Cloud Security Topics: Network Intrusion Detection for Amazon EC2

•Download as PPTX, PDF•

3 likes•4,359 views

With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.

Technology

Managing Cloud Security:
Intrusion Detection in Public
Cloud Environments

Introduction

• About the presenter
− Misha Govshteyn
− Founder & VP of Emerging Products at Alert Logic
• Our topic today:
− Deploying Network Intrusion Detection technologies in Amazon
EC2 environment

2

Comprehensive Security

IDS

2 Factor Authentication “Strong security controls are a
Vulnerability Scanning requirement for many
mission-critical IT
Integrity Monitoring workloads. Customers
demand that service providers
Configuration Assessment (Tripwire)
address security as they move
Firewall IT infrastructure to fully elastic
public cloud environments”
Antivirus

Web Application Firewall - Joel Friedman, Datapipe CSO

TDE – Transparent Database Encryption

4

Why detect intrusions?

Do you want to know if your
webservers are making connections to
botnet command & control servers?

Do you want to know if someone is
running a vulnerability scan on you
without your knowledge?

Do you trust that your development
teams and software vendors have
eliminated 100% of SQL injection or
other common attacks?

5

Public Cloud Security Complexity
Security solutions must be built specifically for public cloud

elastic
scaling

utility management
pricing automation

PUBLIC CLOUD
SECURITY
REQUIREMENTS
=
managed self-service
operations provisioning

Traditional “Big Box”
third-party
ownership
Security Appliances are
Dead

Page 7
7

AWS environment challenges

1 • Lack of network introspection facilities such as SPAN

2 • Ephemeral networking means IP addresses cannot be
used as host identifiers

• Services must be tightly coupled to provisioning systems
3 via API to support auto-scaling and role-based
management

Building a scalable security cloud service requires new solutions
specifically designed to operate for cloud environments

8

Soft-Tap Architecture
Unique approach to network security monitoring in EC2

eth0 eth0 eth0 eth0 eth0

Soft Soft Soft Soft
Tap Tap IDS Tap Tap

eth1
vpn eth1
vpn eth1
vpn vpn
eth1 vpn
eth1

VPN Transport

9

Alert Logic for Amazon EC2

Enabling: IDS for LM for VA for
• Traffic monitoring via Cloud Cloud Cloud
software-based network taps
• Log collection via a software agents
• Virtual appliances based data collection Virtual Appliances & Host Agents
• Host agents that continuously track the
state of monitored instances
• Automated software and configuration Management API
deployment via internal management APIs
• Multi-tenant aware provisioning API for
integration with service provider Provisioning API

Provides:
• Auto-scaling by tracking IP addresses of protected hosts
• Load balancing & fail over between appliances
• Transport-level data encryption
• Centralized resource authorization via certificates for

Amazon Web Services

Page 10

Components

Customer EC2 Environment Collection/Cloud Management System

Security Portal Incident

11

Datapipe IDS for EC2: Setup Process

API TM LM SOC
Integration UI

CMS

Deploy certificates
+ + +
Install software
packages and
virtual appliances

VPN Transport

Attack Scenario

SQL Injection
Attack
(this time
unsuccessful)
Attacker
(me)

VPN Transport

13

What happens next

Incident identified Threat level
by correlation escalated to 60
engine out of 100

Notification sent Incident
to Datapipe investigated by
security Alert Logic SOC

Incident
remediated by Attacker blocked
Datapipe security at the firewall
team

14

Availability

• In beta today with select customers
• Available as a managed service for AWS customers
exclusively through Datapipe in early 2012
• RightScale enabled: bundled into ServerTemplates for automation
• Auto-scaling support coming soon
• Available as a self-service solution for AWS and other
public clouds from Alert Logic in 1H 2012

Questions?
Contact: @mgbits

15

What's hot

Porque cambiar de IPSec a SSL VPN

aloscocco

Securing DoD workloads in the cloud is no task to be taken lightly. Today's ever-changing threat landscape requires the advanced capabilities of Palo Alto Networks VM-Series Next Generation Firewall to secure your AWS deployment. Granular security controls based upon users, their applications and the content within those applications give you complete visibility into, and control over, the "who" (via User-ID), and "what" (via App-ID) of your cloud traffic while preventing both known and unknown threats. Coupled with Palo Alto Networks and Amazon's Secure Cloud Computing Architecture (SCCA) Quick Start deployment template, the process of attaining your accreditation is greatly streamlined. Automate your deployment on AWS with many required SCCA security controls both pre-configured and documented at the time of deployment. This session will relate the capabilities that Palo Alto Networks Next Generation Firewall brings to the cloud- including a product demonstration conducted on a VM-Series firewall running on AWS. The target audience is technical security practitioners and information assurance professionals who want to understand the capabilities of Palo Alto Networks on AWS, prevent data breaches, and efficiently attain their accreditation. Learn More: https://aws.amazon.com/government-education/

Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...

Amazon Web Services

How do you manage Internet of Things (IoT) devices at scale

Duncan Purves

Defending the Data Center: Managing Users from the Edge to the Application

Cisco Security

IoT Device Management using open standards end-to-end

Pilgrim Beart

From Physical to Virtual to Cloud

Cisco Security

Layer 7: Cloud Security For The Public Sector

CA API Management

Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...

NetworkCollaborators

Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki

Cisco Canada

Nimbo/Alert Logic - Azure in the Cloud

Alert Logic

VMware is providing a consistent operational fabric across multi-Cloud and hybrid environments, allowing applications to be deployed and to run with a single click. Within this context, enterprises are focused on managing the risks of performance and security when delivering applications. NETSCOUT is the leader in providing consistent, real time visibility and a precise, early warning system into application and service level performance risks and rapid triage to resolve problems across the data center and multi-Cloud. This session will detail how VMware NSX and NETSCOUT have partnered to provide the next-generation, end to end visibility and troubleshooting analytics which can be deployed natively, invisible to the the workload, within the VMware Virtual Cloud Network and NSX-T fabric and across legacy and transformed data center architectures.

End to End Application Visibility and Troubleshooting Across the Virtual Clou...

NETSCOUT

VMworld 2014: Virtualize your Network with VMware NSX

VMworld

Multiple protocols have been positioned as “the” application-layer messaging protocol for the Internet of Things (IoT) and Machine-to-Machine (M2M) communication. In fact, these protocols address different aspects of IoT messaging and are complementary more than competitive (other than for mindshare). This presentation compares two of these protocols, MQTT and DDS, and shows how they are designed and optimized for different communication requirements.

Comparison of MQTT and DDS as M2M Protocols for the Internet of Things

Real-Time Innovations (RTI)

CensorNet ISP Filtering

tlloyduk

Innovations in Switching

Cisco Canada

A10 Thunder ADC delivers critical services in the most efficient hardware- and software-based form factors. Thunder ADC product line maximizes rack space and reduces power consumption (via optimal ADC CPU and memory optimization, infrastructure optimization and overall data center cooling). The product line is built upon A10's Advanced Core Operating System (ACOS®) platform, with our Symmetric Scalable Multi-Core Processing (SSMP) software architecture that delivers high performance and a range of deployment options for dedicated, hosted or cloud data centers.

A10 Networks: Delivering Data Center to Data Center communications securely

David Ayoub

Enabling SDN for Service Providers by Khay Kid Chow

MyNOG

Gain Insight and Programmability with Cisco DC Networking

Cisco Canada

Software Defined Networking - Huawei, June 2017

Novosco

This Cloud Security tutorial shall first address the question whether Cloud Security is really a concern among companies which are making a move to the cloud. The tutorial also discusses the process of troubleshooting a problem in the cloud. This tutorial is ideal for people who are planning to make a career shift in the cloud industry. Below are the topics covered in this tutorial: 1. Why and What of Cloud Security? 2. Private, Public or Hybrid 3. Is Cloud Security really a concern? 4. How secure should you make your application? 5. Troubleshooting a threat in the Cloud 6. Cloud Security in AWS

Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka

Edureka!

What's hot (20)

Porque cambiar de IPSec a SSL VPN

Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...

How do you manage Internet of Things (IoT) devices at scale

Defending the Data Center: Managing Users from the Edge to the Application

IoT Device Management using open standards end-to-end

From Physical to Virtual to Cloud

Layer 7: Cloud Security For The Public Sector

Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...

Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki

Nimbo/Alert Logic - Azure in the Cloud

End to End Application Visibility and Troubleshooting Across the Virtual Clou...

VMworld 2014: Virtualize your Network with VMware NSX

Comparison of MQTT and DDS as M2M Protocols for the Internet of Things

CensorNet ISP Filtering

Innovations in Switching

A10 Networks: Delivering Data Center to Data Center communications securely

Enabling SDN for Service Providers by Khay Kid Chow

Gain Insight and Programmability with Cisco DC Networking

Software Defined Networking - Huawei, June 2017

Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka

Viewers also liked

The rackspace difference v1 2016_10_03 (1)

Jill Coveney

CorporateOverview8-31-2016

Jessica Anderson

James Moore Resume 2016

James Moore

Zayo UK - Global Network Map

James O'Brien

Zayo Group Overview

cbrandt69

Your developers are the most important part of transforming your customer interactions into engaging experiences. Salesforce App Cloud, which brings together Heroku, Force.com and Lightning, abstracts away infrastructure and devops complexity, so you can focus on what matters most: building differentiated experiences through apps. Reducing time to market and letting you iterate fast helps you rise above the competition and build lasting customer relationships. In this session, you hear from Zayo, a leading global communications infrastructure services provider, and how they are leveraging the power of integrating the Salesforce and AWS platforms to deliver highly engaging customer experiences, enhancing developer productivity and driving faster innovation cycles. We spotlight Heroku Connect, which makes it easy to extend and synchronize your customer data between Salesforce and AWS and enhance it in ways that empower your developers to do what they do best: innovate. Session sponsored by Salesforce.

AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...

Amazon Web Services

Viewers also liked (6)

The rackspace difference v1 2016_10_03 (1)

CorporateOverview8-31-2016

James Moore Resume 2016

Zayo UK - Global Network Map

Zayo Group Overview

AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...

Similar to Cloud Security Topics: Network Intrusion Detection for Amazon EC2

RightScale Conference Santa Clara 2011 - With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Ed Laczynski, VP of Cloud Strategy and Architecture at Datapipe, will demonstrate a working IDS solution in a public cloud.

Managing Cloud Security: Intrusion Detection Services in a Public Cloud

RightScale

Integrating network virtualization security in OpenStack Deployments.pdf

OpenStack Foundation

Smartronix - Building Secure Applications on the AWS Cloud

Amazon Web Services

Enterprise Applications on AWS

Amazon Web Services LATAM

17h30 aws enterprise_app_jvaria

Luiz Gustavo Santos

Our presenter, Ran Nahmias, Net Optics Director of Cloud and Virtualization Solutions, provides an overview of practical challenges to conducting Lawful Intercepts within converged (physical & virtual) or homogenous virtual network environments. Virtualization in the Data Center, More Than a Trend! Virtualization has provided network architects with a new level of flexibility and cost-savings in their server deployments. At the same time, that new level of flexibility has created new opportunities for potentially unlawful activity to be concealed or easily moved across legal jurisdictions to avoid prosecution. View this informative webinar to learn about: Unique enforcement challenges inherent to Virtualization Compliance challenges created by Virtualized environments Methods for thwarting virtual machine jurisdiction ‘hopping’

Lawful Interception in Virtual Environments

LiveAction Next Generation Network Management Software

Subtitle: How I Learned to Stop Worrying and Get DevOps to Love Security These slides are from a talk delivered by Rand Wacker at BayThreat 2011. ABSTRACT: Take a look around, you might be surprised who is running servers in the cloud; you might be even more surprised about what they are running. Unfortunately, these people rarely if ever thought to tell the security teams, and that means big problems for us all. Securing servers in the cloud is different, very different, than in a traditional data center, but all the same risks are there. Lets start by understanding who is using the cloud, why it is so different, and what works and doesn't work from our typical security toolbox. Then lets try to solve some of those problems and come up with some best practices to help us and those we work with do what they need…securely.

BayThreat Why The Cloud Changes Everything

CloudPassage

Microsoft Best Practices - AWS India Summit 2012

Amazon Web Services

Layer 7 & Burton Group: New Cloud Security Model Requirements

CA API Management

Meeting the business and technical challenges of today's organizations requires an architectural approach. The Cisco Borderless Network Architecture is the technical architecture that allows organizations to connect anyone, anywhere, anytime, and on any device - securely, reliably, and seamlessly. It is built on an infrastructure of scalable and resilient hardware and software. Components of the architecture come together to build network systems that span your organization from network access to the cloud. Intelligent network, endpoint, and user services provide the flexibility, speed, and scale to support new devices, applications, and deployment models. The impact of the consumerization of IT and mobility cannot be understated. The impact that these two key business elements have on the evolution of Enterprise Architecture and for Service Provider's ability to offer services to Enterprises, Governments, and Consumers will be addressed in this webinar. We will talk about the importance of the shift and movement of the secure network edge leads to a very close examination of the changing threat vectors and vulnerabilities impacting your businesses today. We will also detail service delivery and consumption on the three 'service horizons,' (Mobile Endpoint and CPE, Virtualized Network Edge/Data Center Edge, and the Cloud).

Monetizing the Enterprise: Borderless Networks

Cisco Service Provider Mobility

null Bangalore meet - Cloud Computing and Security

n|u - The Open Security Community

Intel Cloud Summit: Greg Brown McAfee

IntelAPAC

BIG-IP ADCs and ADF

F5 Networks

CNISP - Platform Introduction 071511pks

lucpaquin

Cloud Security: Perception Vs. Reality

Internap

In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as automated provisioning with AWS CloudFormation, and configuration management with AWS OpsWorks. Speakers: Miha Kralj, AWS Solutions Architect Amarpal S. Attwal, Senior Technical Lead, ICT Engineering, Just Eat Koen van den Biggelaar, AWS Solutions Architect

Deep Dive - Hybrid Architectures

Amazon Web Services

Learn how to enable and support data migrations in AWS and keep your business applications highly secure, whether you are migrating your IT infrastructure to the cloud, migrating your business applications to the cloud, or simply moving traffic on AWS between different Availability Zones. Our real-world use cases include securing your critical business applications in AWS by deploying vSRX as a perimeter firewall for VPC instances, and enabling secure transport and routing for hybrid cloud deployments using IPSec VPNs on vMX. Session sponsored by Juniper Networks.

(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS

Amazon Web Services

Daniel künzli cloudgateway.next

Digicomp Academy AG

Enterprise Security in Cloud

Lenin Aboagye

Enterprise Security in Hybrid Cloud ISACA-SV 2012

Symosis Security (Previously C-Level Security)

Recently uploaded

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Real Time Object Detection Using Open CV

Khem

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Histor y of HAM Radio presentation slide

vu2urc

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Exploring the Future Potential of AI-Enabled Smartphone Processors

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Real Time Object Detection Using Open CV

Advantages of Hiring UIUX Design Service Providers for Your Business

Artificial Intelligence: Facts and Myths

A Year of the Servo Reboot: Where Are We Now?

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Handwritten Text Recognition for manuscripts and early printed texts

How to Troubleshoot Apps for the Modern Connected Worker

Strategies for Landing an Oracle DBA Job as a Fresher

Histor y of HAM Radio presentation slide

Partners Life - Insurer Innovation Award 2024

GenCyber Cyber Security Day Presentation

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

GenAI Risks & Security Meetup 01052024.pdf

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

1. Managing Cloud Security: Intrusion Detection in Public Cloud Environments

2. Introduction • About the presenter − Misha Govshteyn − Founder & VP of Emerging Products at Alert Logic • Our topic today: − Deploying Network Intrusion Detection technologies in Amazon EC2 environment 2

3. Datapipe Cloud Services Stack 3

4. Comprehensive Security IDS 2 Factor Authentication “Strong security controls are a Vulnerability Scanning requirement for many mission-critical IT Integrity Monitoring workloads. Customers demand that service providers Configuration Assessment (Tripwire) address security as they move Firewall IT infrastructure to fully elastic public cloud environments” Antivirus Web Application Firewall - Joel Friedman, Datapipe CSO TDE – Transparent Database Encryption 4

5. Why detect intrusions? Do you want to know if your webservers are making connections to botnet command & control servers? Do you want to know if someone is running a vulnerability scan on you without your knowledge? Do you trust that your development teams and software vendors have eliminated 100% of SQL injection or other common attacks? 5

6. Broad Cloud Adoption: Inhibitors 6

7. Public Cloud Security Complexity Security solutions must be built specifically for public cloud elastic scaling utility management pricing automation PUBLIC CLOUD SECURITY REQUIREMENTS = managed self-service operations provisioning Traditional “Big Box” third-party ownership Security Appliances are Dead Page 7 7

8. AWS environment challenges 1 • Lack of network introspection facilities such as SPAN 2 • Ephemeral networking means IP addresses cannot be used as host identifiers • Services must be tightly coupled to provisioning systems 3 via API to support auto-scaling and role-based management Building a scalable security cloud service requires new solutions specifically designed to operate for cloud environments 8

9. Soft-Tap Architecture Unique approach to network security monitoring in EC2 eth0 eth0 eth0 eth0 eth0 Soft Soft Soft Soft Tap Tap IDS Tap Tap eth1 vpn eth1 vpn eth1 vpn vpn eth1 vpn eth1 VPN Transport 9

10. Alert Logic for Amazon EC2 Enabling: IDS for LM for VA for • Traffic monitoring via Cloud Cloud Cloud software-based network taps • Log collection via a software agents • Virtual appliances based data collection Virtual Appliances & Host Agents • Host agents that continuously track the state of monitored instances • Automated software and configuration Management API deployment via internal management APIs • Multi-tenant aware provisioning API for integration with service provider Provisioning API Provides: • Auto-scaling by tracking IP addresses of protected hosts • Load balancing & fail over between appliances • Transport-level data encryption • Centralized resource authorization via certificates for Amazon Web Services Page 10

11. Components Customer EC2 Environment Collection/Cloud Management System Security Portal Incident 11

12. Datapipe IDS for EC2: Setup Process API TM LM SOC Integration UI CMS Deploy certificates + + + Install software packages and virtual appliances VPN Transport

13. Attack Scenario SQL Injection Attack (this time unsuccessful) Attacker (me) VPN Transport 13

14. What happens next Incident identified Threat level by correlation escalated to 60 engine out of 100 Notification sent Incident to Datapipe investigated by security Alert Logic SOC Incident remediated by Attacker blocked Datapipe security at the firewall team 14

15. Availability • In beta today with select customers • Available as a managed service for AWS customers exclusively through Datapipe in early 2012 • RightScale enabled: bundled into ServerTemplates for automation • Auto-scaling support coming soon • Available as a self-service solution for AWS and other public clouds from Alert Logic in 1H 2012 Questions? Contact: @mgbits 15

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (6)

Similar to Cloud Security Topics: Network Intrusion Detection for Amazon EC2

Similar to Cloud Security Topics: Network Intrusion Detection for Amazon EC2 (20)

Recently uploaded

Recently uploaded (20)

Cloud Security Topics: Network Intrusion Detection for Amazon EC2