leveraging host -based security for your cloud journey · | #cloudsec leveraging host -based...
TRANSCRIPT
www.cloudsec.com | #CLOUDSEC
Leveraging Host-Based Security for your Cloud JourneyPaul HidalgoTrend [email protected]
Copyright 2016 Trend Micro Inc.3
Evolution of IT Cloud
PhysicalServers
PublicCloud
Virtual Servers
Virtual Desktops Hybrid Environments
Copyright 2016 Trend Micro Inc.4
Shared Responsibility: BeforeYou
Physical
Infrastructure
Network
Virtualization
Operating System
Applications
Data
Service Configuration
Copyright 2016 Trend Micro Inc.5
Shared Responsibility: AfterAWS
Physical
Infrastructure
Network
Virtualization
You
Operating System
Applications
Data
Service Configuration
Network-Based Defense
Copyright 2016 Trend Micro Inc.7
Standard
Copyright 2016 Trend Micro Inc.8
Network IPS Architecture
Copyright 2016 Trend Micro Inc.9
Network Based Security is Great
• It can be really expensive in the beginning of operations
• Throughput is capped by appliance
• Network Re-Configuration is required
Why Host-based Security
Copyright 2016 Trend Micro Inc.11
Standard
Copyright 2016 Trend Micro Inc.12
Host Based Protection
Copyright 2016 Trend Micro Inc.13
East-West Traffic80% of Network Traffic is East-West
Copyright 2016 Trend Micro Inc.14
East-West Traffic
Copyright 2016 Trend Micro Inc.15
East-West Traffic
Security During Operations
Copyright 2016 Trend Micro Inc.17
Auto-Scale without a Worry
• Automated Provisioning, Policy assignment and Cleanup
• Network throughput will depend on Instance Network Performance
• Integration with Cloud Management tools
Copyright 2016 Trend Micro Inc.18
Context-based Security
• Get an accurate Security Rules based on OS and application
• Increase Performance by reducing unnecessary rules
• Leave the Policy creation to the experts
Copyright 2016 Trend Micro Inc.19
Virtual Patching
Average time to Patch176 Days
RecommendationUse instance Replacement
when patching
Plan ProperlyBuy Time to
resolve issues when patching
Copyright 2016 Trend Micro Inc.20
How does Virtual Patching Work
Copyright 2016 Trend Micro Inc.21
How does Virtual Patching Work
Copyright 2016 Trend Micro Inc.22
How does Virtual Patching Work
Copyright 2016 Trend Micro Inc.23
How does Virtual Patching Work
Copyright 2016 Trend Micro Inc.24
How does Virtual Patching Work
Copyright 2016 Trend Micro Inc.25
Prevent Ransomware
C&C Traffic DetectionDetect and alert on ransomware-specific command & control traffic
Vulnerability ShieldingVirtually patches server software until it can be patched, shielding servers against vulnerability exploits
Suspicious Action MonitoringDetect suspicious activity on file servers related to ransomware and stops it
Malware ScanningScan for malicious software and stop it
Stop ransomware from impacting your most critical data on your servers, whether physical, virtual or in the cloud.
Copyright 2016 Trend Micro Inc.26
Get the complete picture• Pick up Important security
Alerts• Registry Changes• Brute Force Alerts• Configuration File Changes• Login Issues
• Comprehensive audit trail fore the entire entire infrastructure
CloudTrail& AWS Config
Security Tools
The ProductDeep Security
Regulatory compliance & Auditing
Zero-day vulnerability(Heartbleed & Shellshock)
Web Application Vulnerabilities
(OWASP Top 10, SQL Injections, XSS, )
Denial of Service & Network Attacks
Malware Protection Harmful External Servers
Log Protection and File Integrity Monitoring
Virtual Patching Intrusion Prevention Host Firewall
Anti Malware Web Reputation
Copyright 2016 Trend Micro Inc.30
How it Works
Why NotCommon Objections
Copyright 2016 Trend Micro Inc.32
Integration
AWSConfig
Amazon Inspector
AWS WAF AmazonSNS
AWSLambda
AWS CodeDeploy
AWSCloudFormation
Auto Scaling
AWS Elastic Beanstalk
AWSOpsWorks
https://github.com/deep-security
Copyright 2016 Trend Micro Inc.33
Can affect Instance performanceRecommendation Scan• Scan OS and Applications for:
• Intrusion Prevention• File Integrity Monitoring• Log Inspection
• Automate• Scanning• Application of Rules
Copyright 2016 Trend Micro Inc.34
Is it a WAF?• Same IP and Heuristic
Based blocking• Except DDOS• But with Layer 1-7
Works with AWS WAF• XSS / SQLi Rules• IP Lists
Copyright 2016 Trend Micro Inc.35
It’s Expensive
1c/hrmicro,small,
medium
3c/hrlarge
6c/hrxlarge and above
Available on AWS Marketplace
400 /year
any size
*Per Instance
Change your thinking
Be a DevSecOps Company• Gain more visibility inside EC2
Instances without instance access
• Enforce Security Baseline to within your company
• Integrate security in your SDLC• Reduce tools needed to secure
your environment
Design a workload-centric security architecture
Patch Zero Day without restarts
Automate Security, Not Bolt In
Improve visibility of AWS and hybrid environments
Gartner Best Practices
Best Practices for Securing Workloads in Amazon Web Services
http://bit.ly/1pxaFTL
Paul Hidalgo@peeweeh+65 98368252