How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep...
Transcript of How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep...
![Page 1: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/1.jpg)
© 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
How to Meet Strict Security Compliance
Requirements in the Cloud JD Sherry, VP Technology & Solutions, Trend Micro
Mark Nunnikhoven, Principal Engineer, Cloud & Emerging Technologies, Trend Micro
November 13, 2013
![Page 2: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/2.jpg)
Enterprises & the Cloud
• Security & compliance are top priorities for
enterprises, regardless of where things are
deployed
• Many organizations recognize the benefits of
the cloud – and need to understand security
requirements
![Page 3: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/3.jpg)
Enterprises & the Cloud
• Data sovereignty
• Multi-tenancy
• Compliance
76% indicated they had
compliance or data
confidentiality
requirements
Source: Trend Micro survey, May 2013
![Page 4: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/4.jpg)
4
PCI Requirements as a Reference …
February, 2013
You!
![Page 5: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/5.jpg)
Shared responsibility
• Facilities
• Physical Security
• Physical Infrastructure
• Network Infrastructure
• Virtualization Infrastructure
• Operating System
• Application
• Account Management
• Security Groups
• Network Configuration
![Page 6: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/6.jpg)
Deep Security Manager
Amazon EC2 instances
Deep Security
![Page 7: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/7.jpg)
What does Deep Security deliver?
Technical details
Unified management interface for multiple regions/credentials
Simplified policy management across the organization
Broad platform support
Agent provides protection on the Amazon EC2 instance
Your needs
Helps address compliance challenges
Enforces security policy within your organization
Centralized security control management
![Page 8: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/8.jpg)
Customer Challenges
Flexible deployment to fit any situation
Deploy via user-data, Chef, Puppet, SSH/PowerShell, etc.
Install the agent in an AMI and activate on demand
Keeping up to date
Agent updates via Deep Security, no extra tools needed
Managing another binary
![Page 9: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/9.jpg)
Demo – User-data deployment
![Page 10: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/10.jpg)
Demo – Manager-initiated activation
![Page 11: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/11.jpg)
Customer Challenges
Deep AWS integration
AWS cloud connector automatically polls region
Automate security actions for new instances
Full visibility of unprotected instances
Keeping up to date
Connector syncs regularly for constant awareness
Being aware of assets in AWS
![Page 12: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/12.jpg)
Demo – Automated decision making
![Page 13: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/13.jpg)
Deep Security Manager
Amazon EC2 instances
Deep Security + SecureCloud
SecureCloud
![Page 14: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/14.jpg)
What does SecureCloud deliver?
Technical details
Intelligent block level encrypted
Used AES-256 cipher from FIPS 140-2 certified library
Broad platform support
Agent provides protection on the Amazon EC2 instance
Your needs
Helps address compliance challenges
Enforces security policy within your organization
Full disk encryption
![Page 15: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/15.jpg)
Customer Challenges
Deep AWS integration
Leverage AWS metadata for key management policies
Boot-volume encryption for Windows & Linux
Keeping up to date
Integrity check regularly validates encryption policy
Preventing unauthorized access to data
![Page 16: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/16.jpg)
Demo – Advanced key release policy
![Page 17: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/17.jpg)
Session Summary
Meet strict security and compliance requirements with a security
solution that is:
• Smart: Automatically apply security controls
• Simple: Manage through a single console with reporting and
alerting
• Security that fits: Embed security into your cloud architecture
![Page 18: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/18.jpg)
Learn about Trend Micro at AWS re:Invent
• Join us at our booth to meet R&D experts and see in-
depth product demo
• SEC 309: Learn How Trend Micro Used AWS to Build their
Enterprise Security Offering (Deep Security as a Service) – Thursday 11 am - noon
![Page 19: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/19.jpg)
Try out Trend Micro today!
• Test Drive: aws.amazon.com/testdrive
• Free Trials: – DeepSecurity.TrendMicro.com
– Webappsecurity.trendmicro.com
– securecloud.com
![Page 20: How to Meet Strict Security ... - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC208.pdf · Deep AWS integration AWS cloud connector automatically polls region ... Keeping up to](https://reader030.fdocuments.us/reader030/viewer/2022041021/5ed0c7c112139c4ae153a535/html5/thumbnails/20.jpg)
We are sincerely eager to hear
your feedback on this
presentation and on re:Invent.
Please fill out an evaluation form
when you have a chance.