simulating enterprise applications on aws or google cloud for security testing
TRANSCRIPT
Simulating Enterprise Applications on AWS or Google Cloud for Security TestingAbhinav GuptaDirector Product & Solutions Marketing, Ravello Systems
Peter NguyenDirector Technical Marketing, LightCyber
Today’s speakers
Peter NguyenDirector Technical
MarketingLight Cyber
Abhinav GuptaDirector Product & Solutions
MarketingRavello Systems
Housekeeping
• Lots of great material to cover• All attendees on mute – please use the Q&A window for questions• Slides & recording will be shared at the end of the session• If you are already a Ravello user, please rate/review us on AWS
Marketplace
Agenda
• Challenges in replicating enterprise environments for effective security testing • Ravello Systems – platform for simulating enterprise applications for security testing
– Technology – nested virtualization & software defined networking overlay– Ravello – Live demo– Benefits
• How Light Cyber used Ravello to build Cyber Attack Training System (CATS)– Technology - physical or virtualized Behavioral Attack Detection platform– Benefits– Cyber Attack Training System (CATS) – Live Demo
• Questions & Answers
Ravello Systems
Herit
ageFounded 2011
Benny Schnaider and Rami TamirEx
perti
se
VirtualizationNetworking Storage
Prod
uct SaaS – overlay cloud on AWS that runs VMware & KVM
appliances with L2 networkingGA: Jan-2014
Public & Private Cloud
Inve
stor
s
Accurately cloning an enterprise environment is non-trivial
A typical enterprise application, network, web is very sophisticated
Host
Host
Host~
Host
Host
Host~
Host
Host~
Host
Host
Host~
• Complex networking interconnect • Different types of VMs & appliances
mimicking real world scenarios
• Layer 2 networking• Isolated environments• Large scale
…
…
……
Ravello – a platform for cloning enterprise apps for security testing
Use existing or create new multi-tier environments
Quick-deployment – move environments to AWS/ Google Cloud ‘as-is’
Same networking interconnect as DC
On-demand capacity Global reach and scale Usage-based costs
Ravello’s nested virtualization platform with networking overlay enables VMware & KVM VMs / appliances to run with data-center like capabilities on AWS ‘as-is’ – without migration Nested
VirtualizationNetwork &
Storage Overlay
Self-contained capsule with same VMs & Networking
=+
AWS
same VMs & networking –
encapsulated and isolated
Technology that powers it all - HVX
Unmodified application environmentHigh performance nested virtualization and overlay network
• Runs VMware & KVM VMs and provides application networking services
• Exposes a clean Layer 2 networking to ‘Guest’ VMs
AWS EC2 / Google Compute Instancex86 hardware
AWS (Xen) / Google (KVM)
HVX
DHCPDNS
Software defined networking
Nested virtualization engine
VM VM VM VM
How it works – Ravello live demo
upload your VMs (VMware or KVM)
Ravello auto-discovers the network. {Edit if needed}
deploy to AWS / Google Cloud
spin up as many isolated copies as you need
Benefits of using Ravello
Automated deployment of security testing environment & other workloads through REST API support
Automation
Scalability Build enterprise environments to ‘real-world’ scale for effective testing
High Fidelity ‘Drag & drop’ creation of high fidelity copies of production environments security testing & training
On-demand Available on-demand – bringing cost economics of public cloud to security testing & training environments
Secure Capsule Isolated self-contained environments – prevent leakage into cloud
Usage based pricing – no upfront fees or commitment
VM
VMVM
VM
Total resources needed for sample 4 VM
application 8 vCPU/ 16 GB RAM$0.56 - $0.96
per hourincludes AWS price
Varies based on complexity of application
network and performance needs
Example: Each VM has 2vCPU and 4 GB RAM
LightCyber
Herit
age
Expe
rtis
ePr
oduc
tIn
vest
ors
Founded 2011Israel Defense Force
Cyber WarfareData Science
Magna Behavioral Attack Detection PlatformVersion 3.1 GA: Jan-2016
Shlomo Kramer
LightCyber Behavioral Attack Detection Platform
• Profiles and Learns What is Normal In Your Environment• Detects Anomalous Malware & Attacker Behavior • Integrated Remediation and Alerting
Network Appliance or Virtual Appliance for DPI
Agentless Endpoint Technology for Remote Analysis
LightCyber Hacker Simulation Challenge
Computer-1
Port Mirror
Healthcare’s Network
Goals: Provide a live environment for security professionals to learn about how an attacker operates
Shows how a compromised host and set of credentials can be used to learn and move around the network and access privileged data
Patient Records?
Example of the LightCyber Cyber Attack Training System (CATS) Application on Ravello Systems
CATS – Live Demo
Participant Visibility: Screenshot Showing a Participant Successfully Completing Hacker Simulation Challenge
Security Visibility: Screenshot Showing Detection by Magna
Security Visibility: Screenshot Showing Detection by Magna
LightCyber CATS Benefits
Quickly created unique logins for all the participants
Automation
Scalability Provisioned 100s of real-world environments including Active Directory, File Shares, and Database
Participant Visibility
Security Visibility Virtualized network traffic was sent to Magna for analysis; separate network was used for Management and Pathfinder
Usability Blueprints enabled a snapshot of a baselined and profiled network
Platform enabled Trainer to “see” and “help” participants
Next Steps
2 mins
30 mins
depends on VMs
Identify a multi-VM environment
Sign up for Ravello free trial (2,880 CPU hours)
Technical call to familiarize with Ravello
Upload VMs
Call to check network, deploy, take a blueprint
Start using
15 mins
Questions?
Abhinav [email protected]
www.ravellosystems.com
Peter [email protected]
www.lightcyber.com
Thanks!