developing a continuous automated approach to cloud security
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Tim Prendergast, CEO and co-founder, Evident.io
04 / 19 / 2016
Automating Security Operations on AWS
Of the changes catalyzed by cloud,
security is still the most exciting.
Your Role in Securing AWS is Well-Defined
Customer Data
Applications IdentityAccess
Mgmt
OS Network Firewall
Client-side
EncryptionServer-side
EncryptionNetwork Traffic
Protection
Compute Storage Networking
AWS Global Infrastructure
(Regions, AZs, Edge Locations)
AWS: Security of the Cloud
Customer: Security in the Cloud
Legacy Datacenters
• Big Perimeter
• End-to-End Ownership
• Build it all yourself
• Server-centric approach
• Self-managed Services
• Static Architecture
• De-centralized Administration
The security paradigm shifted
AWS
• Micro-Perimeters
• Own just enough
• Focus on your core value
• Service-Centric
• Platform Services
• Continuously Evolving
• Central Control Plane (API)
… but the security technology is dated
Customer Data
Applications IdentityAccess
Mgmt
OS Network Firewall
Client-side
EncryptionServer-side
EncryptionNetwork Traffic
Protection
Network Appliances
Host-based Agents
IP-based scanners
Log Analytics
DLP & Encryption
Manual Audits
These technologies rarely embrace cloud values
Host Security isn’t enough
Why protect here…
When your critical
data is now here?
(and 50+ other svcs)
Virtual Appliances don’t scale
VIDS /
VIPS
Traffic flows fine at
“planned” capacity
But in Elastic Events…
Appliance capacity overwhelmed
And in general, too much information flows…
ElasticSearch
This is just a SUBSET of an average shop’s data flows
Humans scale to
a point…
And then we turn
to computers.
Why automate Security?
We’re >1m security professionals short
of “equilibrium” and lagging…
Why automate Security?
Alert Psychology proves that
fatigue destroys process
Why automate Security?
As infrastructure and software delivery
accelerate, there is no alternative.
Pick your Flavor
Rugged DevOps
DevSecOps
Agile Security
Secure By Design
Q: Where does Security Belong?
Security Automation Is Good For EVERYONE
DevOps builds Value
Security builds TRUST
Customers / Businesses need
TRUST and VALUE.Security
De
vO
ps
SecOps in AWS
• Need to take a holistic approach
• Need to capture past, present, and predicted state
• Need query capability for Incident Response (IR)
• Need to tie into DevOps technologies to maximize reach
• Need to automate response to minimize response time
Rubber, meet road
https://benchmarks.cisecurity.org/downloads/show-single/?file=awsfoundations.100
CIS Benchmarks for AWS:
- Community driven
- Clear and Concise
- Implementation Guidance
- Third-party supported
Implementation is Step 1
1s and 0s
Telemetry is critical
State
Capture states from:
- API ( the source of all truth)
- Audit Sources (AWS CloudTrail / AWS Config)
- Applications & Data
- Identities & Policies
- Telemetry (Amazon CloudWatch, Amazon CloudWatch
Logs + Amazon CloudWatch Events)
Step 2 – if you are keeping track
PITBL
Point-in-Time analysis
Baseline Creation
Behavioral Analysis
The Spanish Inquisition
Querying data answers questions
Did anyone launch an unapproved server last month?
Were any of our load balancers affected by weak DH keys?
Are we really doing what we SAY we are doing?
#3
The Action
Be an Action HeroThis is all useless unless you DO SOMETHING
Security
Event
Lambda
#4
Minecraft, the craft of mining
Mine the data for compliance,
predictive security models, and other
key learnings
Evident Security Platform (ESP)
• 100% AWS Native Application
• Agentless Deployment
• Continuous Security Scanning &
Alerting across all AWS services
• Integrates tightly with DevOps
tools to accelerate secure product
lifecycles
• Tracks history and state to
support Audit and Compliance
needs
Next Steps…
1. Talk with the Evident team at Booth #101 to dive deeper
and get FREE CIS Benchmark reviews
2. Add our blog to your reading list: https://blog.evident.io
3. Find your peers here and talk security! AWS events are
the best places to meet and learn.
4. Be sure you attend re:Invent 2016!