AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Similar documents
Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

PROTECT WORKLOADS IN THE HYBRID CLOUD

Safeguard Application Uptime and Consistent Performance

Stairway to Cloud Networking Nirvana

EBOOK: Backup & Recovery on AWS

Best Practices in Securing a Multicloud World

Cloud Confidence: Simple Seamless Secure. Dell EMC Data Protection for VMware Cloud on AWS

Security & Compliance in the AWS Cloud. Amazon Web Services

CipherCloud CASB+ Connector for ServiceNow

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

AWS Reference Design Document

Cisco Cloud Application Centric Infrastructure

San Jose Water Company Expedites New Feature Delivery with DevOps Help from ClearScale on AWS

Solution Overview Gigamon Visibility Platform for AWS

Securing Your Amazon Web Services Virtual Networks

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

THE ACCENTURE CYBER DEFENSE SOLUTION

CLOUD WORKLOAD SECURITY

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Medigate and Palo Alto Networks Integration

Cisco CloudCenter Use Case Summary

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

HARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY

Eucalyptus Overview The most widely deployed on-premise cloud computing platform

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Getting Started with AWS Security

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

Virtustream Managed Services Drive value from technology investments through IT management solutions. Tim Calahan, Manager Managed Services

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

SYMANTEC DATA CENTER SECURITY

How Verizon boosted product delivery with Dynatrace Software Intelligence

Accelerate Your Enterprise Private Cloud Initiative

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

Simple and Secure Micro-Segmentation for Internet of Things (IoT)

Choosing the Right Cloud. ebook

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Qualys Cloud Platform

EY Norwegian Cloud Maturity Survey 2018

Securing Your Most Sensitive Data

DEVELOPING DEVOPS ON AWS

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Deploying and Operating Cloud Native.NET apps

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Supporting the Cloud Transformation of Agencies across the Public Sector

ACCENTURE & RED HAT ACCENTURE CLOUD INNOVATION CENTER

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

Danish Cloud Maturity Survey 2018

Hybrid Cloud Management: Transforming hybrid cloud delivery

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Securing Your Microsoft Azure Virtual Networks

Qualys Cloud Platform

Matrix IT work Copyright Do not remove source or Attribution from any graphic or portion of graphic

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Automating Security Practices for the DevOps Revolution

Data Sheet Gigamon Visibility Platform for AWS

Cognizant Cloud Security Solution

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

Secure Messaging as a Service

Multicloud is the New Normal Cloud enables Digital Transformation (DX), but more clouds bring more challenges

Simplify Hybrid Cloud

Cloud DNS. High Performance under any traffic conditions from anywhere in the world. Reliable. Performance

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

ENTERPRISE INTERNET SOLUTIONS AWS IS CLOUDCONNECT SOLUTION OVERVIEW

Virtualizing Networks:

DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE

DevOps Agility Demands Advanced Management and Automation

DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE

Network Visibility and Segmentation

How to Keep UP Through Digital Transformation with Next-Generation App Development

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Hitachi Enterprise Cloud Container Platform

Five Essential Capabilities for Airtight Cloud Security

Networks

Please give me your feedback

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

DEVOPSIFYING NETWORK SECURITY. An AlgoSec Technical Whitepaper

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

Cisco Start. IT solutions designed to propel your business

Accelerating the HCLS Industry Through Cloud Computing

THALES DATA THREAT REPORT

Automation, DevOps, and the Demands of a Multicloud World in the Telecommunications Industry

Security in India: Enabling a New Connected Era

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

WHITE PAPER. Five AWS Practices. Enhancing Cloud Security through Better Visibility

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Securely Access Services Over AWS PrivateLink. January 2019

Transcription:

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs WITH PALO ALTO NETWORKS AND REAN CLOUD 1

INTRODUCTION EXECUTIVE SUMMARY Organizations looking to provide developers with a free-range development environment often face difficulties when trying to ensure these environments are secure. In order to overcome these security challenges, while still keeping up with the fast pace of changes in cloud environments, organizations need to adopt a DevSecOps mindset. Integrating security into DevOps processes help organizations ensure security is built into their environment, rather than added on as an after-thought. This also eliminates bottlenecks that commonly occur between development and security teams when developers try to spin up new environments. By automating security of current and new environments, your engineering team can focus on developing and testing new applications without worrying about security. SOLUTION OVERVIEW Palo Alto Networks and REAN Cloud have partnered together to offer an automated security solution on AWS. REAN Cloud automates the deployment of Palo Alto Networks VM-Series Firewall into developer VPCs, based on the configuration that works best for your organizations. This ebook explores the unique partnership between Palo Alto Networks and REAN Cloud, and how the two companies work together to help you adopt a DevSecOps mindset and eliminate the friction between your development and security teams. 2

SECURITY ON AWS AWS was designed with security as the highest priority and provides customers with a network architecture that was developed to meet the requirements of even the most security sensitive organizations. With over 50 compliance programs available, AWS helps you meet regulatory requirements across a multitude of industries. By leveraging AWS, you gain a high standard of security, without the costs and maintenance associated with having to manage your own on-premises facility. While Amazon Web Services (AWS) is responsible for the security of the cloud, it is up to organizations to secure their environments and applications in the cloud. Customer Data Platform, Applications, Identity and Access Management Customer Responsible for Security IN the cloud Operating System, Network & Firewall Configuration Client-side Data Encryption and Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) AWS Responsible for Security OF the cloud Compute Storage Database Networking Availability Zones AWS Global Infrastructure Edge Locations Regions 3

WHY PALO ALTO NETWORKS Palo Alto Networks VM-Series next generation firewalls expand the protection of your AWS deployments by identifying and controlling application traffic, and preventing attacks within those traffic flows. When deployed on an Amazon Elastic Compute Cloud (Amazon EC2) instance in your Amazon Virtual Private Cloud (Amazon VPC), the VM-Series enables you to reduce your threat footprint by limiting suspicious applications, regardless of communication port, that can access your AWS environment. Palo Alto Networks enables you to automate your security solution with the VM-Series for more agile and scalable workload security, while reducing the chance of vulnerabilities caused by human error. Palo Alto Networks VM-Series provides you with comprehensive visibility and control into applications and workloads, and the traffic that moves throughout. Features include: Complete Application Visibility Complete visibility into all applications traversing your VPC and the content within. Application Segmentation Cordon off applications within or between CPCs to prevent malware propagation and address diverse and demanding compliance regulations. Threat Prevention Apply application-specific threat prevention policies to block known and unknown threats. Centralized Management Manage security configurations from a single, central platform to streamline your policy updates. Touchless Deployment and Policy Updates Deploy, scale, and automate your VM-Series firewall to eliminate security induced operational friction. Scalability and Resiliency Scale your security solution independently of your workloads and operate at the speed of the cloud. User-Based Access Control Grant and deny access to users based on their identity to control network traffic between workloads and applications. 4

WHY REAN CLOUD REAN Cloud, an AWS Premier Consulting Partner, has deep experience in supporting enterprise IT infrastructures and applications in cloud environments. With their DevOps methodologies, REAN Cloud will help you break out of monolithic servers and deliver specific functionality and benefits to a wide variety of deployment end points. REAN Cloud has a multitude of features, ranging from server bootstrapping to multi-cloud deployments, to help you develop a continuous integration, continuous delivery (CICD) workflow pipeline. REAN Cloud follows a series of steps that helps your organization fully adopt a DevOps culture: TEST-DRIVEN DEPLOYMENT AUTOMATED DEPLOYMENTS AUTOMATED OPERATIONS METRICS FOCUSED PLATFORM CONTINUOUS SECURITY & COMPLIANCE 5

HOW IT WORKS Together, REAN Cloud and Palo Alto Networks offer a solution that seeks to eliminate the friction between development and security. When you leverage Palo Alto Networks and REAN Cloud together, you gain a security solution that enables your developers to quickly and freely create new environments, without compromising your organization s security. REAN Cloud begins by creating a controlled VPC. This VPC is automated to accept new VPN connections from VPCs that developers spin up. Then, Palo Alto Networks VM-Series Firewall provides application-level segmentation policies that enable you to control traffic between your VPCs. This feature, along with the web-application threat prevention features, are leveraged to manage network access and traffic monitoring, to ensure the control VPC is secure. Once the controlled VPC is secured, REAN Cloud uses an orchestration tool, such as Jenkins, to pull the configuration data of the VPC and store it in an Amazon Simple Storage Service (Amazon S3) bucket. Along with the configuration data, a bootstrap image of your ideal firewall is created. The process of bootstrapping involves creating a golden image of a firewall that is fully configured, with policies and routing already in place, that can be stored and extracted as needed. Having the control VPC and bootstrap image stored in S3 buckets mean that you can keep deploying secure applications, within the same VPC or within other VPCs, without having to configure new security policies. The combination of REAN Cloud s DevOps mindset, and the comprehensive security provided by Palo Alto Networks VM-Series Firewall, enables you to limit AWS permissions for developers and testers, without affecting productivity, through the power of automation. Now, you can cultivate an environment in which developers and engineers can quickly and securely spin up VPCs as needed, with the push of a button. 6

HOW IT WORKS (CONT.) Automating the VM-Series Firewall The below reference architecture depicts an environment in which REAN Cloud automated Palo Alto Networks VM-Series Firewall 7

CUSTOMER USE CASE: GIGAMON Gigamon provides customers with pervasive visibility traversing across entire networks. The Gigamon Visibility Platform makes it easier for companies to manage, secure, and understand their data in motion, and enables stronger security and improved network performance. CHALLENGE Gigamon extended their development engineering environment to AWS to take advantage of its flexibility and scalability. Soon after, Gigamon discovered that by providing development and test engineering teams with virtually unlimited cloud resources, they were introducing new vulnerabilities by not restricting traffic moving into and out of their environment. Gigamon s DevOps team wanted to operate freely and move at the speed of the cloud, but they were unsure of how to do so in a secure manner. SOLUTION Gigamon worked with REAN Cloud to define and develop a simple, automated solution that would enable Gigamon s developers to provision an AWS VPC protected by the Palo Alto Networks VM-Series Firewall. REAN Cloud implemented this solution by developing a control VPC that would accept new VPN connections from VPCs developers were spinning up. REAN Cloud then leveraged Jenkins, an orchestration tool, to extract and store IP addresses of secure VPCs, to help automate the deployment of security policies into new VPCs. BENEFITS By leveraging Palo Alto Networks and REAN Cloud, Gigamon can deploy one or more approved VPCs for engineers that are protected by a VM-Series Firewall with the push of a button. Gigamon no longer has concerns about their developers working in unsecured environments, as they now have a centralized VPC in which they can control the VM-Series Firewall. 8

LEARN MORE Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership. For more information, please visit www. paloaltonetworks.com, email info@paloaltonetworks.com.com or call +1 (866) 320-4788. REAN Cloud is a global Cloud Systems Integrator and Premier Consulting Partner in the Amazon Web Services (AWS) Amazon Partner Network (APN). REAN Cloud offers managed and professional services and solutions for hyperscale integrated IaaS and PaaS providers and is one of few MSPs capable of supporting the entire cloud services lifecycle. Backed by extensive security DNA and deep compliance IP and expertise, REAN Cloud specializes in helping enterprise customers operating in highly regulated environments Financial Services, Healthcare/Life Sciences, Education and the Public Sector to get the most from their cloud investment while enabling them to accelerate the value gained from the cloud once there. REAN Cloud s team has worked with global organizations including the American Heart Association, Alexion Pharmaceuticals, Ditech Mortgage, Ellucian, Globus Genomics, PierianDx, SAP, Symantec, Teradata and Veritas. REAN Cloud solution ns are bundled with advanced security features to help address clients compliance needs. For more information, please visit www.reancloud.com, email info@reancloud.com or call +1 (844) 377-7326. For 10 years, Amazon Web Services has been the world s most comprehensive and broadly adopted cloud platform. AWS offers more than 90 fully featured services for compute, storage, databases, analytics, mobile, Internet of Things (IoT) and enterprise applications from 44 Availability Zones (AZs) across 16 geographic regions in the U.S., Australia, Brazil, Canada, China, Germany, India, Ireland, Japan, Korea, Singapore, and the UK. AWS services are trusted by millions of active customers around the world monthly -- including the fastest growing startups, largest enterprises, and leading government agencies -- to power their infrastructure, make them more agile, and lower costs. To learn more about AWS, visit https://aws.amazon.com. 2017 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. All other marks mentioned herein may be trademarks of their respective companies. 2017 Amazon Web Services. All rights reserved. 2017 REAN Cloud. All Rights Reseved. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback