Developing a Continuous Automated Approach to Cloud Security
-
Upload
amazon-web-services -
Category
Technology
-
view
1.253 -
download
0
Transcript of Developing a Continuous Automated Approach to Cloud Security
![Page 1: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Tim Prendergast, CEO and co-founder, Evident.io
04 / 19 / 2016
Automating Security Operations on AWS
![Page 2: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/2.jpg)
Of the changes catalyzed by cloud,
security is still the most exciting.
![Page 3: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/3.jpg)
Your Role in Securing AWS is Well-Defined
Customer Data
Applications IdentityAccess
Mgmt
OS Network Firewall
Client-side
EncryptionServer-side
EncryptionNetwork Traffic
Protection
Compute Storage Networking
AWS Global Infrastructure
(Regions, AZs, Edge Locations)
AWS: Security of the Cloud
Customer: Security in the Cloud
![Page 4: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/4.jpg)
Legacy Datacenters
• Big Perimeter
• End-to-End Ownership
• Build it all yourself
• Server-centric approach
• Self-managed Services
• Static Architecture
• De-centralized Administration
The security paradigm shifted
AWS
• Micro-Perimeters
• Own just enough
• Focus on your core value
• Service-Centric
• Platform Services
• Continuously Evolving
• Central Control Plane (API)
![Page 5: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/5.jpg)
… but the security technology is dated
Customer Data
Applications IdentityAccess
Mgmt
OS Network Firewall
Client-side
EncryptionServer-side
EncryptionNetwork Traffic
Protection
Network Appliances
Host-based Agents
IP-based scanners
Log Analytics
DLP & Encryption
Manual Audits
These technologies rarely embrace cloud values
![Page 6: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/6.jpg)
Host Security isn’t enough
Why protect here…
When your critical
data is now here?
(and 50+ other svcs)
![Page 7: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/7.jpg)
Virtual Appliances don’t scale
VIDS /
VIPS
Traffic flows fine at
“planned” capacity
But in Elastic Events…
Appliance capacity overwhelmed
![Page 8: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/8.jpg)
And in general, too much information flows…
ElasticSearch
This is just a SUBSET of an average shop’s data flows
![Page 9: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/9.jpg)
Humans scale to
a point…
![Page 10: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/10.jpg)
And then we turn
to computers.
![Page 11: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/11.jpg)
![Page 12: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/12.jpg)
Why automate Security?
We’re >1m security professionals short
of “equilibrium” and lagging…
![Page 13: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/13.jpg)
Why automate Security?
Alert Psychology proves that
fatigue destroys process
![Page 14: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/14.jpg)
Why automate Security?
As infrastructure and software delivery
accelerate, there is no alternative.
![Page 15: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/15.jpg)
Pick your Flavor
Rugged DevOps
DevSecOps
Agile Security
Secure By Design
![Page 16: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/16.jpg)
Q: Where does Security Belong?
![Page 17: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/17.jpg)
Security Automation Is Good For EVERYONE
DevOps builds Value
Security builds TRUST
Customers / Businesses need
TRUST and VALUE.Security
De
vO
ps
![Page 18: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/18.jpg)
SecOps in AWS
• Need to take a holistic approach
• Need to capture past, present, and predicted state
• Need query capability for Incident Response (IR)
• Need to tie into DevOps technologies to maximize reach
• Need to automate response to minimize response time
![Page 19: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/19.jpg)
Rubber, meet road
https://benchmarks.cisecurity.org/downloads/show-single/?file=awsfoundations.100
CIS Benchmarks for AWS:
- Community driven
- Clear and Concise
- Implementation Guidance
- Third-party supported
![Page 20: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/20.jpg)
Implementation is Step 1
![Page 21: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/21.jpg)
1s and 0s
Telemetry is critical
![Page 22: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/22.jpg)
State
Capture states from:
- API ( the source of all truth)
- Audit Sources (AWS CloudTrail / AWS Config)
- Applications & Data
- Identities & Policies
- Telemetry (Amazon CloudWatch, Amazon CloudWatch
Logs + Amazon CloudWatch Events)
Step 2 – if you are keeping track
![Page 23: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/23.jpg)
PITBL
Point-in-Time analysis
Baseline Creation
Behavioral Analysis
![Page 24: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/24.jpg)
The Spanish Inquisition
Querying data answers questions
Did anyone launch an unapproved server last month?
Were any of our load balancers affected by weak DH keys?
Are we really doing what we SAY we are doing?
#3
![Page 25: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/25.jpg)
The Action
Be an Action HeroThis is all useless unless you DO SOMETHING
Security
Event
Lambda
#4
![Page 26: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/26.jpg)
Minecraft, the craft of mining
Mine the data for compliance,
predictive security models, and other
key learnings
![Page 27: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/27.jpg)
Evident Security Platform (ESP)
• 100% AWS Native Application
• Agentless Deployment
• Continuous Security Scanning &
Alerting across all AWS services
• Integrates tightly with DevOps
tools to accelerate secure product
lifecycles
• Tracks history and state to
support Audit and Compliance
needs
![Page 28: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/28.jpg)
Next Steps…
1. Talk with the Evident team at Booth #101 to dive deeper
and get FREE CIS Benchmark reviews
2. Add our blog to your reading list: https://blog.evident.io
3. Find your peers here and talk security! AWS events are
the best places to meet and learn.
4. Be sure you attend re:Invent 2016!
![Page 29: Developing a Continuous Automated Approach to Cloud Security](https://reader031.fdocuments.us/reader031/viewer/2022022413/58efd39e1a28ab04478b468f/html5/thumbnails/29.jpg)