WHITE PAPER. Five AWS Practices. Enhancing Cloud Security through Better Visibility

Similar documents
SIEMLESS THREAT DETECTION FOR AWS

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Cisco Cloud Application Centric Infrastructure

STATE OF MODERN APPLICATIONS IN THE CLOUD

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Securing Your Amazon Web Services Virtual Networks

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Five Essential Capabilities for Airtight Cloud Security

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Accelerate Your Enterprise Private Cloud Initiative

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

SIEMLESS THREAT MANAGEMENT

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

HOW SNOWFLAKE SETS THE STANDARD WHITEPAPER

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Getting Started with AWS Security

locuz.com SOC Services

Enterprise & Cloud Security

Best Practices in Securing a Multicloud World

Security & Compliance in the AWS Cloud. Amazon Web Services

Help Your Security Team Sleep at Night

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

MODERNIZE INFRASTRUCTURE

The Windstream Enterprise Advantage for Banking

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

McAfee Skyhigh Security Cloud for Amazon Web Services

CyberPosture Intelligence for Your Hybrid Infrastructure

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

The Why, What, and How of Cisco Tetration

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

HIPAA Compliance and Auditing in the Public Cloud

Modern Database Architectures Demand Modern Data Security Measures

Title: Planning AWS Platform Security Assessment?

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

Hyper-Converged Infrastructure: Providing New Opportunities for Improved Availability

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

ALERT LOGIC LOG MANAGER & LOG REVIEW

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Next Generation Privilege Identity Management

Automating the Top 20 CIS Critical Security Controls

Qualys Cloud Platform

Solution Overview Gigamon Visibility Platform for AWS

Healthcare IT Modernization and the Adoption of Hybrid Cloud

SECURITY SERVICES SECURITY

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

To Audit Your IAM Program

Traditional Security Solutions Have Reached Their Limit

Securing Your Microsoft Azure Virtual Networks

CYBER SECURITY WHITEPAPER

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Mobility, Security Concerns, and Avoidance

AWS Reference Design Document

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

PROTECT AND AUDIT SENSITIVE DATA

Cloud Security Strategy - Adapt to Changes with Security Automation -

Qualys Cloud Platform

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

INTELLIGENCE DRIVEN GRC FOR SECURITY

Closing the Hybrid Cloud Security Gap with Cavirin

Cloud Computing: Making the Right Choice for Your Organization

CLOUD WORKLOAD SECURITY

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Delivering Complex Enterprise Applications via Hybrid Clouds

Government IT Modernization and the Adoption of Hybrid Cloud

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Cognizant Cloud Security Solution

Accelerating the Business Value of Virtualization

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Intermedia s Private Cloud Exchange

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Preparing your network for the next wave of innovation

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Introducing Cyber Observer

SIEM: Five Requirements that Solve the Bigger Business Issues

Windows Server The operating system

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cisco Tetration Analytics

Multicloud is the New Normal Cloud enables Digital Transformation (DX), but more clouds bring more challenges

by Cisco Intercloud Fabric and the Cisco

Transcription:

WHITE PAPER Five AWS Practices Enhancing Cloud Security through Better Visibility

Continuous innovation and speed to market are mandating dynamic paradigm shifts in how companies conceive, develop and implement IT operations and security strategies. The escalating demand for agility is driving cloud-based digital initiatives to the forefront of today s enterprise economy. Software-centric companies keenly focused on delivering differentiated customer experiences are reshaping markets and the way we do business. One example is Amazon s revolutionary cloud computing business, Amazon Web Services (AWS), earning more than $10 billion in annual revenue. AWS, launched in 2006 and now the most widely adopted cloud IaaS provider, redefines computing and is the greatest disruptive force in today s enterprise technology market. Digital enterprises are migrating mission-critical workloads to the cloud and leveraging advanced AWS infrastructure to reap the benefits of agile development and competitive advantage. However, a lack of real-time visibility inhibits robust and consistent cloud security and keeps business executives awake at night. Security remains the number one pain point for cloud deployments. -Cloud Computing Outlook (451 Research) The number one cloud security issue is lack of visibility. -Dave Shackleford, SANS Project All workloads are not created equal. The complexity and pace of change that characterize many cloud deployments make them impossible to protect with traditional on-premises security systems. Likewise, simply moving existing workloads from enterprise datacenters to the cloud without rethinking security implications will jeopardize sensitive information assets. On the other hand, AWS workloads that feature purposefully baked-in cloud-centric security for modern applications will protect critical data and allow security professionals to get a good night s sleep. The cloud abstracts the complexity of the physical security from you and gives you the control through tools and features so that you can secure your application. AWS Security Best Practices, Amazon (2011) As your organization continues to migrate workloads to the cloud, here are some fundamental approaches you will want to adopt in order to better protect every layer of your AWS architecture: 1. Understand service provider and customer responsibilities in the AWS shared security model. Amazon provides physical infrastructure security, but other service providers and enterprise customers are responsible for network and application security. In other words, AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. All participants must invest in and share ownership of protecting the AWS ecosystem. Protect your AWS credentials with access keys and/or certificates. Encrypt credentials before sending them over the wire, and incorporate a key rotation mechanism to counter compromise. Use certificates to authenticate access to specific AWS services. Five AWS Security Best Practices A baseline level of security is built into AWS offerings, but companies that deploy these services are responsible for securing the apps running in their AWS environments. Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities. --Best Practices for Securing Workloads in Amazon Web Services, Gartner (December 2015) 2

2. Align AWS security strategy with enterprise control objectives. Is your organization primarily concerned about data availability, integrity, confidentiality or sovereignty? Your core control objectives should drive your AWS cloud security strategy, framework and policies. Protect sensitive data exchanged between browsers and servers by configuring SSL and creating a Virtual Private Cloud (VPC). Use Amazon VPC Flow Logs to capture information about web application traffic to and from network interfaces in your VPC. Maximize the security of your apps by regularly deploying and testing updated AMIs (Amazon Machine Images). 3. Adopt a holistic approach to security that encompasses people, process and technology. Enterprise IT is expected to deliver capabilities to the business faster than ever before. The security focus is often on process and technology, but people are a critical part of the equation in combating data breaches. Embrace the DevSecOps approach, which tears down traditional barriers and enables these functional areas of the enterprise to collaborate as a dynamic force to create solutions. 80% of companies report that end-user carelessness constitutes the greatest security threat to the enterprise, surpassing malware and hacker attacks. -ITC Security Deployment Trends (2013) Ensure sensitive data is protected regardless of where it is stored. Continuously monitor user application access, usage and modifications (AWS Config), including actions of privileged users. Rely on advanced machine learning to uncover dangerous user activity. Trigger real-time alerts when suspicious access occurs. 4. Rigorously manage AWS accounts, granting users permission to access only the resources they require. Manage the permissions for users within your AWS environment with AWS Identity and Access Management (IAM). This service eliminates the need to share passwords or access keys, and eases the process of changing user access as necessary. IAM lets you give users unique credentials and grant role- and rule-based permissions to access only the AWS resources required for them to perform their jobs. Encrypt all network traffic so that only authenticated users see data in clear text. Take and store periodic snapshots of your data to protect it from disaster. Rely more on IAM user credentials and less on enterprise AWS account credentials for access to AWS resources. 5. Monitor enterprise AWS usage to identify suspicious behavior. Start with continuously monitoring all user actions related to AWS workloads by activating AWS CloudTrail and Amazon CloudWatch. Then inject the resulting log data and monitoring metrics into security analytics systems for enhanced search, alerting, visualization and correlation capabilities. Apply pattern clustering to log data to surface outliers and improve threat detection (internal and external). CloudWatch tracks OS and application logs; CloudTrail logs all API actions within IAM and most other AWS services. Run AWS Inspector to learn how your workload apps are performing. This host-based agent runs scans to determine if changes in workloads will result in noncompliance. Create an immutable audit trail of your log data to meet regulatory compliance requirements and respond to auditors ad-hoc requests for additional information. Armed with the tools and capabilities provided by AWS, most customers can easily implement many of these best practices. However, robust AWS security does require an investment in new proactive application monitoring methodologies that can scale to manage and analyze massive volumes of machine data, including log event streams as well as infrastructure and application metrics. In order to attain end-to-end visibility of your AWS environment, you will need to deploy security analytics to continuously track and investigate user activity patterns and suspicious behavior. Sumo Logic Analytics for Best-Practice Cloud Security Sumo Logic s analytics platform is designed and delivered to mirror Amazon Web Services. Sumo helps organizations gain the instant visibility they require to confidently pursue and enable dynamic modern cloud applications. Data must be mastered, integrated and 3

analyzed to gain the situational awareness that drives a proactive security posture. You can t protect what you can t see. Enterprise IT may not be aware of cloud workloads making protection impossible. -Best Practices for Securing Workloads in Amazon Web Services, Gartner (December 2015) Visibility Is Everything This is what you get when you turn on AWS logging raw data dumps that are difficult to digest and even harder to correlate. VPC Flow Logs provides a clear view of traffic who is trying to access protected resources but this unintelligent information is of little use unless it is comprehensively analyzed for actionable insights. Activating a logging solution is, therefore, only the first step. Maximizing the tool s power is the next step. Sumo Logic s app for VPC Flow Logs consumes streams of complex AWS data and outputs vivid visualizations that reveal strengths and weaknesses, and enable real-time control of VPC traffic. Every Amazon service is safeguarded by one or more security groups rules that control network traffic and provide basic firewalllike protection. Every one of dozens of tabular VPC Flow Logs (sampled above) associated with your apps must map directly to one of these AWS CloudWatch groups. So, for every VPC, you must create a logging group in CloudWatch, and within each group, you must select the network interfaces you care most about, based on your data security priorities. It is also a good idea to set up workloadbased firewalls to fill gaps left by AWS security groups. Controlling and protecting applications and the services that support them should be the focus of your cloud security strategy, not signature-based antivirus or anti-malware scanning. 4

Operate and Innovate with Confidence and Security Ingesting AWS logging data into Sumo Logic s analytics engine provides continuous visibility, a holistic view across VPCs, synchronization capability and actionable intelligence. Machine learning reduces millions of siloed data streams into digestible and meaningful patterns. Algorithms monitor transient enterprise workloads in real time, reveal normal behavioral patterns, and point you to anomalies and deviations that may be cause for concern. You gain the real-time visualization you need to quickly identify problems, detect root causes, and resolve cloud-based security threats. Sumo Logic transforms AWS data into opportunistic security, operational and business insights. Sumo Logic s ability to support VPC Flow Logs is critical for our security team to have full stack visibility. It allows us to capture and analyze traffic flow for all network interfaces, increasing our security posture over time, and do this in a seamless and consistent manner across our entire AWS infrastructure. Jarrod Sexton, Security Engineer, Interactive Intelligence Facilitating deep visibility across the AWS environment and integrating services for a comprehensive unified view allow you to see who is accessing AWS and when they are making changes (CloudTrail), what they are changing (Config), where this impacts network traffic and latency (VPC Flow), and how this is affecting your security and compliance posture (Inspector). Continuously monitoring workloads, user access, and configuration changes in real time improves visibility across hybrid cloud (i.e., AWS, Google Apps, etc.) and onpremises infrastructures. The Industry s Most Secure Cloud-Native Analytics Platform Sumo Logic was conceived and launched in the cloud; it s part of the company s DNA. Cloud audit, user monitoring and behavioral analysis are core capabilities. Sumo helps customers simplify and accelerate migrations to AWS by continuously monitoring and securing cloud apps. 5

Instant Value. With Sumo Logic s cloud-native SaaS offering, you can get started in minutes and have access to all the latest capabilities without the need for time-consuming, expensive upgrades. Start small and expand as your business grows. Elastic Scalability. Our multi-tenant architecture scales on demand to support rapid application growth and cloud migration. The service overcomes the inherent limitations of traditional architectures by allowing organizations to burst as needed without any manual intervention. Proactive Analytics. Sumo Logic is known for powerful machine learning and analytics. We leverage machine learning to help make sense of expected and unexpected behavior across environments with pattern and outlier detection. Secure by Design. Sumo Logic maintains the highest level of security certification to protect your data, including: CSA STAR, PCI DSS 3.1 Service Provider Level 1, ISO 27001, SOC 2, Type II Attestation, FIPS 140 Level 2 and HIPAA. Reliability. SLAs on availability and performance ensure Sumo Logic services are always on and performing per expectations. Sumo Logic publishes live service status for greater transparency. About Sumo Logic Sumo Logic is a secure, cloud-native, data analytics service, delivering real-time, continuous intelligence across an organization s entire infrastructure and application stack. Visit Sumo Logic to learn more about scalable security analytics solutions that can help quickly detect and investigate cyberattacks, as well as monitor and analyze user behavior, to ensure business growth without increasing risk to the organization. Watch this short video to learn more about Sumo Logic s security offerings. Gain the continuous visibility required to confidently and securely migrate mission-critical workloads to the cloud. Enhance baseline AWS infrastructure protection with Sumo Logic analytics for bestpractice cloud security. Toll-Free: 1.855.LOG.SUMO Int l: 1.650.810.8700 305 Main Street, Redwood City, CA 9460 www.sumologic.com Copyright 2016 Sumo Logic, Inc. All rights reserved. Sumo Logic, Elastic Log Processing, LogReduce, Push Analytics and Big Data for Real-Time IT are trademarks of Sumo Logic, Inc. All other company and product names mentioned herein may be trademarks of their respective owners. WP-0716. Updated 07/15/16 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback