INTRODUCING CISCO SECURITY FOR AWS

Similar documents
INTRODUCING CISCO SECURITY FOR AWS

CIMA Asia. Interactive Timetable Live Online

A New Way to Look at AWS Security

CIMA Asia. Interactive Timetable Live Online

Grade 4 Mathematics Pacing Guide

AIMMS Function Reference - Date Time Related Identifiers

Pushing the Limits. ADSM Symposium Sheelagh Treweek September 1999 Oxford University Computing Services 1

Undergraduate Admission File

DATE OF BIRTH SORTING (DBSORT)

NMOSE GPCD CALCULATOR

Freedom of Information Act 2000 reference number RFI

Training of BRs/NCs reviewers and experts for Biennial Update Reports technical analysis. 5 th BRs and NCs lead reviewers meeting

Understanding Perimeter Security

Scheduling. Scheduling Tasks At Creation Time CHAPTER

Example. Section: PS 709 Examples of Calculations of Reduced Hours of Work Last Revised: February 2017 Last Reviewed: February 2017 Next Review:

Contents:

New Concept for Article 36 Networking and Management of the List

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Monitoring Serverless Architectures in AWS

CS Programming I: Arrays

For personal use only. Update Event & nearmap Solar

YTD Check Register CALDWELL ISD Sort by Check Number

Product Versioning and Back Support Policy

2018 CALENDAR OF ACTIVITIES

Who done it: Gaining visibility and accountability in the cloud

Cloud Infrastructure Security Report. Prepared for Acme Corp

Characterization and Modeling of Deleted Questions on Stack Overflow

Detecting Credential Compromise in AWS

Hackproof Your Cloud Responding to 2016 Threats

TRIMBLE GEOSPATIAL SURVEY PRODUCTS SOFTWARE + FIRMWARE: LATEST RELEASES JAN 2018

AWS-SCWI. American Welding Society Senior Certified Welding Inspector. Certification Programs for the Year 2018

What future changes are planned to improve the performance and reliability of the Wairarapa Connection?

Minfy MS Workloads Use Case

Trimble Products: Geospatial Survey

I.A.C. - Italian Activity Contest.

2018 CERTIFICATION TRAINING SCHEDULE COURSE TARGET AUDIENCE FEE JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

Eyes Everywhere: Monitoring Today's Borderless Landscape

YTD OCT NOV DEC JAN FEB MAR APR MAY JUN JUL AUG SEP TOTAL

OCT NOV DEC JAN FEB MAR APR MAY JUN JUL AUG SEP JAPAN MS YTD TOTAL

ERS IT Portfolio Report

INFORMATION TECHNOLOGY SPREADSHEETS. Part 1

CARIBBEAN TOURISM ORGANIZATION LATEST STATISTICS 2006

You ve Got Mail! List Offer Creative. Timely insights & trends. Katie Parker Editorial Director. Zach Christensen Creative Director

Monitoring AWS VPCs with Flow Logs

TOWN MANAGER S WEEKLY REPORT

Infectious Diseases Media Kit. The Journal of. Advertising & Sales Contacts. Useful Information. jid.oxfordjournals.org

June 2, If you have questions, please do not hesitate to contact me at (517) Sincerely,

BHARATI VIDYAPEETH`S INSTITUTE OF MANAGEMENT STUDIES AND RESEARCH NAVI MUMBAI ACADEMIC CALENDER JUNE MAY 2017

INTERTANKO Vetting seminar 24 th October 2017

IAB Internet Advertising Revenue Report

Designing Adhoc Reports

UNIVERSITY REFERENCING IN GOOGLE DOCS WITH PAPERPILE

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Coaching emerit Certified Event Find out what level you are ready for and what you need to JHB

2018 CERTIFICATION TRAINING SCHEDULE COURSE TARGET AUDIENCE FEE JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

Single Family Months of Inventory. Condo Months of Inventory. May calgary regional housing market statistics

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

TIBCO Upgrade Project New Hub Message Processing Issue ReMCoWG Update

Marketing Opportunities

Network security monitoring. Patrick Crowley Bo Bayles!

MA SREC-II Extension Application Instructions

C Structures, Unions, Bit Manipulations, and Enumerations

CPA PEP 2018 Schedule and Fees

Library. Summary Report

IT Updates. Maryland Health Benefit Exchange Board Meeting April 15, Presented by: Isabel FitzGerald Secretary, DoIT

CIMA Certificate BA Interactive Timetable

Network Security & Access Control in AWS

North American Portability Management, LLC Transition Oversight Manager. TOEP Webcast November 7, 2017

Troop calendar

Oracle HCM Cloud Common Features

Countermeasures against Mobile spam

Minfy MS Workloads Use Case

SQS Academy Stepping ahead

Security of Security. Cyber-Secure? Is Your Security. Mark Bonde Parallel Technologies. Wednesday, Dec. 5, :00 a.m. 11:00 a.m.

Commonwealth of the Northern Mariana Islands

Dashboard. 16 Jun Jun 2009 Comparing to: 16 Jun Jun % Bounce Rate. 62,921 Visits. 407,003 Page Views

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

SME License Order Working Group Update - Webinar #3 Call in number:

Title: Planning AWS Platform Security Assessment?

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense

Getting Started with AWS Security

COUNCIL MEETINGS July 2017 to June 2018

The Future Is SECURITY THAT MAKES A DIFFERENCE. Implementing the 20 Critical Controls

Clinical Infectious Diseases

Council, 8 February 2017 Information Technology Report Executive summary and recommendations

Minimizing the PCI Footprint: Reduce Risk and Simplify Compliance

Dan Lobb CRISC Lisa Gable CISM Katie Friebus

Amazon Web Services Hands- On VPC

Multi-part functionality in PINES

2019 CERTIFICATION TRAINING SCHEDULE

CRIME ANALYSIS SACRAMENTO COUNTY SHERIFF S DEPARTMENT

CHIROPRACTIC MARKETING CENTER

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Nigerian Telecommunications Sector

RELEASE NOTES SHORETEL MS DYNAMICS CRM CLIENT VERSION 8

ALIENVAULT USM FOR AWS SOLUTION GUIDE

MONITORING REPORT ON THE WEBSITE OF THE STATISTICAL SERVICE OF CYPRUS DECEMBER The report is issued by the.

CASE STUDY Application Migration and optimization on AWS

Minfy-Magnaquest Migration Use Case

IAB Internet Advertising Revenue Report

Transcription:

SESSION ID: SPO1-T08 INTRODUCING CISCO SECURITY FOR AWS Patrick Crowley CTO Cisco, Stealthwatch Cloud @p_crowley

Three Main Points Use VPC Flow logs to make sure nothing is happening behind your back Use Amazon Inspector to make sure your software & servers do not exhibit known vulnerabilities Use Entity Modeling to achieve automatic, continuous security from these services! 2

One Way to Think About Security in AWS AWS provides extraordinary flexibility & capability AWS provides rich, dynamic infrastructure Keeping our AWS footprint secure is largely up to us How do I secure my AWS footprint? Best practices with identity management & credentials Keep software up-to-date Disable it if you don t need it Age-old challenge: what don t I know about my IT footprint?

Two Relatively New AWS Features Help! Are any of my AWS resources misbehaving or compromised? VPC Flow Logs!

Flow logs are your friend When any of your AWS VPC resources have a network interaction, a log entry is made Source & destination IP addresses, ports, protocol, byte count, packet count Just like netflow logs produced by switches and routers, all network interactions can be audited Did someone discover a backdoor? Did sw/appliance dial home? Is an authorized user abusing privileges? Has a configuration mistake been made, enabling remotes? Just like NetFlow: it is an avalanche of data! Here s where Observable can help

We share code/notes on using VPC Flow Logs https://observable.net/blog/our-open-source-vpc-flow-logs-toolversion-1-0/ https://github.com/obsrvbl/flowlogs-reader

Making VPC Flow Logs easy AWS Console View Stealthwatch Cloud

Entity Modeling What: maintain a model a kind of simulation of each device & entity on your network Why: to automatically detect and track each entity s role, alert a human when a role change is significant How: passive monitoring of network meta-data, both within the network and to/from the Internet In AWS, modeling is driven by VPC Flow Logs AWS CloudTrail Growing, diverse sources: OSSEC, Amazon Inspector, VPN logs, Splunk, Sumo Logic, and more

Entity Modeling yields automatic security

Entity Modeling works well The focus is on providing helpful security This can be quantified! 2017 Alerts Marked Helpful (%) January 93.91% February 94.98% March 92.00% Q1 (Jan-Mar) 93.86% April 94.54% May 97.56% June 97.69% Q2 (Apr-Jun) 96.49% July 93.83% August 95.69% September 96.66% Q3 (Jul-Sep) 95.31% October 94.27% November 92.97% December 95.66% Q4 (Oct-Dec) 94.18% 2017 Total 94.90%

Other AWS features help Is there a known problem with the software on any of my EC2 instances? Amazon Inspector!

Amazon Inspector + Entity Modeling Amazon Inspector Entity Modeling Requires agent installation User-initiated assessment Continuous assessment Assess changes through time Assess instance internals (e.g., sw vulns, best practices) Assess instance network activity (e.g., scanning, remote access, data exfil) Detect instance role (e.g., DB server, AD controller) and apply role-specific checks Assess CloudTrail events for instancespecific risks

Inventory of Amazon Inspector Resources

Inspector findings are stored

Including Inspector assessments

Inspector-based alerts

Getting started with Amazon Inspector

Put this in action! Use VPC Flow logs to make sure nothing is happening behind your back This week: Turn on VPC Flow Logs in a VPC, even a small one, and explore! Use Amazon Inspector to make sure your software & servers do not exhibit known vulnerabilities Next week: Use Amazon Inspector on an AMI that you use in production! Use Entity Modeling to achieve automatic, continuous security from these services! Next week: Launch a 60 day free trial, and simplify your exploration of flow logs & Inspector, and see how you can do this at scale! 18

THANK YOU! Patrick Crowley, pcrwly@cisco.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback