SlideShare une entreprise Scribd logo

SEC302-S-143971-AWS-Prismacloud.pptx

Télécharger en tant que PPTX, PDF
D
DubemJavapi

-AWS-Prismacloud

Technologie
1  sur  24
W A S H I N G T O N , D C | M A Y 2 3 - 2 5 , 2 0 2 2
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure your mission-critical applications with cloud-native security S P O N S O R E D B Y P R I S M A C L O U D B Y P A L O A L T O N E T W O R K S Rajeev Karamchedu S E C 3 0 2 - S Prisma Cloud Security Specialist, National Security Programs Palo Alto Networks
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Security must be job zero.” Andy Jassy
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Palo Alto Networks is fully integrated and best of breed, offering complete protection for AWS FULLY INTEGRATED WITH AWS Network Security Deliver advanced network and threat protection (NGFWs) on AWS Cloud Security Secure any tech stack and any application components running on AWS SOC Security Automate incident response to eliminate manual work and speed response All flagship Palo Alto Networks cloud security products integrate with AWS
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Palo Alto Networks is fully integrated and best of breed, offering complete protection for AWS FULLY INTEGRATED WITH AWS Protection Strata NGFWs Findings Cortex XSOAR Security Hub AWS Fargate Embedded Lambda Function Amazon ECS Container Amazon EC2 Kernel Amazon EKS Pod / Node Defenders Amazon EC2 Agentless CNAPP
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Palo Alto Networks is an Advanced Technology Partner and ISV Accelerate Partner with AWS PERFECT AWS PARTNER FIT AWS Competencies ●Security ISV Competency ●Containers ISV Competency ●DevOps ISV Competency ●Networking ISV Competency AWS Programs ●APN Customer Engagement ●Marketplace Seller + Containers Anywhere ●Public Sector Partner ●ISV Accelerate ●SaaS Revenue Recognition ●Outpost Ready Validation AWS Service Integrations ●Monitoring ○ GuardDuty ○ Security Hub ○ Amazon Inspector ○ FireLens ○ Amazon S3 ○ Amazon SQS ○ AWS Control Tower ●Compute ○ Amazon EC2 ○ Amazon ECS ○ Amazon EKS ○ Amazon ECR ○ Lambda ○ Fargate ○ Bottlerocket ○ App Mesh ○ VMware Cloud ●CI/CD ○ CodePipeline ○ CodeDeploy ○ CloudFormation ●Incident Response ○ ACM ○ Access Analyzer ○ Athena ○ CloudTrail ○ CloudWatch ○ DynamoDB ○ Detective ○ IAM ○ Network Firewall ○ Route 53
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud by Palo Alto Networks is a committed, historical AWS launch partner for security AWS Security Hub security launch partner AWS Lambda layers security launch partner 2018 2018 AWS Control Tower security launch partner 2021 Amazon Inspector security launch partner 2021 Amazon GuardDuty security launch partner 2017 AWS Fargate security launch partner 2017 PERFECT AWS PARTNER FIT
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security is a shared responsibility in the cloud 50% of surveyed customers view security as “top concern” slowing journey to cloud State of Cloud Native Security Report, 2022 Responsible for security of the cloud AWS Hubs Switches Routers Hypervisor Data Center Resource Configurations Users & Credentials Networks Hosts, Containers, Functions Data Responsible for security in the cloud Customers
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. What do they have in common?
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated Cloud-Native Security Across Architectures Each technology offers different benefits and different security challenges Virtual Machines Containers Containers as-a-Service On-Demand Containers Serverless AWS Lambda AWS Fargate Amazon EKS Amazon ECS Amazon EC2
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud: Defining the Cloud-Native Application Protection Platform (CNAPP) A single user experience to secure cloud infrastructure, apps, identities, networks, and data Centralized policy management, auditing, and protection (no point solutions) Full lifecycle security code to cloud for infrastructure and apps Identify vulnerabilities and misconfigurations, and integrate with code repos, CI tools, CD workflows, and runtime Unified agentless host protection with agent-based protection for hosts, containers, and serverless Vulnerability management, compliance, and runtime protection Integrated with SecOps tools to address issues and alerts Security posture dashboards and results to SIEM, SOAR, or ChatOps
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud Cloud-Native Application Protection Platform (CNAPP) PURPOSE-BUILT FOR AWS Cloud Security Posture Management Cloud Workload Protection Cloud Network Security Cloud Identity Security Cloud Code Security Monitor and secure cloud networks, enforce micro- segmentation Enforce permissions and secure identities across clouds Secure hosts, containers, and serverless with single agent Monitor posture, detect and respond to threats, maintain compliance Secure app artifacts, analyze code, and fix issues Full Application Lifecycle Secure applications across AWS (build-deploy-run)
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Delivering cloud security at the largest scale SECURITY AT SCALE 4B+ Assets protected 2M+ Workloads protected 700B+ Weekly cloud events processed 1 G2000 is the Forbes Global 2000 Companies; 2 Customers active per Q1 FY22 Earnings Call 3Forrester Wave for Cloud Workload Security; 4 2021 GigaOm Radar for Vulnerability Management; 5 2021 GigaOm Radar for Developer Security Tools 6 Gartner Hype Cycle for Cloud Security, 2021 SECURING GLOBAL CUSTOMERS 1800+ Total customers RECOGNIZED BY OUR USERS TOP ANALYST VALIDATIONS ●Forrester Wave™ for CWS3 Leader in Cloud Workload Security ●GigaOm Vulnerability Management Radar4 Leader and Outperformer ●GigaOm Developer Security Tools Radar5 Leader and Fast Mover ●Gartner 2021 Hype Cycle6 Included 7 market categories PeerSpot #1 Rank ∙ Cloud Workload Security ∙ Microsegmentation ∙ CSPM ∙ CNAPP
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud Software Ecosystem SoniKube Hill AFB, UT ● F-16 Kessel Run Boston, MA ● AOC ● F-35 ● ABMS Blue Sky Warner Robins, GA ● 402nd SWEG BESPIN Montgomery, AL ● PEO BES LevelUP San Antonio, TX ● Unified Platform Thunder CAMP Oklahoma City, OK ● 76th SWEG Rogue Blue Omaha, NE ● STRATCOM Space CAMP Colorado Springs, CO ● Space Force Platform One Colorado Springs, CO ● JAIC ● Army Cyber ● AEGIS ● F-35 ● ABMS Ski CAMP Hill AFB, UT ● GBSD Kobayashi Maru Los Angeles, CA ● SMC Corsair Ranch Tuscon, AZ TRON Oahu, HI ● PACOM Conjure Scott AFB, IL ● 375th Scorpion CAMP Oklahoma City, OK Hangar 18 Dayton, OH Red 5 Langley, VA N2X Pathfinder Colorado Springs, CO ● NORAD
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud DoD Use Case Examples USAF Platform One ● Prisma Cloud prominent security component in DoD Enterprise DevSecOps (DSOP) Platform One initiative ● Prisma Cloud images available for any DoD entity inside the Iron Bank (DoD Centralized Artifacts Repository ~ DCAR) ● Prisma Cloud secures cloud apps for Navy onboard NAVSEA’s Cloud In a Box Initiative (fully functional on-ship cloud) JAIC (Joint Artificial Intelligence Center) ● Prisma Cloud secures the entire DevSecOps process for JAIC and the DoD AI Center of Excellence which builds AI and ML for DoD. DISA (Defense Information Systems Agency) – Joint Regional Security Stacks ● Prisma Cloud delivers compliance, vulnerability, and malware scans in Defense Container DoD central artifact repository (DCARS)
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud Continuous Authority to Operate (cATO) DOD cATO memo dated 2/3/2022: “cATO represents a challenging but necessary enhancement of our cyber risk approach in order to accelerate innovation while outpacing expanding cybersecurity threats.” Authorizing Official (AO) requires demonstration of three competencies: 1. On-going visibility of key cybersecurity activities inside of the system boundary with a robust continuous monitoring of RMF controls 2. Ability to conduct active cyber defense in response to cyber threats in real time 3. Adoption and use of an approved DevSecOps reference design
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud cATO Competencies “On-going visibility of key cybersecurity activities inside of the system boundary with a robust continuous monitoring of RMF controls.” ● Continuous monitoring for “drift” in ATO-identified controls, non-compliance alerting, and anomaly detection at runtime ● Events mapped to ATT&CK framework in ATT&CK Explorer for threat context ● Machine learning and heuristics help to efficiently analyze events ● Option to analyze within Incident Explorer ● Live Forensic details to help threat remediation
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud cATO Competencies (Active Cyber Defense) ● Intelligence Stream (IS) Real-time vulnerability & threat data ● Advanced Threat Protection (ATP) Runtime defense ● App-Specific Intelligence Detect runtime anomalies ● ATT&CK Explorer Correlated real-time view of TTPs ● Vulnerability Explorer Correlation and prioritization ● Machine Learning & Heuristics Automated detection & analysis ● WAAS & Virtual Patching Rapid response “Ability to conduct active cyber defense in order to respond to cyber threats in real time.”
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud cATO Competencies (Supply Chain Security) ● IaC Security Embed security into popular IDEs, version control systems, and CI/CD tools ● Container Vulnerability Assessments Protect against misconfigurations in containers and ensure image integrity ● Image Analysis Sandbox Dynamically analyze runtime behavior of images before deployment ● Identity & Access Management (IAM) Govern identity and access to your supply chain and source code “Adoption and use of an approved DevSecOps reference design.”
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud by Palo Alto Networks: Resources ● Visit The Palo Alto Networks Showcase Booth Live product demonstrations and answers ● Prisma Cloud Datasheet for AWS paloaltonetworks.com/prisma/environments/aws ● Prisma Cloud for AWS Demo youtube.com/watch?v=rTH8y3fiW5s ● Forrester: Total Economic Impact of Prisma Cloud paloaltonetworks.com/prisma/forrester-tei-study-prisma-cloud-2021 ● Visit Palo Alto Networks in the AWS Marketplace
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Any questions? We have answers!
Thank you! © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Rajeev Karamchedu rkaramchedu@paloaltonetworks.com Matt Lamb mlamb@paloaltonetworks.com
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the mobile app Android iOS

Recommandé

Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Amazon Web Services
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
 
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018Amazon Web Services
 
Accelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAccelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAmazon Web Services
 
Implementing Governance as Code
Implementing Governance as CodeImplementing Governance as Code
Implementing Governance as CodeAmazon Web Services
 
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Teri Radichel
 

Recommandé

Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Amazon Web Services
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
 
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018Amazon Web Services
 
Accelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAccelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAmazon Web Services
 
Implementing Governance as Code
Implementing Governance as CodeImplementing Governance as Code
Implementing Governance as CodeAmazon Web Services
 
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Teri Radichel
 
Security@Scale
Security@ScaleSecurity@Scale
Security@ScaleAmazon Web Services
 
Hybrid Cloud on AWS
Hybrid Cloud on AWSHybrid Cloud on AWS
Hybrid Cloud on AWSTom Laszewski
 
AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security Designs
AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security DesignsAWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security Designs
AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security DesignsAmazon Web Services
 
State of the Union: Networking
State of the Union: NetworkingState of the Union: Networking
State of the Union: NetworkingAmazon Web Services
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)Amazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAmazon Web Services
 
Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...
Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...
Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...Amazon Web Services
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesAmazon Web Services
 
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...HostedbyConfluent
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Cybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionCybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionAmazon Web Services
 
Managing Enterprise security in the Cloud
Managing Enterprise security in the CloudManaging Enterprise security in the Cloud
Managing Enterprise security in the CloudAmazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Contenu connexe

Similaire à SEC302-S-143971-AWS-Prismacloud.pptx

AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security Designs
AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security DesignsAWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security Designs
AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security DesignsAmazon Web Services
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)Amazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...
Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...
Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...Amazon Web Services
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesAmazon Web Services
 
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...HostedbyConfluent
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Cybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionCybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionAmazon Web Services
 
Managing Enterprise security in the Cloud
Managing Enterprise security in the CloudManaging Enterprise security in the Cloud
Managing Enterprise security in the CloudAmazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
 

Similaire à SEC302-S-143971-AWS-Prismacloud.pptx (20)

Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
Hybrid Cloud on AWS
Hybrid Cloud on AWSHybrid Cloud on AWS
Hybrid Cloud on AWS
 
AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security Designs
AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security DesignsAWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security Designs
AWS FSI Symposium 2017 NYC - 9 Cloud Enabled Security Designs
 
State of the Union: Networking
State of the Union: NetworkingState of the Union: Networking
State of the Union: Networking
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...
Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...
Re-Architecting a Banking Application for Scale and Reliability (SRV220-R1) -...
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
 
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...
Building Real-Time Serverless Data Applications With Joseph Morais and Adam W...
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
Cybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionCybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud Adoption
 
Managing Enterprise security in the Cloud
Managing Enterprise security in the CloudManaging Enterprise security in the Cloud
Managing Enterprise security in the Cloud
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
 

Dernier

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Dernier (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

SEC302-S-143971-AWS-Prismacloud.pptx

  • 1. W A S H I N G T O N , D C | M A Y 2 3 - 2 5 , 2 0 2 2
  • 2. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure your mission-critical applications with cloud-native security S P O N S O R E D B Y P R I S M A C L O U D B Y P A L O A L T O N E T W O R K S Rajeev Karamchedu S E C 3 0 2 - S Prisma Cloud Security Specialist, National Security Programs Palo Alto Networks
  • 3. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Security must be job zero.” Andy Jassy
  • 4. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Palo Alto Networks is fully integrated and best of breed, offering complete protection for AWS FULLY INTEGRATED WITH AWS Network Security Deliver advanced network and threat protection (NGFWs) on AWS Cloud Security Secure any tech stack and any application components running on AWS SOC Security Automate incident response to eliminate manual work and speed response All flagship Palo Alto Networks cloud security products integrate with AWS
  • 5. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Palo Alto Networks is fully integrated and best of breed, offering complete protection for AWS FULLY INTEGRATED WITH AWS Protection Strata NGFWs Findings Cortex XSOAR Security Hub AWS Fargate Embedded Lambda Function Amazon ECS Container Amazon EC2 Kernel Amazon EKS Pod / Node Defenders Amazon EC2 Agentless CNAPP
  • 6. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Palo Alto Networks is an Advanced Technology Partner and ISV Accelerate Partner with AWS PERFECT AWS PARTNER FIT AWS Competencies ●Security ISV Competency ●Containers ISV Competency ●DevOps ISV Competency ●Networking ISV Competency AWS Programs ●APN Customer Engagement ●Marketplace Seller + Containers Anywhere ●Public Sector Partner ●ISV Accelerate ●SaaS Revenue Recognition ●Outpost Ready Validation AWS Service Integrations ●Monitoring ○ GuardDuty ○ Security Hub ○ Amazon Inspector ○ FireLens ○ Amazon S3 ○ Amazon SQS ○ AWS Control Tower ●Compute ○ Amazon EC2 ○ Amazon ECS ○ Amazon EKS ○ Amazon ECR ○ Lambda ○ Fargate ○ Bottlerocket ○ App Mesh ○ VMware Cloud ●CI/CD ○ CodePipeline ○ CodeDeploy ○ CloudFormation ●Incident Response ○ ACM ○ Access Analyzer ○ Athena ○ CloudTrail ○ CloudWatch ○ DynamoDB ○ Detective ○ IAM ○ Network Firewall ○ Route 53
  • 7. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud by Palo Alto Networks is a committed, historical AWS launch partner for security AWS Security Hub security launch partner AWS Lambda layers security launch partner 2018 2018 AWS Control Tower security launch partner 2021 Amazon Inspector security launch partner 2021 Amazon GuardDuty security launch partner 2017 AWS Fargate security launch partner 2017 PERFECT AWS PARTNER FIT
  • 8. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security is a shared responsibility in the cloud 50% of surveyed customers view security as “top concern” slowing journey to cloud State of Cloud Native Security Report, 2022 Responsible for security of the cloud AWS Hubs Switches Routers Hypervisor Data Center Resource Configurations Users & Credentials Networks Hosts, Containers, Functions Data Responsible for security in the cloud Customers
  • 9. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. What do they have in common?
  • 10. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 11. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated Cloud-Native Security Across Architectures Each technology offers different benefits and different security challenges Virtual Machines Containers Containers as-a-Service On-Demand Containers Serverless AWS Lambda AWS Fargate Amazon EKS Amazon ECS Amazon EC2
  • 12. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud: Defining the Cloud-Native Application Protection Platform (CNAPP) A single user experience to secure cloud infrastructure, apps, identities, networks, and data Centralized policy management, auditing, and protection (no point solutions) Full lifecycle security code to cloud for infrastructure and apps Identify vulnerabilities and misconfigurations, and integrate with code repos, CI tools, CD workflows, and runtime Unified agentless host protection with agent-based protection for hosts, containers, and serverless Vulnerability management, compliance, and runtime protection Integrated with SecOps tools to address issues and alerts Security posture dashboards and results to SIEM, SOAR, or ChatOps
  • 13. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud Cloud-Native Application Protection Platform (CNAPP) PURPOSE-BUILT FOR AWS Cloud Security Posture Management Cloud Workload Protection Cloud Network Security Cloud Identity Security Cloud Code Security Monitor and secure cloud networks, enforce micro- segmentation Enforce permissions and secure identities across clouds Secure hosts, containers, and serverless with single agent Monitor posture, detect and respond to threats, maintain compliance Secure app artifacts, analyze code, and fix issues Full Application Lifecycle Secure applications across AWS (build-deploy-run)
  • 14. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Delivering cloud security at the largest scale SECURITY AT SCALE 4B+ Assets protected 2M+ Workloads protected 700B+ Weekly cloud events processed 1 G2000 is the Forbes Global 2000 Companies; 2 Customers active per Q1 FY22 Earnings Call 3Forrester Wave for Cloud Workload Security; 4 2021 GigaOm Radar for Vulnerability Management; 5 2021 GigaOm Radar for Developer Security Tools 6 Gartner Hype Cycle for Cloud Security, 2021 SECURING GLOBAL CUSTOMERS 1800+ Total customers RECOGNIZED BY OUR USERS TOP ANALYST VALIDATIONS ●Forrester Wave™ for CWS3 Leader in Cloud Workload Security ●GigaOm Vulnerability Management Radar4 Leader and Outperformer ●GigaOm Developer Security Tools Radar5 Leader and Fast Mover ●Gartner 2021 Hype Cycle6 Included 7 market categories PeerSpot #1 Rank ∙ Cloud Workload Security ∙ Microsegmentation ∙ CSPM ∙ CNAPP
  • 15. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud Software Ecosystem SoniKube Hill AFB, UT ● F-16 Kessel Run Boston, MA ● AOC ● F-35 ● ABMS Blue Sky Warner Robins, GA ● 402nd SWEG BESPIN Montgomery, AL ● PEO BES LevelUP San Antonio, TX ● Unified Platform Thunder CAMP Oklahoma City, OK ● 76th SWEG Rogue Blue Omaha, NE ● STRATCOM Space CAMP Colorado Springs, CO ● Space Force Platform One Colorado Springs, CO ● JAIC ● Army Cyber ● AEGIS ● F-35 ● ABMS Ski CAMP Hill AFB, UT ● GBSD Kobayashi Maru Los Angeles, CA ● SMC Corsair Ranch Tuscon, AZ TRON Oahu, HI ● PACOM Conjure Scott AFB, IL ● 375th Scorpion CAMP Oklahoma City, OK Hangar 18 Dayton, OH Red 5 Langley, VA N2X Pathfinder Colorado Springs, CO ● NORAD
  • 16. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud DoD Use Case Examples USAF Platform One ● Prisma Cloud prominent security component in DoD Enterprise DevSecOps (DSOP) Platform One initiative ● Prisma Cloud images available for any DoD entity inside the Iron Bank (DoD Centralized Artifacts Repository ~ DCAR) ● Prisma Cloud secures cloud apps for Navy onboard NAVSEA’s Cloud In a Box Initiative (fully functional on-ship cloud) JAIC (Joint Artificial Intelligence Center) ● Prisma Cloud secures the entire DevSecOps process for JAIC and the DoD AI Center of Excellence which builds AI and ML for DoD. DISA (Defense Information Systems Agency) – Joint Regional Security Stacks ● Prisma Cloud delivers compliance, vulnerability, and malware scans in Defense Container DoD central artifact repository (DCARS)
  • 17. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud Continuous Authority to Operate (cATO) DOD cATO memo dated 2/3/2022: “cATO represents a challenging but necessary enhancement of our cyber risk approach in order to accelerate innovation while outpacing expanding cybersecurity threats.” Authorizing Official (AO) requires demonstration of three competencies: 1. On-going visibility of key cybersecurity activities inside of the system boundary with a robust continuous monitoring of RMF controls 2. Ability to conduct active cyber defense in response to cyber threats in real time 3. Adoption and use of an approved DevSecOps reference design
  • 18. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud cATO Competencies “On-going visibility of key cybersecurity activities inside of the system boundary with a robust continuous monitoring of RMF controls.” ● Continuous monitoring for “drift” in ATO-identified controls, non-compliance alerting, and anomaly detection at runtime ● Events mapped to ATT&CK framework in ATT&CK Explorer for threat context ● Machine learning and heuristics help to efficiently analyze events ● Option to analyze within Incident Explorer ● Live Forensic details to help threat remediation
  • 19. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud cATO Competencies (Active Cyber Defense) ● Intelligence Stream (IS) Real-time vulnerability & threat data ● Advanced Threat Protection (ATP) Runtime defense ● App-Specific Intelligence Detect runtime anomalies ● ATT&CK Explorer Correlated real-time view of TTPs ● Vulnerability Explorer Correlation and prioritization ● Machine Learning & Heuristics Automated detection & analysis ● WAAS & Virtual Patching Rapid response “Ability to conduct active cyber defense in order to respond to cyber threats in real time.”
  • 20. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud cATO Competencies (Supply Chain Security) ● IaC Security Embed security into popular IDEs, version control systems, and CI/CD tools ● Container Vulnerability Assessments Protect against misconfigurations in containers and ensure image integrity ● Image Analysis Sandbox Dynamically analyze runtime behavior of images before deployment ● Identity & Access Management (IAM) Govern identity and access to your supply chain and source code “Adoption and use of an approved DevSecOps reference design.”
  • 21. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prisma Cloud by Palo Alto Networks: Resources ● Visit The Palo Alto Networks Showcase Booth Live product demonstrations and answers ● Prisma Cloud Datasheet for AWS paloaltonetworks.com/prisma/environments/aws ● Prisma Cloud for AWS Demo youtube.com/watch?v=rTH8y3fiW5s ● Forrester: Total Economic Impact of Prisma Cloud paloaltonetworks.com/prisma/forrester-tei-study-prisma-cloud-2021 ● Visit Palo Alto Networks in the AWS Marketplace
  • 22. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Any questions? We have answers!
  • 23. Thank you! © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Rajeev Karamchedu rkaramchedu@paloaltonetworks.com Matt Lamb mlamb@paloaltonetworks.com
  • 24. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the mobile app Android iOS