> www.alertlogic.com

December 10, 2013

AWS CloudTrail & Alert Logic Log Manager

Justin CriswellCloud Solutions Architect

Diane GareyProduct Marketing

> www.alertlogic.com

Brute Force

Web Application Attacks

ReconnaissanceVulnerability Scans

2

• Access management• Patch management• Configuration hardening• Security monitoring• Log analysis

• Network threat detection

• Security monitoring

• Secure coding and best practices• Software and virtual patching• Configuration management

• Access management• Application level attack monitoring

AWS GlobalInfrastructure

Multiple Availability

Zones

Globally Distributed

Regions

FoundationServices

Compute Storage DB Network

VPC Networks

• VPC provides Logically isolated environments• Security groups filter inbound/outbound • External DDoS, spoofing and scanning

prevented

Hosts

• Hardened hypervisor• Promiscuous mode prevented• Deny-all default in security group• Root access provided to customer

Apps

The Shared Security Model for AWS

2

Customer

Primary Responsibility

> www.alertlogic.com 3

AWS CloudTrailhttp://aws.amazon.com/cloudtrail

Who took this action?

When did the action take place?

What action was taken?

Where was this action performed?

How was this action performed?

> www.alertlogic.com 4

Currently Supported AWS Services

• Amazon Elastic Compute Cloud (Amazon EC2)• Amazon Elastic Block Store (Amazon EBS) • Amazon Redshift • Amazon Relational Database Service (Amazon RDS) • Amazon Virtual Private Cloud (Amazon VPC) • AWS CloudTrail • AWS Identity and Access Management (AWS IAM) • AWS Security Token Service (AWS STS)

Amazon EC2 Amazon EBS Amazon RedshiftAmazon RDS Amazon VPC IAM STS

Alert Logic Log Manager for AWS

Cloud-Based Security Log AnalysisAll Log Data, All Together Collect, archive and analyze log data in real-time all data sources

Quick access to log data Dozens of reports, fast and intuitive search function

Compliance friendly Supports numerous standards such as PCI, HIPAA, FFIEC, SOX

Available as a service Auditable daily log review with integrated case management by dedicated GIAC-certified System Security Analysts

AWS Friendly Designed for AWS workloads and reference architectures

> www.alertlogic.com 6

Create a CloudTrail Trail

1. Use the console or CLI to create a trail2. Enable CloudTrail logging3. Create SQS queue 4. Create IAM group and user

> www.alertlogic.com 7

Set up a CloudTrail Source in Log Manager

> www.alertlogic.com

Collecting Additional AWS Log Data

> www.alertlogic.com

Demo

9

> www.alertlogic.com

Try Alert Logic Log Manager with CloudTrail

• Contact Alert Logic:– www.alertlogic.com– info@alertlogic.com– cloud.docs.alertlogic.com

• Installation steps:– Enable CloudTrail in your AWS account– In Log Manager, create a new CloudTrail data source

Page 10

> www.alertlogic.com

Thank You! Q&A

jcriswell@alertlogic.comdgarey@alertlogic.com