Cloud Security Strategy - Adapt to Changes with Security Automation -

Similar documents
AWS Well Architected Framework

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

Cloud security 2.0: Joko nyt pilveen voi luottaa?

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Training on Amazon AWS Cloud Computing. Course Content

Enroll Now to Take online Course Contact: Demo video By Chandra sir

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Additional Security Services on AWS

CogniFit Technical Security Details

Getting Started with AWS Security

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

CYBER SECURITY WHITEPAPER

Architecting for Greater Security in AWS

Who done it: Gaining visibility and accountability in the cloud

Title: Planning AWS Platform Security Assessment?

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Security & Compliance in the AWS Cloud. Amazon Web Services

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Getting started with AWS security

SIEMLESS THREAT DETECTION FOR AWS

Microservices on AWS. Matthias Jung, Solutions Architect AWS

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

AWS 101. Patrick Pierson, IonChannel

Advanced Techniques for DDoS Mitigation and Web Application Defense

Magento Commerce Architecture and Security Model Last updated: Aug 2017

Automate best practices and operational health for your AWS resources with Trusted Advisor and AWS Health

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Hackproof Your Cloud Responding to 2016 Threats

A Risk Management Platform

Understanding Perimeter Security

AWS Solution Architect Associate

locuz.com SOC Services

Securing Microservices Containerized Security in AWS

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

External Supplier Control Obligations. Cyber Security

From Managed Security Services to the next evolution of CyberSoc Services

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Incident Response and Forensics in your Pyjamas

Microservices Architekturen aufbauen, aber wie?

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Certificate of Registration

Introduction to Cloud Computing

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

ALIENVAULT USM FOR AWS SOLUTION GUIDE

High School Technology Services myhsts.org Certification Courses

MITIGATE CYBER ATTACK RISK

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

AWS Solution Architecture Patterns

NEXT GENERATION CLOUD SECURITY

Cybersecurity Roadmap: Global Healthcare Security Architecture

Mid-Atlantic CIO Forum

Securing Your Amazon Web Services Virtual Networks

Twilio cloud communications SECURITY

The Evolution of : Continuous Advanced Threat Protection

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

INTRO TO AWS: SECURITY

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

WHITE PAPER. Five AWS Practices. Enhancing Cloud Security through Better Visibility

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Qualys Cloud Platform

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Serverless Computing. Redefining the Cloud. Roger S. Barga, Ph.D. General Manager Amazon Web Services

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

IBM services and technology solutions for supporting GDPR program

Security Readiness Assessment

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Managed Endpoint Defense

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Overcoming the Challenges of Automating Security in a DevOps Environment

Mitigating Cybersecurity Risk with Hyper-Segmentation

BEST PRACTICES TO PROTECTING AWS CLOUD RESOURCES

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

SECURITY-AS-A-SERVICE BUILT FOR AWS

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

CLOUD AND AWS TECHNICAL ESSENTIALS PLUS

LINUX, WINDOWS(MCSE),

ASD CERTIFICATION REPORT

NIST Special Publication

Design Patterns for the Cloud. MCSN - N. Tonellotto - Distributed Enabling Platforms 68

SYMANTEC DATA CENTER SECURITY

Infoblox as Part of the Ecosystem

CyberPosture Intelligence for Your Hybrid Infrastructure

Proactive Approach to Cyber Security

Streamline AWS Security Incidents

Transcription:

SESSION ID: CMI-F03 Cloud Security Strategy - Adapt to Changes with Security Automation - Hayato Kiriyama Security Solutions Architect Amazon Web Services Japan K.K. @hkiriyam1

Agenda New Normal of Security Architecture Security Best-Mix to Adapt to Changes Security Automation as a New Solution 11

Agenda New Normal of Security Architecture Security Best-Mix to Adapt to Changes Security Automation as a New Solution 12

https://www.youtube.com/watch?v=d5-ifl7kj00

Cloud has become the New Normal. Companies of every size are deploying new applications to the cloud by default. Andy Jassy, Chief Executive Officer, Amazon Web Services AWS re:invent 2015 https://www.youtube.com/watch?v=d5-ifl7kj00

http://www.youtube.com/watch?v=nsstpwfycpc&t=28m40s

The only rational response to risk is to be proactive in how we engage with changes. If you are not disrupting your own markets, someone else will disrupt them for you. Eric Tucker, IT Chief Technology Officer, GE Global Research AWS Summit Tokyo 2016 http://www.youtube.com/watch?v=nsstpwfycpc&t=28m40s

IT in the Cloud Era Ownership Utilization Electric Power Private Electric Generator Electric Utility Provider Computing On-premise Servers Cloud Service Provider 17

IT Capacity (On-premise) Surplus Capacity Surplus Capacity Rapid Growth or M&A Unpredictable Peak Lack of Capacity = Opportunity Loss 18

IT Capacity (Cloud) Freedom from Surplus Capacity Freedom from Surplus and Lack of Capacity Rapid Growth or M&A Unpredictable Peak Freedom from Capacity Sizing 19

The Value of Cloud Improvement Easier, Faster, Cheaper Innovation Can do what we couldn t do 20

The Value of Cloud Improvement Easier, Faster, Cheaper Innovation Can do what we couldn t do Disruption Bring the old value to naught Normal to New Normal 21

Normal Security Issues Are current security measures effective? How much should we invest in security? Is ROI optimized? 22

Can We Calculate Security ROI? Return Protected amount of money applied by security measures Investment Pure cost of security measures 23

Can We Calculate Security ROI? NO! Return Direct Cost Incident Response Expenses Existing Customers Lost Measurable Indirect Cost Business Opportunity Lost Prospective Customers Lost Unmeasurable Investment IT Investment Facility Investment Training What is the percentage of Security? 24

Security Investment Can Not Be Unraveled Security is becoming a fabric item. It s woven through every major technical decision. Mark McLaughlin President & CEO, Palo Alto Networks Ignite 2015 https://www.youtube.com/watch?v=zuvcnitslma

Start with Risk (Risk-based Approach) NIST SP800-53 Security and Privacy Controls for Federal Information Systems and Organizations Select the appropriate security controls in accordance with the required security levels. Tailor security control baselines to achieve the needed level of protection in accordance with organizational assessments of risk. http://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-53r4.pdf 26

Security Risk Formula Threats Vulnerabilities Informational Assets Malware Targeted Attack DDoS Attack Security Hole Misconfiguration Psychological Corporate Confidential Personal Information Intellectual Property 27

Risks keep changing Threats Vulnerabilities Informational Assets Social Event Corporate News Corporate Reputation Asset Investment Organization Growth Hiring & Deployment Business Growth M&A/IPO Company Split-up 28

Adapt Security Level to Risk Changes Changing Security Risk 29

Adapt Security Level to Risk Changes Optimal Security Level Changing Security Risk 30

From ROI to Adaptiveness Normal New Normal What we look at Return On Investment (ROI) Adaptiveness to changes Increased Security Level Adapted Security Level What it looks like 0 1 2 3 4 Changing Security Risk 31

Agenda New Normal of Security Architecture Security Best-Mix to Adapt to Changes Security Automation as a New Solution 32

Categories by Adaptiveness Category Situational Security Adaptiveness High Usecases Incident response Forensics EDR UEBA Threat Intelligence Correlation Corporate Security Middle Access Control Vulnerbility Mngt. Encryption FW/IPS/IDS Data Protection Log Management Fixed Security Low Network Server Data Center Hypervisor Storage Facility 33

[REF] Electric Power Best Mix Electric Power Demand thermal electric power pumped-storage hydroelectric power nuclear electric power 0 6 12 18 24(H) 34

Security Best Mix Security Level Situational Security Adaptiveness High Cost High Corporate Security Middle Middle Fixed Security Low Low 35

Security Best Mix in the Cloud Era Security Level Situational Security (Security by the cloud) Corporate Security (Security in the cloud) Fixed Security (Security of the cloud) Power Source (Driver) Security Automation (Adaptability) Compliance as Code DevSecOps Based on regulatory compliance (Reusability/Repeatability) Economies of Scale by Cloud Service Provider (Cost) 36

Security Best Mix in the Cloud Era Security Level Situational Security (Security by the cloud) Corporate Security (Security in the cloud) Fixed Security (Security of the cloud) Power Source (Driver) Security Automation (Adaptability) What and How? Compliance as Code DevSecOps Based on regulatory compliance (Reusability/Repeatability) Economies of Scale by Cloud Service Provider (Cost) 37

Minimize the Gap to Adapt 1. Granular Response 2. Early Detection Security Level Adapted Security Level Changing Security Risk Time 38

Minimize the Gap to Adapt 1. Granular Response 2. Early Detection Many Small Services Independently Deployable Loosely Coupled Microservices Architecture 39

Minimize the Gap to Adapt 1. Granular Response 2. Early Detection Many Small Services Independently Deployable Loosely Coupled Microservices Architecture Massive Security Logs Threat Intelligence Event Driven / API Call Data Management Infrastructure 40

Minimize the Gap to Adapt 1. Granular Response 2. Early Detection Many Small Services Independently Deployable Loosely Coupled Microservices Architecture Massive Security Logs Threat Intelligence Event Driven / API Call Data Management Infrastructure Cloud Makes It Easier and Possible 41

Agenda New Normal of Security Architecture Security Best-Mix to Adapt to Changes Security Automation as a New Solution 42

Gartner s Adaptive Security Architecture Predict Proactive Exposure Assessment Harden and Isolate Systems Prevent Predict Attacks Divert Attackers Baseline Systems Remediate / Make Changes Continuous Monitoring and Analytics Prevent Incidents Detect Incidents Design / Model Changes Confirm and Prioritize Respond Investigate / Forensics Contain Incidents Detect

AWS Service Mapping Predict NACL SG Prevent Amazon Inspector 3 rd Party Data Feed AWS Config Amazon CloudFront AWS WAF Amazon CloudWatch AWS CloudTrail Amazon SNS AWS Lambda Amazon VPC flow logs 3 rd Party IDS Respond AWS CloudFormation Amazon EBS 44 Auto Scaling 3 rd Party SIEM Detect

Use Case: Mitigate External Attacks Predict NACL SG Prevent Amazon Inspector 3 rd Party Data Feed AWS Config Amazon CloudFront AWS WAF Amazon CloudWatch AWS CloudTrail Amazon SNS AWS Lambda Amazon VPC flow logs 3 rd Party IDS Respond AWS CloudFormation Amazon EBS 45 Auto Scaling 3 rd Party SIEM Detect

Automatic Update on WAF rule with IP Black List User Amazon CloudFront Content Delivery Network Elastic Load Balancing Load Balancer Amazon EC2 Web servers Amazon RDS Database Attacker AWS WAF Web Application Firewall AWS WAF Security Automations https://aws.amazon.com/jp/answers/security/aws-waf-security-automations/

Automatic Update on WAF rule with IP Black List User Amazon CloudFront Content Delivery Network Elastic Load Balancing Load Balancer Amazon EC2 Web servers Amazon RDS Database 1Execute hourly Attacker AWS WAF Web Application Firewall AWS Lambda Function as a Service Amazon CloudWatch Resource Monitoring AWS WAF Security Automations https://aws.amazon.com/jp/answers/security/aws-waf-security-automations/

Automatic Update on WAF rule with IP Black List User Amazon CloudFront Content Delivery Network Elastic Load Balancing Load Balancer Amazon EC2 Web servers Amazon RDS Database 1Execute hourly Attacker AWS WAF Web Application Firewall AWS Lambda Function as a Service Amazon CloudWatch Resource Monitoring 3 rd party Reputation List AWS WAF Security Automations https://aws.amazon.com/jp/answers/security/aws-waf-security-automations/ 2Check for malicious IP addresses

Automatic Update on WAF rule with IP Black List User Amazon CloudFront Content Delivery Network Elastic Load Balancing Load Balancer Amazon EC2 Web servers Amazon RDS Database 1Execute hourly Attacker AWS WAF Web Application Firewall AWS Lambda Function as a Service Amazon CloudWatch Resource Monitoring 3Add to an AWS WAF block list 3 rd party Reputation List AWS WAF Security Automations https://aws.amazon.com/jp/answers/security/aws-waf-security-automations/ 2Check for malicious IP addresses

Automatic Update on WAF rule with IP Black List User Attacker Amazon CloudFront Content Delivery Network 4Block the traffic from malicious IP addresses Elastic Load Balancing Load Balancer Amazon EC2 Web servers Amazon RDS Database 1Execute hourly AWS WAF Web Application Firewall AWS Lambda Function as a Service Amazon CloudWatch Resource Monitoring 3Add to an AWS WAF block list 3 rd party Reputation List AWS WAF Security Automations https://aws.amazon.com/jp/answers/security/aws-waf-security-automations/ 2Check for malicious IP addresses

Contain and Notify an Incident by Scale-out Amazon CloudFront Content Delivery Network Elastic Load Balancing Load Balancer Auto Scaling Group Availability Zone 1a EC2 Instances Availability Zone 1b

Contain and Notify an Incident by Scale-out Amazon CloudFront Content Delivery Network Elastic Load Balancing Load Balancer Auto Scaling Group Availability Zone 1a EC2 Instances Availability Zone 1b 1Massive traffic

Contain and Notify an Incident by Scale-out 2Automatic traffic distribution by scale-out Amazon CloudFront Content Delivery Network Elastic Load Balancing Load Balancer Auto Scaling Group Availability Zone 1a EC2 Instances Availability Zone 1b 1Massive traffic

Contain and Notify an Incident by Scale-out 3Notify the scaling event 2Automatic traffic distribution by scale-out Amazon CloudFront Content Delivery Network Elastic Load Balancing Load Balancer Auto Scaling Group Availability Zone 1a Amazon SNS Notification Service EC2 Instances Availability Zone 1b 1Massive traffic

Contain and Notify an Incident by Scale-out 3Notify the scaling event 2Automatic traffic distribution by scale-out Amazon CloudFront Content Delivery Network 1Massive traffic Elastic Load Balancing Load Balancer EC2 Instances Auto Scaling Group Availability Zone 1a Availability Zone 1b Amazon SNS Notification Service AWS Lambda Function as a Service 4Call an arbitrary function

Use Case: Assess Risks to Manage Internal Endpoints Predict NACL SG Prevent Amazon Inspector 3 rd Party Data Feed AWS Config Amazon CloudFront AWS WAF Amazon CloudWatch AWS CloudTrail Amazon SNS AWS Lambda Amazon VPC flow logs 3 rd Party IDS Respond AWS CloudFormation Amazon EBS 56 Auto Scaling 3 rd Party SIEM Detect

Automate Quarantine and Backup AWS Lambda Function as a Service Amazon Inspector Security Assessment EC2 Instance Endpoint Amazon EBS Block Storage Security Group Stateful Firewall Network ACL Stateless Firewall

Automate Quarantine and Backup AWS Lambda Function as a Service 1Run a security assessment Amazon Inspector Security Assessment EC2 Instance Endpoint Amazon EBS Block Storage Security Group Stateful Firewall Network ACL Stateless Firewall

Automate Quarantine and Backup AWS Lambda Function as a Service 1Run a security assessment Amazon Inspector Security Assessment 2Vulnerability scan to endpoint EC2 Instance Endpoint Security Group Stateful Firewall Network ACL Stateless Firewall Amazon EBS Block Storage

Automate Quarantine and Backup AWS Lambda Function as a Service 1Run a security assessment Amazon Inspector Security Assessment Amazon SNS Notification Service 2Vulnerability scan to endpoint EC2 Instance Endpoint Security Group Stateful Firewall Network ACL Stateless Firewall Amazon EBS Block Storage 3Notify the scan results

Automate Quarantine and Backup AWS Lambda Function as a Service 1Run a security assessment Amazon Inspector Security Assessment 2Vulnerability scan to endpoint EC2 Instance Endpoint Security Group Stateful Firewall Amazon EBS Block Storage Amazon SNS Notification Service AWS Lambda Function as a Service 3Notify the scan results Network ACL Stateless Firewall 4Quarantine the endpoint by firewalls

Automate Quarantine and Backup AWS Lambda Function as a Service 1Run a security assessment 5Copy a disk image for backup Amazon Inspector Security Assessment 2Vulnerability scan to endpoint EC2 Instance Endpoint Amazon EBS Block Storage snapshot Security Group Stateful Firewall Amazon SNS Notification Service AWS Lambda Function as a Service 3Notify the scan results Network ACL Stateless Firewall 4Quarantine the endpoint by firewalls

Automate Quarantine and Backup AWS Lambda Function as a Service 1Run a security assessment 5Copy a disk image for backup Amazon Inspector Security Assessment 2Vulnerability scan to endpoint EC2 Instance Endpoint Amazon EBS Block Storage snapshot Security Group Stateful Firewall Amazon SNS Notification Service AWS Lambda Function as a Service 3Notify the scan results Network ACL Stateless Firewall 4Quarantine the endpoint by firewalls AWS CloudTrail Operation Log Service 6Record the backup log

The Value of Cloud Security Improvement Innovation Disruption Easier, Faster, Cheaper Earlier detection on data management infrastructure Can do what we couldn t do granular response through the microservices Bring the old value to naught ROI to Adaptiveness to changes 64

Summary Be adaptive to the changes of security risks Best-mix security by its adaptiveness Cloud makes it easy and possible with Security Automation 65

Apply Apply cloud technology to improve readiness and responsiveness. (e.g. AWS provides automated security) Mix different types of security in adaptiveness to attain the necessary security level. Recommend to use: security of cloud for fixed security security in cloud for corporate security security by cloud for situational security 66

Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback