security techtalk | aws public sector summit 2016
TRANSCRIPT
![Page 1: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
June 21st, 2016
AWS Talk: SecurityNikola Bozinovic, CEO, Frame
Matt Keil, Director of Product Marketing, Palo Alto NetworksMichael Schmidt, Founder & CTO, Nutonian
![Page 2: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/2.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Nikola Bozinovic, CEO Frame
June 21, 2016
Cloud, Security & the End of the Desktop
![Page 3: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/3.jpg)
Millions of cyber-attacks happen every day
![Page 4: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/4.jpg)
How will you manage and secure your IT environment?
![Page 5: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/5.jpg)
IT used to be simple(r)
![Page 6: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/6.jpg)
Today
![Page 7: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/7.jpg)
Virtual Desktops and Apps
Apps running on PCs
PHYSICAL DESKTOP MODEL
![Page 8: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/8.jpg)
Virtual Desktops and Apps
Datacenter Clients
VIRTUAL DESKTOP MODEL (VDI)PHYSICAL DESKTOP MODEL
Apps running on PCs
Apps runningin the datacenter
Stream pixels to clients
![Page 9: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/9.jpg)
Problems with VDI
Complicated Expensive Doesn’t work that well
Because of this, less than 5% of the world’s desktops have been virtualized.
Requires months (or years) of
training
$100,000 to start (buy servers and
software)
Low performance, poor user
experience
![Page 10: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/10.jpg)
Cloud changes everything
PC
Datacenter (VDI)
Cloud
Question: Can we move to the cloud with legacy VDI?
![Page 11: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/11.jpg)
“If we design this architecture and just continue to do business as usual, it will be an absolute waste of money. It’s like designing the autobahn with the horse
and buggy.”
![Page 12: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/12.jpg)
“If we design this architecture and just continue to do business as usual, it will be an absolute waste of money. It’s like designing the autobahn with the horse
and buggy.”
Lt. Gen. Vincent Stewart, DIA Director
![Page 13: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/13.jpg)
What is Frame?
Frame is a secure cloud platform that lets organizations deliver amazing experiences
to users on all connected devices.
Pixels
user input
![Page 14: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/14.jpg)
Revolution in end-user computing
Founded in 2012Headquartered in San Mateo, CAPlatform of choice for top Windows ISVs and Enterprises www.fra.me
![Page 15: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/15.jpg)
Most demanding customers pick Frame
![Page 16: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/16.jpg)
Cloud IaaS Faster, more reliable networks
The rise of “dumb terminals”
BYODHTML5 browsers
Data gravity Frame Protocol(H.264 + QOS)
Frame Platform(orchestration)
Frame Product (U/X)
Convergence of technologies makes it possible to deliver apps remotely from the cloud at hyper-scale.
2008
2016 VDI
Why now
![Page 17: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/17.jpg)
* Infrastructure is managed through Frame. Customers can choose the configuration that works best for you based on performance, cost, and location.
2. Pick infrastructure*
(Compute & Graphics)
AWS
1. Bring your apps(Windows or Linux )
4. Connect files (Cloud storage)
3. Authorize users(Configure SSO)
5. Deliver to users (Any location, any device)
Public
AD
How it works
AWSC2S
![Page 18: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/18.jpg)
Self-service onboarding, system management, usage and in-app analytics.
CPANEL
APP STORE
Persistent data, Storage User identity (SSO), Authentication
HTML5 terminal, native Win/OSX terminals, Touch U/X, HID support…
TERMINALSMarketing, access rights,, metering, billing…
CONNECTORSPROTOCOLVideo (h.264-based) protocol, QOS, content-adaptive, encoding WAN optimization, collaboration
Full-stack solution
Apps
Users
PUBLIC CLOUD
IDENTITY (SSO)
STORAGE
AWS AWSGovCloud
Infrastructure
Integrations
GOV. CLOUD
PLATFORMOrchestration, brokering, security, geographical distribution, high-availability, scaling,…
FRAME
AD/ADFS
Custom
Technology
S3/EBS
AWSC2S cloud
C2S
![Page 19: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/19.jpg)
The LaunchpadThe DashboardWhere users go to run appsWhere admins go to install and manage apps
Super adminWhere you go to create and manage teams
Beautiful, Intuitive Interface
![Page 20: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/20.jpg)
Optimized infrastructure management
Modern, developer friendly
Scalable, multi-tenant platform
Custom workflows and
blueprints
Rich APIs for instant integration
Optimized capacity usageUp to 90% savings
Best of breedworkflow solutions
How is Frame different from VDI?
Web scale app delivery
platform
![Page 21: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/21.jpg)
“Frame is the future of both software distribution and personal computing in the post-mobile era I’m going to
call ubiquitous computing.”Bob Cringely,
Learn more at [email protected]
![Page 22: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/22.jpg)
Thank you
![Page 23: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/23.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Matt Keil, Director of Product Marketing, Public Cloud, Palo Alto Networks
June 21, 2016
Cloud First! Now What?VM-Series for AWS GovCloud (US): Securely enabling
Cloud First Directives
![Page 24: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/24.jpg)
The Threat Lifecycle Remains Unchanged
SPEAR PHISHING EMAIL
EXPLOITKIT
or
INFECTUSER
MOVE ACROSSTHE NETWORK
FIND THETARGET
ADVERSARY COMMANDS
STEALDATA
$
BUILDBOTNETS
HARVEST BITCOIN
![Page 25: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/25.jpg)
Cloud First Security Considerations
1. Know and understand what apps are in use
2. Adopt a prevention architecture in the cloud
3. Strive for consistency, automate where possible
25 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 26: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/26.jpg)
Reduce Your Threat Footprint
• Security groups + next-gen firewall = app visibility, regardless of port• Whitelist apps to leverage the firewall “deny-all-else” premise• Grant application access based on user identity and need
26 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 27: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/27.jpg)
• Policies keep apps and data separate = improved security, compliance• Prevent threats from moving laterally, block exfiltration efforts
27 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Segmentation = A Prevention Architecture
AppDev
App Data
AppTest
App Data
App Production
App Data
![Page 28: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/28.jpg)
• Centrally manage policies = consistency from the network to the cloud• Automation ensures security keeps pace with cloud first initiatives
Policy Consistency and Automation
Control apps | Segment | Prevent threats
ContentUsersApps
![Page 29: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/29.jpg)
Takeaways
1. Knowledge of apps, content, user is key
2. Segmentation + prevention = improved security posture
3. Policy consistency = agnostic workload location
29 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 30: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/30.jpg)
30 | © 2015, Palo Alto Networks. Confidential and Proprietary.
![Page 31: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/31.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you
![Page 32: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/32.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Michael Schmidt, Founder & CTO, Nutonian
June 21, 2016
Discovering Threat Patterns in Chaotic Security Data
![Page 33: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/33.jpg)
© 2016 Nutonian. Confidential and Proprietary.
Founded out of the Cornell Artificial Intelligence Lab in 2011, Nutonian empowers blue-chip companies to extract meaning from chaos. Its proprietary A.I.-powered modeling engine, Eureqa, analyzes vast amounts of structured data billions of times per second to build the most accurate and actionable models.
Data Modeling Explanation Action
Industrializing Data Science
![Page 34: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/34.jpg)
© 2016 Nutonian. Confidential and Proprietary.
The “Eureqa” Moment
Schmidt M., Lipson H. (2009) "Distilling Free-Form Natural Laws from Experimental Data," Science, Vol. 324, no. 5923, pp. 81 - 85.
Algorithms distill laws of physics from chaotic systems(published in Science 2009)
![Page 35: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/35.jpg)
Explain Unleash
Connect Model
…
© 2016 Nutonian. Confidential and Proprietary.
![Page 36: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/36.jpg)
![Page 37: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/37.jpg)
Massively parallel analysis
© 2016 Nutonian. Confidential and Proprietary.
Search
Kernel
Computation tests billions of independent models on the data
Search
Kernel
● Low bandwidth -- transferring solutions● High latency -- no control flow dependencies
Compute Server 1
Search
Kernel
Search
Kernel
CPU Cores
Search
Kernel
Search
Kernel
Compute Server 2
Search
Kernel
Search
Kernel
CPU Cores
Search
Kernel
Search
Kernel
Compute Server N
Search
Kernel
Search
Kernel
CPU Cores
...
![Page 38: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/38.jpg)
• Predict finish positions of the 2016 Kentucky Derby
• Expose relationships between running style, speed, and trainer record
• Predicted winner, and 4 out of top 5 horses– Winning Exacta (30:1 odds), – Winning Trifecta (87:1)– Winning Superfecta (542:1)
Machine Intelligence in Action
1. Nyquist2. Gun Runner3. Exaggerator4. Creator5. Mohaymen
• Standardized live odds probability• Speed over the past two races• Post position• Racing style• Track conditions
http://performancegenetics.com/machine-learning-algorithm-crushed-kentucky-derby/
© 2016 Nutonian. Confidential and Proprietary.
![Page 39: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/39.jpg)
Intrusion Detection
Vulnerability Assessment
Firewall Log Data
HTTP Proxy Log Data
More sources
SIEMSplunk / ArcSight
EureqaAI App
ArchitectureSecurity Analyst
© 2016 Nutonian. Confidential and Proprietary.
![Page 40: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/40.jpg)
Use Case - Industrial Control Systems• Differentiate between naturally occurring events and those
caused by a malicious actor on a set of power transmission lines
*Dataset dev. by Mississippi State University and Oak Ridge National Laboratory
ImpedanceRelay Status FlagVoltage Phase Angle
CurrentCurrent Phase Angle
© 2016 Nutonian. Confidential and Proprietary.
![Page 41: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/41.jpg)
Twitter: @Nutonian Blog: http://blog.nutonian.com
Michael SchmidtFounder & CTO, [email protected]
Conclusions
www.nutonian.com
• Machine Intelligence extracts meaning from data• Companies already employing Machine Intelligence today• Many new applications ahead of us
© 2016 Nutonian. Confidential and Proprietary.
![Page 42: Security TechTalk | AWS Public Sector Summit 2016](https://reader035.vdocuments.us/reader035/viewer/2022070603/586fb3f31a28abe57d8b6ed1/html5/thumbnails/42.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you