simulating enterprise applications on aws or google cloud for security testing
TRANSCRIPT
Simulating Enterprise Applications on AWS or Google Cloud for Security TestingAbhinav GuptaDirector Product & Solutions Marketing, Ravello Systems
Peter NguyenDirector Technical Marketing, LightCyber
Today’s speakers
Peter NguyenDirector Technical
MarketingLight Cyber
Abhinav GuptaDirector Product & Solutions
MarketingRavello Systems
Housekeeping
• Lots of great material to cover• All attendees on mute – please use the Q&A window for questions• Slides & recording will be shared at the end of the session• If you are already a Ravello user, please rate/review us on AWS
Marketplace
Agenda
• Challenges in replicating enterprise environments for effective security testing • Ravello Systems – platform for simulating enterprise applications for security testing
– Technology – nested virtualization & software defined networking overlay– Ravello – Live demo– Benefits
• How Light Cyber used Ravello to build Cyber Attack Training System (CATS)– Technology - physical or virtualized Behavioral Attack Detection platform– Benefits– Cyber Attack Training System (CATS) – Live Demo
• Questions & Answers
Ravello Systems
Herit
ageFounded 2011
Benny Schnaider and Rami TamirEx
perti
se
VirtualizationNetworking Storage
Prod
uct SaaS – overlay cloud on AWS that runs VMware & KVM
appliances with L2 networkingGA: Jan-2014
Public & Private Cloud
Inve
stor
s
A typical enterprise application, network, web is very sophisticated
Host
Host
Host~
Host
Host
Host~
Host
Host~
Host
Host
Host~
• Complex networking interconnect • Different types of VMs & appliances
mimicking real world scenarios
• Layer 2 networking• Isolated environments• Large scale
…
…
……
Ravello – a platform for cloning enterprise apps for security testing
Use existing or create new multi-tier environments
Quick-deployment – move environments to AWS/ Google Cloud ‘as-is’
Same networking interconnect as DC
On-demand capacity Global reach and scale Usage-based costs
Ravello’s nested virtualization platform with networking overlay enables VMware & KVM VMs / appliances to run with data-center like capabilities on AWS ‘as-is’ – without migration Nested
VirtualizationNetwork &
Storage Overlay
Self-contained capsule with same VMs & Networking
=+
AWS
same VMs & networking –
encapsulated and isolated
Technology that powers it all - HVX
Unmodified application environmentHigh performance nested virtualization and overlay network
• Runs VMware & KVM VMs and provides application networking services
• Exposes a clean Layer 2 networking to ‘Guest’ VMs
AWS EC2 / Google Compute Instancex86 hardware
AWS (Xen) / Google (KVM)
HVX
DHCPDNS
Software defined networking
Nested virtualization engine
VM VM VM VM
How it works – Ravello live demo
upload your VMs (VMware or KVM)
Ravello auto-discovers the network. {Edit if needed}
deploy to AWS / Google Cloud
spin up as many isolated copies as you need
Benefits of using Ravello
Automated deployment of security testing environment & other workloads through REST API support
Automation
Scalability Build enterprise environments to ‘real-world’ scale for effective testing
High Fidelity ‘Drag & drop’ creation of high fidelity copies of production environments security testing & training
On-demand Available on-demand – bringing cost economics of public cloud to security testing & training environments
Secure Capsule Isolated self-contained environments – prevent leakage into cloud
Usage based pricing – no upfront fees or commitment
VM
VMVM
VM
Total resources needed for sample 4 VM
application 8 vCPU/ 16 GB RAM$0.56 - $0.96
per hourincludes AWS price
Varies based on complexity of application
network and performance needs
Example: Each VM has 2vCPU and 4 GB RAM
LightCyber
Herit
age
Expe
rtis
ePr
oduc
tIn
vest
ors
Founded 2011Israel Defense Force
Cyber WarfareData Science
Magna Behavioral Attack Detection PlatformVersion 3.1 GA: Jan-2016
Shlomo Kramer
LightCyber Behavioral Attack Detection Platform
• Profiles and Learns What is Normal In Your Environment• Detects Anomalous Malware & Attacker Behavior • Integrated Remediation and Alerting
Network Appliance or Virtual Appliance for DPI
Agentless Endpoint Technology for Remote Analysis
LightCyber Hacker Simulation Challenge
Computer-1
Port Mirror
Healthcare’s Network
Goals: Provide a live environment for security professionals to learn about how an attacker operates
Shows how a compromised host and set of credentials can be used to learn and move around the network and access privileged data
Patient Records?
Participant Visibility: Screenshot Showing a Participant Successfully Completing Hacker Simulation Challenge
LightCyber CATS Benefits
Quickly created unique logins for all the participants
Automation
Scalability Provisioned 100s of real-world environments including Active Directory, File Shares, and Database
Participant Visibility
Security Visibility Virtualized network traffic was sent to Magna for analysis; separate network was used for Management and Pathfinder
Usability Blueprints enabled a snapshot of a baselined and profiled network
Platform enabled Trainer to “see” and “help” participants
Next Steps
2 mins
30 mins
depends on VMs
Identify a multi-VM environment
Sign up for Ravello free trial (2,880 CPU hours)
Technical call to familiarize with Ravello
Upload VMs
Call to check network, deploy, take a blueprint
Start using
15 mins
Questions?
Abhinav [email protected]
www.ravellosystems.com
Peter [email protected]
www.lightcyber.com