INTRODUCING CISCO SECURITY FOR AWS

Similar documents
INTRODUCING CISCO SECURITY FOR AWS

A New Way to Look at AWS Security

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

AWS Well Architected Framework

Monitoring Serverless Architectures in AWS

Serverless Computing. Redefining the Cloud. Roger S. Barga, Ph.D. General Manager Amazon Web Services

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

STATE OF MODERN APPLICATIONS IN THE CLOUD

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

Who done it: Gaining visibility and accountability in the cloud

AWS Solution Architect Associate

Amazon Web Services (AWS) Training Course Content

About Intellipaat. About the Course. Why Take This Course?

Amazon Web Services Training. Training Topics:

How to go serverless with AWS Lambda

Deploy Symantec Cloud Workload Protection for Storage

AWS 101. Patrick Pierson, IonChannel

High School Technology Services myhsts.org Certification Courses

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

CASE STUDY Application Migration and optimization on AWS

Hackproof Your Cloud Responding to 2016 Threats

Energy Management with AWS

CogniFit Technical Security Details

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Additional Security Services on AWS

Getting Started with AWS Security

Enhanced Threat Detection, Investigation, and Response

Eyes Everywhere: Monitoring Today's Borderless Landscape

Automating Elasticity. March 2018

Minfy MS Workloads Use Case

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Understanding Perimeter Security

Securing Microservices Containerized Security in AWS

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Serverless Architecture Hochskalierbare Anwendungen ohne Server. Sascha Möllering, Solutions Architect

Microservices on AWS. Matthias Jung, Solutions Architect AWS

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

CIMA Asia. Interactive Timetable Live Online

Mid-Atlantic CIO Forum

Security & Compliance in the AWS Cloud. Amazon Web Services

Certificate of Registration

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Securing Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

Lift and Shift, Don t Lift and Pray: Pragmatic Cloud Migration Strategies

Scheduling. Scheduling Tasks At Creation Time CHAPTER

Cloud Computing 1. CSCI 4850/5850 High-Performance Computing Spring 2018

25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles

Microservices Architekturen aufbauen, aber wie?

Emulating Lambda to speed up development. Kevin Epstein CTO CorpInfo AWS Premier Partner

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Minfy MS Workloads Use Case

Automate best practices and operational health for your AWS resources with Trusted Advisor and AWS Health

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

Architecting for Greater Security in AWS

Startups and Mobile Apps on AWS. Dave Schappell, Startup Business Development Manager, AWS September 11, 2013

Grade 4 Mathematics Pacing Guide

MONITORING SERVERLESS ARCHITECTURES

Cloud Computing. Amazon Web Services (AWS)

DATE OF BIRTH SORTING (DBSORT)

Moving to the Cloud: Making It Happen With MarkLogic

Enroll Now to Take online Course Contact: Demo video By Chandra sir

25 Best Practice Tips for architecting Amazon VPC

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Immersion Day. Getting Started with AWS Lambda. August Rev

Overcoming the Challenges of Automating Security in a DevOps Environment

CIMA Asia. Interactive Timetable Live Online

Training on Amazon AWS Cloud Computing. Course Content

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

Unlimited Scalability in the Cloud A Case Study of Migration to Amazon DynamoDB

CLOUD WORKLOAD SECURITY

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

Pushing the Limits. ADSM Symposium Sheelagh Treweek September 1999 Oxford University Computing Services 1

8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop

Scaling on AWS. From 1 to 10 Million Users. Matthias Jung, Solutions Architect

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

What is Cloud Computing? What are the Private and Public Clouds? What are IaaS, PaaS, and SaaS? What is the Amazon Web Services (AWS)?

Redis for Pivotal Cloud Foundry Docs

NEXT GENERATION CLOUD SECURITY

BEST PRACTICES TO PROTECTING AWS CLOUD RESOURCES

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Cloud security 2.0: Joko nyt pilveen voi luottaa?

PRAGMATIC SECURITY AUTOMATION FOR CLOUD

Oracle WebLogic Server 12c on AWS. December 2018

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

AWS Certifications. Columbus Amazon Web Services Meetup - February 2018

Network security monitoring. Patrick Crowley Bo Bayles!

Getting Started with Amazon Web Services

Transcription:

SESSION ID: SPO1-T08 INTRODUCING CISCO SECURITY FOR AWS Patrick Crowley CTO Cisco, Stealthwatch Cloud @p_crowley

Who am I? I work for Cisco Systems, in the Security Business Group Founder, Observable Networks: aka Cisco Stealthwatch Cloud Cisco acquired Observable in July 2017 Long-time professor of CS at Washington University in St. Louis Outside of work Married with two daughters Big fan of motorcycle trials and MotoGP is now Patrick Crowley 2

If nothing else, please remember this Your infrastructure and workloads can be dramatically more secure in AWS than anywhere on-prem VPC Flow Logs and CloudTrail provide essential telemetry for security Cisco Stealthwatch Cloud provides automatic, helpful security from this telemetry 3

Cloud-Native Virtues: Unblocking Security Elastic & Scalable Grows and shrinks with demand, more always available Nimble Continuous Integration and Continuous Deployment enable daily releases Automated Small DevOps teams supporting massive workloads

User authenticated! Firewall rule changed! New DNS hosted domain! What if you could capture every change made in your IT environment? User disabled MFA! New server provisioned! Access policy changed for storage bucket/blob changed!

AWS CloudTrail How is my AWS configuration and management changing?

SSH log in to Terminal Server! Attempted log in to load balancer! Client access to database server! What if you could log every network utterance in your IT environment? Data transfer between web front end and database Internal network scan! Data transfer between internal host and unknown external server! RDP Session on Domain Controller!

VPC Flow Logs Are any of my AWS resources misbehaving or compromised?

Flow logs are your friend When any of your AWS VPC resources have a network interaction, a log entry is made Source & destination IP addresses, ports, protocol, byte count, packet count Just like netflow logs produced by switches and routers, all network interactions can be audited Did someone discover a backdoor? Did sw/appliance dial home? Is an authorized user abusing privileges? Has a configuration mistake been made, enabling remotes? Just like NetFlow: it is an avalanche of data! Here s where Cisco Stealthwatch Cloud can help

Making VPC Flow Logs easy AWS Console View Stealthwatch Cloud

Aside: We share code on using VPC Flow Logs https://observable.net/blog/our-open-source-vpc-flow-logs-toolversion-1-0/ https://github.com/obsrvbl/flowlogs-reader

You still have all the security work to do! AWS solves the telemetry problem for you But, but, but it is an avalanche of data! Cisco has a cloud-native approach that helps your security be elastic, nimble, and automated

Stealthwatch Cloud s Entity Modeling What: maintain a model a kind of simulation of each device & entity on your network Why: to automatically detect and track each entity s role, alert a human or trigger an action when a role change is significant How: passive monitoring of network meta-data, both within the network and to/from the Internet In AWS, modeling is driven by VPC Flow Logs AWS CloudTrail And more: Amazon Inspector, CloudWatch, AWS Config, Route 53,

Entity Modeling yields automatic security

Entity Modeling works well The focus is on providing helpful security This can be quantified! Two main reasons why Stealthwatch Cloud alerts are helpful 1. It worked out of the box 2. No other tool/service spotted this problem 2017 Alerts Marked Helpful (%) January 93.91% February 94.98% March 92.00% Q1 (Jan-Mar) 93.86% April 94.54% May 97.56% June 97.69% Q2 (Apr-Jun) 96.49% July 93.83% August 95.69% September 96.66% Q3 (Jul-Sep) 95.31% October 94.27% November 92.97% December 95.66% Q4 (Oct-Dec) 94.18% 2017 Total 94.90%

Example: Serverless with AWS Lambda Serverless computing & AWS Lambda Strip away the servers and containers from your workloads What remains: application logic, i.e. a Lambda function, that responds to events, performs a job, and queues up work for other Lambdas in the app Big win: No more servers or containers to manage and pay for Q: This is still software, so there can be bugs and malicious activity. Where do we install our security agent? A: Not applicable. Try entity modeling! What about RDS, Elasticache, DynamoDB, Redshift, etc? Same answer!

Entity Modeling works with Lambda For Stealthwatch Cloud & Entity Modeling, Lambda functions are just another entity to model! Stealthwatch Cloud uniquely (as far as we know) brings together VPC Flow Logs and CloudTrail to provide visibility and security to AWS Lambda It s Demo Time!

Put this in action! Use CloudTrail to get a comprehensive view of your environment s configuration and management This week: Spin up a free tier AWS account, and get your hands dirty with Cloud Trail. Use VPC Flow logs to see your internal/external traffic, and make sure nothing is happening behind your back This week: Turn on VPC Flow Logs in a VPC, even a small one, and explore! Use Entity Modeling to achieve automatic, continuous security from these telemetry services! Next week: Launch a 60 day free trial, and simplify your exploration of flow logs & Inspector, and see how you can do this at scale! 18

Next week: launch a free 60-day trial AWS Marketplace or http://cisco.com/go/stealthwatch-cloud

And don t forget our friends at Google Cloud! As of April 5 th : VPC Flow logs in GCP!

THANK YOU! Patrick Crowley, pcrwly@cisco.com @p_crowley

One of the reasons I love Cisco

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback