Protecting Your IT Environments: Insights from Real-World Security Incidents.

Welcome

Sheri SullivanSenior Partner Marketing Manager

Amazon Web Services

Webinar Overview

Today’s webcast is being recorded. Submit Your Questions using the Q&A tool.

A copy of today’s presentation will be made available on:

AWS SlideShare Channel@ http://www.slideshare.net/AmazonWebServices/

AWS YouTube Channel@ http://www.youtube.com/user/AmazonWebServices

Amazon Web Services overview and security requirements

Alert Logic cloud security insights and research findings

Alert Logic security solutions on AWS

Q&A

What We’ll Cover

Miles WardSenior Solutions Architect

Amazon Web Services

Stephen CotyDirector of Research

AlertLogic

Introducing

What is AWS?

AWS Global Infrastructure

Application Services

Networking

Deployment & Administration

DatabaseStorageCompute

AWS Security and Compliance Framework

No Up-Front Capital Expense

Pay Only for What You Use

Self-Service Infrastructure

Easily Scale Up and Down

Improve Agility & Time-to-Market

Low Cost

Cloud Computing Benefits

Deploy

• $5.2B retail business

• 7,800 employees

• A whole lot of servers

Every day, AWS adds enough

server capacity to power that

whole $5B enterprise

Solving Problems for Organizations Around the World

Gartner “Magic Quadrant for Cloud Infrastructure a Service,” Lydia Leong, Douglas Toombs, Bob Gill, Gregor Petri, Tiny Hayn, October 18, 2012. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report.. The Gartner report is available upon request from Steven Armstrong (asteven@amazon.com). Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner Magic Quadrant for Cloud Infrastructure as a Service

Why Amazon Web Services?

The Cloud API

Standard

Global Footprint

and Expansion

Operational Excellence

Rate of Innovation

Security and Compliance

Deploy

Clear Market Leadership

Why Amazon Web Services?

The Cloud API

Standard

Global Footprint

and Expansion

Operational Excellence

Rate of Innovation

Security and Compliance

Deploy

Clear Market Leadership

Architected for Enterprise Security Requirements

And now.. FedRAMP!

“The Amazon Virtual Private Cloud

[Amazon VPC] was a unique option that

offered an additional level of security and

an ability to integrate with other aspects

of our infrastructure.”Dr. Michael Miller,

Head of HPC for R&D

“You basically turn yourself into a

polymorphic surface to which the attack guy

has a much tougher time getting at. That,

ultimately, is the real key advantage to drive

security and make things much better for us

across the board.”Gus Hunt, CTO

Central Intelligence Agency

SSAE16/32 AuditISO 27001/2 CertificationPCI DSS 2.0 Level 1-5HIPAA/SOX ComplianceFISMA ModerateFEDRamp / GSA ATO

Enforce IAM policiesUse MFA, VPC, Leverage S3 bucket policies,

EC2 Security groups, SSL, EFS in EC2 Etc..

Encrypt data in transitEncrypt data at rest

Protect your AWS CredentialsRotate your keys

Secure your OS and applications

In the Cloud, Security is a Shared Responsibility

Application Security

Services Security

Infrastructure Security

How we secure our infrastructure

What security options and features are available to you?

How can you secure your application and what is your

responsibility?

> www.alertlogic.com

Insights from Real-World Security Incidents

Stephen Coty, Director of Research

Protecting Your IT Environments

> www.alertlogic.com 16

Lack of data on real risks drives this uncertainty

There’s a perception of cloud insecurity…

> www.alertlogic.com

Alert Logic looks at security data every day

17

1 billion > 45,000

Our State of Cloud Security Report analyzes real customer cloud

security data.

> www.alertlogic.com

Spring 2013 Report

18

• 1,800+ customers• 45,000+ incidents• Report series cover 2+ years

of data

April – Sept 2012 Data

• Financial Services• Healthcare• Software-as-a-Service

Vertical Focus

> www.alertlogic.com

Spring 2013 Report

19

• 1,800+ Customers Environments• 2 Years of Threat Data Published• 150k+ Security Incidents Analyzed

Key Findings

• Cloud environments are not more attack prone than enterprise data centers

• Web application attacks are a significant threat vector for all environments

• Threats levels are consistent across industries and verticals

Full Report Available at alrt.co/Spring2013CSR

> www.alertlogic.com

Anatomy of an Incident

Page 20

Hacker Timeline

Corporate Timeline

> www.alertlogic.com

Percentage of customer impacted by…

21

App Attack

Malware/Botnet

Recon

Vulnerability Scan

Bruteforce

Web App Attack

0% 10% 20% 30% 40% 50% 60%

15%

49%

23%

28%

49%

39%

3%

5%

9%

27%

30%

52%

Cloud Hosting Providers Enterprise Data Center

> www.alertlogic.com

Solutions to address these incidents

App Attack

Malware/Botnet

Recon

Vulnerability Scan

Bruteforce

Web App Attack

0% 10% 20% 30% 40% 50% 60%

15%

49%

23%

28%

49%

39%

3%

5%

9%

27%

30%

52%

Cloud Hosting Providers Enterprise Data Center

Source: Alert Logic State of Cloud Security, Spring 2013

Malware protection critical for on-premises infrastructure

Review log data to detect brute force

attempts

Use IDS to detect

suspicious recon

Active web application defense blocks attacks

22

> www.alertlogic.com

23

AWS GlobalInfrastructure

FoundationServices

Multiple Availability

Zones

Globally Distributed

Regions

Compute Storage DB Network

VPC Networks

Hosts

• VPC provides Logically isolated environments• Security groups filter inbound/outbound • External DDoS, spoofing and scanning

prevented

• Hardened hypervisor• Promiscuous mode prevented• Deny-all default in security group• Root access provided to customer

• Access management• Patch management• Configuration hardening• Security monitoring• Log analysis

Apps

• Network threat detection

• Security monitoring

• Secure coding and best practices• Software and virtual patching• Configuration management

• Access management• Application level attack monitoring

The Enterprise Security Model

SQLiX-site scripting

Data exfiltration

Privilege escalationTrojan

Brute force attacks

Botnet compromiseC&C traffic

Buffer overflow

23

> www.alertlogic.com

Alert Logic Solutions

24

COMPLY MONITOR PROTECT

Network

Host

App

Web Security Manager + ActiveWatch

Product Technologies• Web Application Firewall

• Positive & negative security models• Adaptive learning engine• Broad compliance coverage (PCI 6.6, OWASP Top 10)

Log Manager + LogReview

Product Technologies• Log archival• SIEM

• Automated analysis of security logs• Simple, intuitive search interface• All your data accessible online, all the time

Threat Manager + ActiveWatch

Product Technologies• IDS with blocking• Vulnerability Assessment

• Context aware threat identification• Integrated VA for minimal false positives• PCI Approved Scanning Vendor certified

Implement Operate Content Monitor Alert Respond

Clou

d En

able

d IT

Infr

astr

uctu

re

Security & Compliance Outcomes

Security-as-a-Service Delivery

SQLiX-site scripting

Data exfiltration

Privilege escalationTrojan

Brute force attacks

Botnet compromiseC&C traffic

Buffer overflow

> www.alertlogic.com 25

Engineered for AWS Environments

Engineered for AWS

Supports auto-scaling & role aware Automatable with APIs and scripts Available across multiple regions Manageable at scale IP address & topology independant Usage based utility pricing Marketplace transactable

AMI and agent deployment options Network and system visibility Proven reference architectures

Runs on AWS

> www.alertlogic.com

Case Study: Element Solutions

26

PROFILE• Subscription-based content management solutions

INFRASTRUCTURE• Deployments in three Amazon cloud regions

CHALLENGE• Meet client compliance requirements with security as

secure as on-premises data centers

SOLUTION • Alert Logic Threat Manager

HIGHLIGHTS• No physical appliances and no dedicated infrastructure

to manage• Rapid provisioning into Amazon cloud infrastructure

"I was very pleased with Alert Logic's responsive-ness… Due to their feedback we were able to effectively eliminate possible causes and find the real cause of the problem…. Threat Manager fits well with our hosted offerings.”

Len Buzyna, CTO

> www.alertlogic.com

Case Study: Spindle, Inc.

27

PROFILE• Payment service processor with card swipe solution for

mobile and ecommerce environments

INFRASTRUCTURE• Two cloud production environments

CHALLENGE• PCI Level One certification on Amazon Web Services

SOLUTION • Alert Logic Threat Manager

HIGHLIGHTS• Managed solution that doesn't require additional staff• Fluid interaction with other AWS tools

"The fact that Alert Logic monitors all traffic, and alerts us when there is an issue, is of great value to us. Threat Manager with ActiveWatch for AWS encompasses everything we need to protect our infrastructure on the Amazon cloud.”

Justin Clark, Head of Operations

> www.alertlogic.com 28

Download: www.alertlogic.com/csr

Twitter: @alertlogic #csr

Get the Report

> www.alertlogic.com

Solutions available in the AWS Marketplace

aws.amazon.com/marketplace/

> www.alertlogic.com

Thank you!

Questions

Contacts:Alert Logic Info:www.alertlogic.com/csr

AWS Contact: aws.amazon.com/contact-us

We appreciate your feedback on this presentation.

Please take a moment for a quick survey.