CloudTrail is an AWS service that records API calls made in an AWS account and delivers log files to enable security monitoring and compliance. It provides visibility into who accessed AWS resources, when they accessed them, and from where. Cloudlytics is a service that allows users to analyze CloudTrail logs to generate security and compliance reports. The document discusses enabling CloudTrail, configuring Cloudlytics to access CloudTrail logs, and using Cloudlytics to analyze the logs and generate various audit reports.
Manage Security & Compliance of Your AWS Account using CloudTrail
1.
2. Need of Audit Trail
Introduction to CloudTrail
How to Enable CloudTrail in your AWS Account
Analyzing CloudTrail using Cloudlytics
Manage Security & Compliance of your AWS Account using CloudTrail
4. The average cost of a
data breach in 2014 was
$3.5 Million.
– Ponemon Institute
On an average,
companies are attacked
16,856 times
a year, and many of
those attacks result in a
quantifiable data
breach.
– IBM Security Services
“In the average attack, you get
90%of the data you want
in like nine hours, and yet most
of the companies don't find out
for three to four months.”
– John Chambers, CEO (CISCO)
Manage Security & Compliance of your AWS Account using CloudTrail
6. “There is no data center or network in the
world that hasn't been hacked. If you
watched the number of attacks, they're
going up exponentially this year (2015),
this year's going to be
much worse than last
year.”
- John Chambers, CEO (CISCO)
Manage Security & Compliance of your AWS Account using CloudTrail
8. 92% of data breaches can be
described by just nine distinct
patterns.
—Verizon, (2014 Data Breach Investigations Report)
43% of C-level executives
say negligent insiders are the
greatest threat to sensitive data.
— IBM Services
Manage Security & Compliance of your AWS Account using CloudTrail
10. An Audit Trail is a security-relevant
chronological record, set of records, and/or
destination and source of records that provide
documentary evidence of the sequence of
activities that have affected at any time a
specific operation, procedure, or event. Audit
records typically result from activities such as
financial transactions, scientific research and
health care data transactions, for
communications by individual people, systems,
accounts, or other entities.
Manage Security & Compliance of your AWS Account using CloudTrail
12. AWS & Audit Trails
Manage Security & Compliance of your AWS Account using CloudTrail
13. AWS CloudTrail is a web service that records AWS
API callsfor your account and delivers log files to
you. The recorded information includes the identity of
the API caller, the time of the API call, the source IP
address of the API caller, the request parameters,
and the response elements returned by the AWS
service.
CloudTrail
Manage Security & Compliance of your AWS Account using CloudTrail
14. Manage Security & Compliance of your AWS Account using CloudTrail
Tokyo
Sydney
Singapore
Frankfurt Ireland Sao Paulo
Northern
Virginia
GovCloud
Northern
California
Oregon
16. Manage Security & Compliance of your AWS Account using CloudTrail
Successful requests to AWS Services
Time of Request
User Identity
Access Keys being Used
Request Response
18. AWS Identity and Access Management is a web
service that enables AWS customers to manage users
and user permissions in AWS.
Manage Security & Compliance of your AWS Account using CloudTrail
19. Amazon Elastic Compute Cloud (Amazon EC2)
provides resizable compute capacity in the cloud. It is
designed to make web-scale cloud computing easier
for developers and allow them to obtain and configure
capacity with minimal issues.
Manage Security & Compliance of your AWS Account using CloudTrail
21. Who initiated an Action?
Time of the Action?
What Action was taken?
Where was the Action performed?
Manage Security & Compliance of your AWS Account using CloudTrail
22. Manage Security & Compliance of your AWS Account using CloudTrail
HIPAA Section 164.312(1)(b) - Audit controls
(required), which states organizations must “Implement
hardware, software, & procedural mechanisms that record &
examine activity in information systems that contain or use
electronic protected health information.”
PCI DSS - Requires user logon and log off events to
be recorded as part of the "follow the user requirement".
23. Overview
Report
Manage Security & Compliance of your AWS Account using CloudTrail
User Audit
Report
EC2 Activity
Report
Custom
Report
24. Manage Security & Compliance of your AWS Account using CloudTrail
Top 5 Users
Top 5 Services
Top 5 IP Addresses
Top 5 Access Keys
Unauthorized
Accesses
Location
25. Manage Security & Compliance of your AWS Account using CloudTrail
List of Instances
Instance Related
Activities
User Access Patterns Errors
27. Manage Security & Compliance of your AWS Account using CloudTrail
List of Users User Related Activities
User Access Patterns Geographic Locations
Access Keys Used
29. Manage Security & Compliance of your AWS Account using CloudTrail
Generate your
own Report
Define a Query
Generate Report
30. Create a New User from the IAM Console
Set the User Policy
Grant access of the logs containing S3 bucket to
Cloudlytics
Manage Security & Compliance of your AWS Account using CloudTrail
31. Register with Cloudlytics
Configure CloudTrail
Manage Security & Compliance of your AWS Account using CloudTrail
Start Analyzing AWS Logs