SlideShare une entreprise Scribd logo

Vanguard Fraud Analytics at Cloud Scale

Amazon Web Services
Amazon Web Services

Many customers, especially those in highly regulated industries, require real-time fraud detection capabilities for their transactional web applications. In most cases, such solutions rely on a physical network tap off of a switch. Since a physical tap is not available in the cloud, an alternative solution is needed. During this session, Larry Grant, Chief Cloud Architect at Vanguard, will share the initial approaches considered along with their pros and cons. Larry will then dive deep into Vanguard’s innovative solution leveraging AWS native services including Amazon Kinesis and Amazon DynamoDB. This highly scalable and resilient solution can scale out horizontally to handle thousands of web servers providing full packet capture for real-time fraud detection use cases.

1  sur  13
AWS New York Lo- Security Week Fraud Analy+cs at Cloud Scale Larry Grant Chief Cloud Architect, Office of the CTO, Vanguard
Agenda   What/Why Fraud Analy=cs   Requirements / Challenges   Vanguard Physical – On Premises Solu=on   Commercial Vendor Solu=ons   Home Grown Ideas   Final Vanguard Solu=on   What’s Next
What/Why Fraud Analy<cs   Web Threat Detec=on and Protec=on   Prevent Account Takeover AOacks   Block Automated AOacks   Detect various forms of online fraud (without affec=ng performance)   Use behavioral analy=cs to dis=nguish fraud from legi=mate use   Integra=on with Customer Experience Management Systems to see the whole customer experience   Legal requirements and Controls
Requirements/Challenges   All Data Encrypted in Transit   All Data Encrypted at Rest   10’s/100’s (micro Accounts) of accounts   Mul=-AZ   Mul=-Region   Minimize/eliminate KEY management   Scalable across 100’s or 1000’s of web servers   Guarantee Web Session replay order   Achieve near real-=me streaming of data   Integrate with exis=ng legacy Vanguard Fraud systems
App Server Physical Switch Physical TAP Switch DMZ Private App Network Private Security Network l t •  The Tap Switch is a special de replay raw network packets •  L2 broadcast over promiscuou •  One or more receivers Promiscuous Mode Network SSL Vanguard Physical - On Premises Solu<on Web Servers Fraud Analy<cs System
ELB AZ 1 – Subnet 1 Fraud Relay Server IP Tables on EC2 to clone traffic (requires Layer 2) IP Sec Tunnel encrypts traffic to des<na<on fraud analy<cs system ELB SSL SSL Any AZ / Subnet Repeat for every Account, AZ, Subnet Vendor 1 SL SSL Physical TAP Switch Private Security Network (On P Fraud Analy<cs Sy Web Servers App Servers
AZ 1 – Subnet 1 IP Sec Tunnel encrypts traffic to des<na<on fraud analy<cs system ENI 2 SSL SSL Any AZ / Subnet Repeat for every Account, AZ, Subnet Vendor 2 SL SSL Physical TAP Switch Fraud Analy<cs Sy Agent on Web Server Comm Service Mgmt. Server Private Security Network (On P Uses non- routable layer 2 to send a copy of packet to relay server ENI 3 ENI 1 ENI 2 ENI 3 ENI 1 Web Servers App Servers ELB ELB Fraud Relay Server
AZ 1 – Subnet 1 IP Sec Tunnel encrypts traffic to des<na<on Docker Receiver Container SSL SSL Any AZ / Subnet Repeat for every Account, AZ, Subnet Vendor 3 SL SSL Docker Agent Container on Web Server Private Security Network (On P Docker Cluster (Container Receiver) Fraud Analy<cs Sy Web Servers App Servers ELB ELB
AZ 1 – Subnet 1 SSL SSL Any AZ / Subnet Home Grown 1 SL SSL TCPDump running as an agent Private Security Network (On P Local AWS CLI script to copy new S3 files, then TCPReplay to send them to Fraud System Fraud Analy<cs Sy AWS Security Account Cross Account Instance Profile AWS CLI copy to S3 or S3FS SSL STS temp creden<als refreshed every 30 min AWS CLI pull/copy from S3 Amazon S3 ELB ELB Web Servers App Servers SSL
AZ 1 – Subnet 1 SSL SSL Any AZ / Subnet Home Grown 2 SL SSL Custom agent storing data to Kinesis Private Security Network (On P Custom service to pull from Kinesis Stream and replay to local Fraud Systems. Separate thread or process per shard Fraud Analy<cs Sy AWS Security Account Cross Account Instance Profile Agent Writes packets to Kinesis Stream SSL STS temp creden<als refreshed every 30 min Amazon Kinesis Put records (batch) SSL Amazon DynamoDB Distributed lock management for automated HA Web Servers App Servers ELB ELB SSL Promiscuous Mode Network
Amazon Security Account Public Internet Amazon LOB Account nd: DMZ w Existing Manual Restart Client Traffic Push Kenisis Pull Kenisis ProductionVGI DMZ Business Client AWS Web Traffic Capture OER Web Browser SSL Cert Websense Elastic Load Balancer Application Load Balancer Web Servers HTTP-Proxy Kinesis 1 2 3 5 6 7 1 2 3 2 4 Auto Scaling Cluster TomCat App Servers 8 9 Apache ModProxy Apache ModProxy Network WAF 3rd Party WAF Auto Scaling Cluster 4 Physical Switch Web Browser Web Servers Apache SSL Cert Physical TAP AWS Network TCP 443/SSL TCP 8444 SSL TCP 443/SSL TCP 443/SSL Encryption is terminated on F5 Device. Data going to APCon is unencrypted Tap Network devices must be in Promiscuous mode. TCP 443 c Non-SSL Receiver Receiver Fraud Analytics Vendor 2 Fraud Analytics Vendor 1 6 6 TAP Replay Server AWS Replay Service 1 5 VMWare TAP Switch VMWare Host Apache virtual hosts are used to configure a mod proxy to redirect unencrypted traffic to a local web listener on the loop back, so no data is ever unencrypted to the host or wire. From the loopback, a second mod proxy re-encrypts the data before sending it off to a separate app server The agent is sniffing all traffic to the loop back and filtering based on port number 3 AWS Privatelink DynamoDB Used for Lock Manager. Has the health monitor to see who is the primary server for querying Kinesis SSL Cert TCP 443/SSL TCP 443/SSL Tap Network devices must be in Promiscuous mode. Receiver Fraud Analytics Vendor 1 TCP 443/SSL 10 Lambda function inserting a header (TCPClientIP) to identify endusers IP Address to work around a bug with Silvertail Each Web Session, identified by the high port, must write to the same shard for replay consistency. We use the high port + uuid for the partition shard to ensure even distribution while keeping a session fully intact to a shard rem Tap CloudFront Agent Lambda IP Function 5 SSL SSL SSL SSL SSL SSL Cert SSL Cert SSL Cert SSL Cert The replay port and protocol are whatever the original tapped traffic was Vanguard On-Premises
What’s Next   Lambda Parallel Streaming to any target •  S3 •  Redshi`   QuickSight – Business Analy=cs   Athena – Parallel SQL Querying   EMR – Hadoop
Vanguard Fraud Analytics at Cloud Scale

Recommandé

Pragmatic Cloud Security Automation
Pragmatic Cloud Security AutomationPragmatic Cloud Security Automation
Pragmatic Cloud Security AutomationCloudVillage
 
AWS temporary credentials challenges in prevention detection mitigation
AWS temporary credentials challenges in prevention detection mitigationAWS temporary credentials challenges in prevention detection mitigation
AWS temporary credentials challenges in prevention detection mitigationJohn Varghese
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoringJohn Varghese
 
Scaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceScaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceCloudVillage
 
Battle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWSBattle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWSCloudVillage
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
Defending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityDefending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityMark Nunnikhoven
 

Recommandé

Pragmatic Cloud Security Automation
Pragmatic Cloud Security AutomationPragmatic Cloud Security Automation
Pragmatic Cloud Security AutomationCloudVillage
 
AWS temporary credentials challenges in prevention detection mitigation
AWS temporary credentials challenges in prevention detection mitigationAWS temporary credentials challenges in prevention detection mitigation
AWS temporary credentials challenges in prevention detection mitigationJohn Varghese
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoringJohn Varghese
 
Scaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceScaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceCloudVillage
 
Battle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWSBattle in the Clouds - Attacker vs Defender on AWS
Battle in the Clouds - Attacker vs Defender on AWSCloudVillage
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
Defending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityDefending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityMark Nunnikhoven
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityJohn Varghese
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
 
Express apps on AWS Lambda
Express apps on AWS LambdaExpress apps on AWS Lambda
Express apps on AWS LambdaMarian Rusnak
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityCloudVillage
 
Serverless security: defense against the dark arts
Serverless security: defense against the dark artsServerless security: defense against the dark arts
Serverless security: defense against the dark artsYan Cui
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surfaceAvi Shulman
 
(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon Alexa(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon AlexaAmazon Web Services
 
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...Amazon Web Services
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Amazon Web Services
 
Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)
Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)
Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)Jeremy Daly
 
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesSetup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesAmazon Web Services
 
AWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:CapAWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:CapMark Nunnikhoven
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017Amazon Web Services
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practicesJohn Varghese
 
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...Amazon Web Services
 
Kapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud CustodianKapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud CustodianServerlessConf
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseSecuring your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseDevOps.com
 
Sumo Logic AWS CloudTrail Application
Sumo Logic AWS CloudTrail ApplicationSumo Logic AWS CloudTrail Application
Sumo Logic AWS CloudTrail ApplicationAriel Smoliar
 
Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Amazon Web Services
 
AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.Splunk
 

Contenu connexe

Tendances

Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityJohn Varghese
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
 
Express apps on AWS Lambda
Express apps on AWS LambdaExpress apps on AWS Lambda
Express apps on AWS LambdaMarian Rusnak
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityCloudVillage
 
Serverless security: defense against the dark arts
Serverless security: defense against the dark artsServerless security: defense against the dark arts
Serverless security: defense against the dark artsYan Cui
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surfaceAvi Shulman
 
(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon Alexa(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon AlexaAmazon Web Services
 
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...Amazon Web Services
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Amazon Web Services
 
Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)
Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)
Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)Jeremy Daly
 
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesSetup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesAmazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017Amazon Web Services
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practicesJohn Varghese
 
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...Amazon Web Services
 
Kapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud CustodianKapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud CustodianServerlessConf
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseSecuring your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseDevOps.com
 
Sumo Logic AWS CloudTrail Application
Sumo Logic AWS CloudTrail ApplicationSumo Logic AWS CloudTrail Application
Sumo Logic AWS CloudTrail ApplicationAriel Smoliar
 

Tendances (20)

Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
 
Express apps on AWS Lambda
Express apps on AWS LambdaExpress apps on AWS Lambda
Express apps on AWS Lambda
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
 
Serverless security: defense against the dark arts
Serverless security: defense against the dark artsServerless security: defense against the dark arts
Serverless security: defense against the dark arts
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
 
(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon Alexa(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon Alexa
 
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
 
Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)
Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)
Serverless Security: Best practices and mitigation strategies (re:Inforce 2019)
 
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesSetup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
 
AWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:CapAWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:Cap
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS
 
Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practices
 
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
 
Kapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud CustodianKapil Thangavelu - Cloud Custodian
Kapil Thangavelu - Cloud Custodian
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseSecuring your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory Enterprise
 
Sumo Logic AWS CloudTrail Application
Sumo Logic AWS CloudTrail ApplicationSumo Logic AWS CloudTrail Application
Sumo Logic AWS CloudTrail Application
 

Similaire à Vanguard Fraud Analytics at Cloud Scale

Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Amazon Web Services
 
AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.Splunk
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Amazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
 
Intro To Serverless Application Architecture: Collision 2018
Intro To Serverless Application Architecture: Collision 2018Intro To Serverless Application Architecture: Collision 2018
Intro To Serverless Application Architecture: Collision 2018Amazon Web Services
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance John Varghese
 
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftIntro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftAmazon Web Services
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaRyan Cuprak
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Kristana Kane
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...Amazon Web Services
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWSAmazon Web Services
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS SummitAmazon Web Services
 
게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018Amazon Web Services Korea
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)
AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)
AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)Amazon Web Services
 

Similaire à Vanguard Fraud Analytics at Cloud Scale (20)

Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017
 
AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
Intro To Serverless Application Architecture: Collision 2018
Intro To Serverless Application Architecture: Collision 2018Intro To Serverless Application Architecture: Collision 2018
Intro To Serverless Application Architecture: Collision 2018
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftIntro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS Lambda
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWS
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Toronto AWS Summit
 
게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)
AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)
AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Vanguard Fraud Analytics at Cloud Scale

  • 1. AWS New York Lo- Security Week Fraud Analy+cs at Cloud Scale Larry Grant Chief Cloud Architect, Office of the CTO, Vanguard
  • 2. Agenda   What/Why Fraud Analy=cs   Requirements / Challenges   Vanguard Physical – On Premises Solu=on   Commercial Vendor Solu=ons   Home Grown Ideas   Final Vanguard Solu=on   What’s Next
  • 3. What/Why Fraud Analy<cs   Web Threat Detec=on and Protec=on   Prevent Account Takeover AOacks   Block Automated AOacks   Detect various forms of online fraud (without affec=ng performance)   Use behavioral analy=cs to dis=nguish fraud from legi=mate use   Integra=on with Customer Experience Management Systems to see the whole customer experience   Legal requirements and Controls
  • 4. Requirements/Challenges   All Data Encrypted in Transit   All Data Encrypted at Rest   10’s/100’s (micro Accounts) of accounts   Mul=-AZ   Mul=-Region   Minimize/eliminate KEY management   Scalable across 100’s or 1000’s of web servers   Guarantee Web Session replay order   Achieve near real-=me streaming of data   Integrate with exis=ng legacy Vanguard Fraud systems
  • 5. App Server Physical Switch Physical TAP Switch DMZ Private App Network Private Security Network l t •  The Tap Switch is a special de replay raw network packets •  L2 broadcast over promiscuou •  One or more receivers Promiscuous Mode Network SSL Vanguard Physical - On Premises Solu<on Web Servers Fraud Analy<cs System
  • 6. ELB AZ 1 – Subnet 1 Fraud Relay Server IP Tables on EC2 to clone traffic (requires Layer 2) IP Sec Tunnel encrypts traffic to des<na<on fraud analy<cs system ELB SSL SSL Any AZ / Subnet Repeat for every Account, AZ, Subnet Vendor 1 SL SSL Physical TAP Switch Private Security Network (On P Fraud Analy<cs Sy Web Servers App Servers
  • 7. AZ 1 – Subnet 1 IP Sec Tunnel encrypts traffic to des<na<on fraud analy<cs system ENI 2 SSL SSL Any AZ / Subnet Repeat for every Account, AZ, Subnet Vendor 2 SL SSL Physical TAP Switch Fraud Analy<cs Sy Agent on Web Server Comm Service Mgmt. Server Private Security Network (On P Uses non- routable layer 2 to send a copy of packet to relay server ENI 3 ENI 1 ENI 2 ENI 3 ENI 1 Web Servers App Servers ELB ELB Fraud Relay Server
  • 8. AZ 1 – Subnet 1 IP Sec Tunnel encrypts traffic to des<na<on Docker Receiver Container SSL SSL Any AZ / Subnet Repeat for every Account, AZ, Subnet Vendor 3 SL SSL Docker Agent Container on Web Server Private Security Network (On P Docker Cluster (Container Receiver) Fraud Analy<cs Sy Web Servers App Servers ELB ELB
  • 9. AZ 1 – Subnet 1 SSL SSL Any AZ / Subnet Home Grown 1 SL SSL TCPDump running as an agent Private Security Network (On P Local AWS CLI script to copy new S3 files, then TCPReplay to send them to Fraud System Fraud Analy<cs Sy AWS Security Account Cross Account Instance Profile AWS CLI copy to S3 or S3FS SSL STS temp creden<als refreshed every 30 min AWS CLI pull/copy from S3 Amazon S3 ELB ELB Web Servers App Servers SSL
  • 10. AZ 1 – Subnet 1 SSL SSL Any AZ / Subnet Home Grown 2 SL SSL Custom agent storing data to Kinesis Private Security Network (On P Custom service to pull from Kinesis Stream and replay to local Fraud Systems. Separate thread or process per shard Fraud Analy<cs Sy AWS Security Account Cross Account Instance Profile Agent Writes packets to Kinesis Stream SSL STS temp creden<als refreshed every 30 min Amazon Kinesis Put records (batch) SSL Amazon DynamoDB Distributed lock management for automated HA Web Servers App Servers ELB ELB SSL Promiscuous Mode Network
  • 11. Amazon Security Account Public Internet Amazon LOB Account nd: DMZ w Existing Manual Restart Client Traffic Push Kenisis Pull Kenisis ProductionVGI DMZ Business Client AWS Web Traffic Capture OER Web Browser SSL Cert Websense Elastic Load Balancer Application Load Balancer Web Servers HTTP-Proxy Kinesis 1 2 3 5 6 7 1 2 3 2 4 Auto Scaling Cluster TomCat App Servers 8 9 Apache ModProxy Apache ModProxy Network WAF 3rd Party WAF Auto Scaling Cluster 4 Physical Switch Web Browser Web Servers Apache SSL Cert Physical TAP AWS Network TCP 443/SSL TCP 8444 SSL TCP 443/SSL TCP 443/SSL Encryption is terminated on F5 Device. Data going to APCon is unencrypted Tap Network devices must be in Promiscuous mode. TCP 443 c Non-SSL Receiver Receiver Fraud Analytics Vendor 2 Fraud Analytics Vendor 1 6 6 TAP Replay Server AWS Replay Service 1 5 VMWare TAP Switch VMWare Host Apache virtual hosts are used to configure a mod proxy to redirect unencrypted traffic to a local web listener on the loop back, so no data is ever unencrypted to the host or wire. From the loopback, a second mod proxy re-encrypts the data before sending it off to a separate app server The agent is sniffing all traffic to the loop back and filtering based on port number 3 AWS Privatelink DynamoDB Used for Lock Manager. Has the health monitor to see who is the primary server for querying Kinesis SSL Cert TCP 443/SSL TCP 443/SSL Tap Network devices must be in Promiscuous mode. Receiver Fraud Analytics Vendor 1 TCP 443/SSL 10 Lambda function inserting a header (TCPClientIP) to identify endusers IP Address to work around a bug with Silvertail Each Web Session, identified by the high port, must write to the same shard for replay consistency. We use the high port + uuid for the partition shard to ensure even distribution while keeping a session fully intact to a shard rem Tap CloudFront Agent Lambda IP Function 5 SSL SSL SSL SSL SSL SSL Cert SSL Cert SSL Cert SSL Cert The replay port and protocol are whatever the original tapped traffic was Vanguard On-Premises
  • 12. What’s Next   Lambda Parallel Streaming to any target •  S3 •  Redshi`   QuickSight – Business Analy=cs   Athena – Parallel SQL Querying   EMR – Hadoop