide Trust Alert Logic

11 CYBER SECURITY LANDSCAPE

12 Security Risks are Escalating Rapidly AT A GLANCE: CYBERCRIME TODAY $ $ MILLION MAJOR MILLION DAYS AVERAGE YEARLY SECURITY INCIDENTS DIRECT LOSSES ON AVERAGE BEFORE COST OF BREACHES PER ORGANIZATION (1) COMPANIES DEAL WITH EACH YEAR (1) FROM BREACH FOR TARGET DETECTION OF COMPROMISE (2) Sources: 1) IDC Cybercrime The Credentials Connection ) mtrends Threat Report 2015.

13 Today s Attacks are Becoming More Complex The Impact Identify & Recon Initial Attack Command & Control Discover & Spread Extract & Exfiltrate Financial loss Harm brand and reputation Scrutiny from regulators Attacks are multi-stage using multiple threat vectors Takes organizations months to identify they have been compromised 205 days on average before detection of compromise 1 Over two-thirds of organizations find out from a 3 rd party they have been compromised 2 1 IDC Worldwide Security and Vulnerability Management Forecast 2 M-Trends 2015: A View from the Front Lines

14 Security in the Cloud is a Shared Responsibility Apps Secure coding and best practices Software and virtual patching Configuration management Access management Application level attack monitoring Hosts Hardened hypervisor System image library Root access for customer Access management Patch management Configuration hardening Security monitoring Log analysis Customer Responsibility Cloud Service Provider Responsibility Networks Logical network segmentation Perimeter security services External DDoS, spoofing, and scanning prevented Network threat detection Security monitoring Foundation Services Compute Storage DB Network

15 ALERT LOGIC: SECURITY PARTNER

16 Closing the Gap for Cloud Security Alert Logic Cloud Defender Review and Escalation by our Security Analysts Analytics Engine to find potential threats Real-time Security Monitoring of Network, Log, and Web App Traffic Research into known and emerging, as well as AWS-specific, threats Audit and Compliance reporting Alert Logic Cloud Insight Vulnerabilities on the Instances AWS Best Practices AWS Config Visibility of the AWS Environment AWS CloudTrail

17 How Cloud Defender Works A L E R T L O G I C C L O U D D E F E N D E R Network incidents Vulnerability Scans Web application events OS/App log data Big Data Analytics Platform Threat Intelligence & Security Content 24 x 7 Monitoring & Escalation Identify Attacks & Protect Customers Customer IT Environment AWS Log data Alert Logic ActiveAnalytics Alert Logic ActiveIntelligence Alert Logic ActiveWatch Cloud, Hybrid On-Premises

18 ActiveAnalytics: Security Analytics Big Data Grid Optimized for Large Scale Storage & Processing Collects, stores, and parses all data collected Optimized for scale more than 1000 processing cores Supports multiple workloads on shared infrastructure Real-time Processing & Analytics Platform Automated incident creation with actionable intelligence Removes false positives 3-tiered analysis: Real-time Monitoring Pre-cursor Deep Forensics Multi-Tier Security Content Identifies Hard to Detect Incidents Correlation rules Anomaly detection Threat intelligence Reputation-based Signature-based Vulnerability context

19 ActiveIntelligence: Threat Intelligence & Content Data Sources Honey Pot Network Flow based Forensic Analysis Security Operations Center 24/7 INCIDENTS Malware Forensic Sandboxing Intelligence Harvesting Grid Alert Logic Threat Manager Data Security Content Alert Logic Log Manager Data Alert Logic Web Security Manager Data INPUTS Applied Analytics Customer Alert Logic ScanWatch Data Threat Intelligence Asset Model Data Customer Business Data Research

20 ActiveWatch: 24x7 Security Monitoring 24x7 Security and Availability Coverage Expert review, investigation, and analysis by certified security experts Incident response, escalation, and recommendations for resolution NOC monitors all security infrastructure for availability Ongoing tuning delivers protection and application availability Tuning in response to changing attacks and customer application changes Identification of new attack patterns and creation of new security content Expert Certification

21 Compliance without Complexity Alert Logic Solution Alert Logic Web Security Manager Alert Logic Log Manager Alert Logic Threat Manager PCI DSS SOX HIPAA & HITECH 6.5.d Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others 6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public-facing web applications Automated audit trails 10.3 Capture audit trails 10.5 Secure logs 10.6 Review logs at least daily 10.7 Maintain logs online for three months 10.7 Retain audit trail for at least one year Monitor zero day attacks not covered by anti-virus 6.2 Identify newly discovered security vulnerabilities 11.2 Perform network vulnerability scans quarterly by an ASV or after any significant network change 11.4 Maintain IDS/IPS to monitor and alert personnel; keep engines up to date DS 5.10 Network Security AI 3.2 Infrastructure resource protection and availability DS 5.5 Security Testing, Surveillance and Monitoring DS5.9 Malicious Software Prevention, Detection and Correction DS 5.6 Security Incident Definition DS 5.10 Network Security (a)(1) Security Management Process (a)(6) Security Incident Procedures (a)(1)(ii)(d) Information System Activity Review (a)(6)(i) Login Monitoring (b) Audit Controls (a)(1)(ii)(a) Risk Analysis (a)(1)(ii)(b) Risk Management (a)(5)(ii)(b) Protection from Malicious Software (a)(6)(iii) Response & Reporting Alert Logic Security Operations Center providing Monitoring, Protection, and Reporting

22 Basic user and permission management Credential management Delegation

23 Basic user and permission management 0. Create individual users. Benefits Unique credentials Individual credential rotation Individual permissions

24 Basic user and permission management 1. Grant least privilege. Benefits Less chance of people making mistakes Easier to relax than tighten up More granular control

25 Basic user and permission management 2. Manage permissions with groups. Benefits Easier to assign the same permissions to multiple users Simpler to reassign permissions based on change in responsibilities Only one change to update permissions for multiple users

26 Basic user and permission management 3. Restrict privileged access further with conditions. Benefits Additional granularity when defining permissions Can be enabled for any AWS service API Minimizes chances of accidentally performing privileged actions

27 Basic user and permission management 4. Enable AWS CloudTrail to get logs of API calls. Benefits Visibility into your user activity by recording AWS API calls to an Amazon S3 bucket

28 It s really easy to set it up! Turn AWS CloudTrail On Apply to all AWS Regions Price = $ /event Or $2 for 100,000 events

29 That brings us to our 1 st Show & Tell Price = $ /event Or $2 for 100,000 events

30 Credential management 4. Enable AWS CloudTrail to get logs of API calls. 5. Configure a strong password policy. Benefits Ensures your users and your data are protected

31 Credential management Benefits Normal best practice 4. Enable AWS CloudTrail to get logs of API calls. 6. Rotate security credentials regularly.

32 Credential management Benefits Supplements user name and password to require a one-time code during authentication 4. Enable AWS CloudTrail to get logs of API calls. 7. Enable MFA for privileged users & root user.

33 Delegation 4. Enable AWS CloudTrail to get logs of API calls. 7. Enable MFA for privileged users & root user. 8. Use IAM roles to share access. Benefits No need to share security credentials No need to store long-term credentials Use cases - Cross-account access - Intra-account delegation - Federation

34 IMPORTANT: Never share security credentials

35 More Show & Tell!

36 Delegation 4. Enable AWS CloudTrail to get logs of API calls. Benefits Easy to manage access keys on EC2 instances Automatic key rotation Assign least privilege to the application AWS SDKs fully integrated AWS CLI fully integrated 7. Enable MFA for privileged users & root user. 9. Use IAM roles for Amazon EC2 instances.

37 Delegation Benefits Reduce potential for misuse of credentials 4. Enable AWS CloudTrail to get logs of API calls. 7. Enable MFA for privileged users & root user. 10. Reduce or remove use of root.

38 Turning MFA on AWS Root Acct

39 Benefits Automates security controls Streamlines auditing 4. Enable AWS CloudTrail to get logs of API calls. 7. Enable MFA for privileged users. 11. Use Config & Config Rules

40 Enabling AWS Config

41 Setting up Config Rules

42 Setting up Config Rules

43 Benefits Automates security controls Streamlines auditing 4. Enable AWS CloudTrail to get logs of API calls. 7. Enable MFA for privileged users. 11. Use Config & Config Rules 12. Have EC2 SSH key diversity

44 13 0. Users 1. Permissions 2. Groups 3. Conditions 4. Auditing 5. Password 6. Rotate 7. MFA 8. Sharing 9. Roles 10. Root 11. Use Config & Config Rules 12. Have EC2 SSH key diversity

45 NETWORK

46 Availability Zone A Availability Zone B AWS Virtual Private Cloud Provision a logically isolated AWS network security AWS network will prevent spoofing and other common section of the AWS cloud You choose a private IP range for your VPC Segment this into subnets to deploy your compute instances layer 2 attacks You cannot sniff anything but your own EC2 host network interface Control all external routing and connectivity

47 Web App Web DB

48 Web App Allow Web Deny all traffic DB

49 Web Port 443 App Port 443 Web DB

50 PUBLIC PRIVATE Web PRIVATE App Web DB REPLICATE ON-PREM

51 Big Data Analytics Digital Websites AWS VPC Peering Enterprise Apps Common Services Route traffic between VPCs in private and peer specific subnets between each VPC Even between AWS accounts

52 resiliently and directly Digital Websites Dev and Test AWS Internet VPN Big Data Analytics Enterprise Apps YOUR AWS ENVIRONMENT AWS Direct Connect YOUR PREMISES

53 Physical Data Center AWS VPC VLANs/Subnets Subnets Routers Route Tables Stateful Firewalls Security Groups Stateless Firewalls or Network ACLs Network ACLs Network Interface Card Elastic Network Interface (ENI) Web Application Firewall AWS WAF or other products (like Alert Logic) Internet Connection Internet Gateway (IGW) NAT (probably on firewall) NAT Gateway Service or NAT Instance Inter Datacenter connectivity IPSec VPN, OpenVPN (for users), Direct Connect Private IP (RFC 1918) Private IP (RFC 1918) persistent for the life (EC2) Public/External IP Public IP (dynamic), Elastic IP (static) Network based IDS/IPS Host based IPS/IDS DHCP Server Managed DHCP Service (DHCP Options Set) DNS Server Managed or self-hosted DNS (DHCP Options Set) Intra-Network Isolation or Connectivity VPC Peering

54

55

56