While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline four strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools.
Andrew Watts-Curnow, Solutions Architect, Amazon Web Services, ASEAN
Justin Foster, CISSP Head of Cloud Workload Security, Trend Micro
21. Shapeshift for Amazon Web Services
• Security inside each workload
• Protect instance-to-instance
traffic
• Make it context sensitive (fast and
low false-positive)
• No bottleneck
• No single point of failure
= CLOUD FRIENDLY
IPS
28. Make Security Invisible for Amazon Web Services
• Build it in, not bolt on
• Fully automate security
• Automate record keeping for
auditors
= SECURITY
DESIGNED FOR AWS
32. Use X-ray vision on Amazon Web Services
• Use Integrity Monitoring and
Log monitoring to see inside
instances
• Detect suspicious changes that
are indicators of compromise
and unintended changes
= Total visibility
33. AWS is continuously independently audited
GxP
ISO 13485
AS9100
ISO/TS 16949
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge
Locations
AWS is
responsible for
the security OF
the Cloud
34. AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge
Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications,
Identity & Access
Management
Operating System, Network, & Firewall Configuration
Customer applications & content
Customers have
their choice of
security
configurations IN
the Cloud
AWS is
responsible for
the security OF
the Cloud
Security is shared betweenAWS and customers
Customers
Partner solutions – including
Trend Micro
35. SANS/CIS TOP 20 CRITICAL SECURITY CONTROLS
1. Inventory of Authorized & Unauthorized Devices 11. Secure Configurations for Network Devices
2. Inventory of Authorized & Unauthorized Software 12. Boundary Defense
3. Secure Configurations for Hardware & Software on
Mobile Devices, Laptops, Workstations, & Servers
13. Data Protection
4. Continuous Vulnerability Assessment & Remediation 14. Controlled Access Base on the Need to Know
5. Controlled Use of Administrative Privileges 15. Wireless Access Control
6. Maintenance, Monitoring, & Analysis of Audit Logs 16. Account Monitoring & Control
7. Email and Web Browser Protections
17. Security Skills Assessment & Appropriate Training
to Fill Gaps
8. Malware Defenses 18. Application Software Security
9. Limitation and Control of Network Ports, Protocols,
and Services
19. Incident Response Management
10. Data Recovery Capability 20. Penetration Tests & Red Team Exercises