SlideShare a Scribd company logo
1 of 34
Download to read offline
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Jason Cradit, VP of Information Services, Willbros Group
Matt Yanchyshyn, Solutions Architect, AWS
Dawn Smeaton, Director, AWS Security, Trend Micro
April 21, 2015
How Willbros Builds Securely
in AWS with Trend Micro
AWS Global Infrastructure
Application Services
Networking
Deployment & Administration
DatabaseStorageCompute
Amazon Web Services
(AWS) provides flexible,
scalable, and cost-
effective IT infrastructure
for businesses of all
sizes around the world.
What sets AWS apart?
Building and managing cloud since 2006
40+ services to support any cloud workload
History of rapid, customer-driven releases
11 regions, 28 availability zones, 53 edge locations
47 proactive price reductions to date
Thousands of partners; 1,900+ Marketplace products
Experience
Service Breadth & Depth
Pace of Innovation
Global Footprint
Pricing Philosophy
Ecosystem
“Increasingly, organizations are
asking what can’t go to the cloud,
rather than what can…”
Security is Job Zero at AWS
Facilities
Physical security
Physical infrastructure
Network infrastructure
Virtualization infrastructure
• SOC 1, SOC 2 & SOC 3
ISO 27001
• PCI Level 1
• FedRAMP
• AWS GovCloud (US)
• MPAA best practices alignment
Customer are running SOX, HIPAA, FISMA,
DIACAP MAC III sensitive ATO, ITAR, …
The Forrester Wave™:
Public Cloud Platform
Service Providers'
Security, Q4 2014
The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of
Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted
using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor,
product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect
judgment at the time and are subject to change.
Security with AWS
Auditability Visibility Control
Compliance reports Amazon CloudWatch
AWS CloudTrail
AWS Config
“Describe” APIs
AWS IAM
AWS CloudHSM
AWS CloudFormation
AWS KMS
Defense-in-depth
Security groups
VPC configuration
Network
Web application
firewalls
Bastion hosts
Encryption
in-transit
Hardened AMIs
OS and app
patch mgmt.
IAM roles for EC2
IAM credentials
Systemsecurity
Logical access
controls
User authentication
Encryption
at-rest
Datasecurity
AWS compliance
program
Third-party
attestations
Physical
Encryption: data at rest in AWS
EBS
Volume encryption
EBS encryption OS tools
AWS
marketplace/partner
Object encryption
S3 server side
encryption (sse)
S3 SSE w/ customer
provided keys Client-side encryption
Database encryption
Amazon
Redshift
encryption
RDS
PostgreSQL
KMS
RDS
MYSQL
KMS
RDS
ORACLE
TDE/HSM
RDS MSSQL
TDE
AWS Identity and Access Management (IAM)
Multi-factor authentication
AWS Identify and
Access Management
Temporary Credentials
User
Groups
Roles
User User Hardware Software
IAM AWS administrative users
Root accountPolicies
Enforce the principle of least privilege
Security Groups and NACLs
Security Groups
• Instance level, stateful
• ALLOW rules only
• Default deny inbound, allow outbound
• Use as “whitelist” – least privilege
NACLs
• Subnet level, stateless
• ALLOW and DENY
• Default allow all
• Use as “blacklist”/“guardrails”(port 135,21,23…)
Separation of duties. Changes audited via AWS CloudTrail
Physical Interfaces
Customer 1
Hypervisor
Customer 2 Customer n
…
…
Virtual Interfaces
Firewall
Customer 1
Security Groups
Customer 2
Security Groups
Customer n
Security Groups
Security Groups
Configure and harden EC2 instances based on
security and compliance needsforce
consistent security on your hosts
Launch
instance
EC2
AMI catalog Running instance
Your instance
Hardening
Audit and logging
Vulnerability management
Malware and HIPS
Whitelisting and integrity
User administration
Operating system
Configure
instance
Host-based protection software
Restrict access where possible
Connect to existing services
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Jason Cradit
April 21st 2015
Oil and Gas Asset Security
Learn How Willbros Created Secure & Flexible
Solutions with Trend Micro
Agenda
• Who is Willbros
• Willbros Integrity use-cases
• Security architecture and design considerations
Willbros
Willbros Group, Inc. is a global contractor specializing in energy infrastructure
serving the oil, gas and power industries. Our offerings include engineering,
procurement and construction, refinery turnarounds, pipeline construction, pipeline
integrity management, GIS consulting and other specialty services to industry and
government entities worldwide.
Willbros Integrity Use-Cases
Pipeline Routing
Pipeline Routing
Analytical routing solution
• Land owners vs. corridors
• Wetlands or other crossings
• Populated areas
• Slope or ground rock
• Federal or conserved lands
Old time vs. new time
• 10x improvement!!
Integra Link
• Assets are bought and sold
• Who made it? Where is it? When was it maintained?
• Assets are replaced (or need to be)
• Asset classifications change in the world
• Lag time back to office
Integra Link
Collaboration
• Field, Office, and Partners
• Visualization
• Risk
• Location
Requirements
• Fast and familiar (secure)
• One version of the truth
Basic Infrastructure
Infrastructure
• VDI
• Web
• Dev
• Archive
Build and deploy promptly
• Project based IT costs
• Agile elasticity
Architecting for Security
Information Security
Confidentiality
Only those that should have access, do.
Integrity
Only those that should modify it, can.
Availability
The service and information is there when you need it.
Security Reference Architecture
IDS/IPS FW WebServer FWInternet
Bad dude
Logs
Monitor
Security: In the old world
• Minimize egress/ingress
• Protections at the perimeter – impossible math
• Once the bad dude is in, he is in
• IDS definitions are BROAD!
• Lots to manage
• Endpoint, physical perimeter, network, server…etc…
• Scale vs. cost vs. security
• Scary patch cycles
• Could just implement this in the cloud
• Agility and scale, price
Security: In the old world
Brown fields:
• Bolt-on, forklift or remove (or $$$$)
• Incident response
• Keep service up vs. drop service to mitigate vulnerability
• Lessons learned are road-mapped
• Resources to manage the old and the new
• Rigorous change control processes
• Disaster recovery expense
• Manual testing not representative of actual failure
Security: New world
No physical, just logical
Multiple ingress/egress
Containerization
Protection closer to the information
Only necessary protections
Shared security analytics
Security: New world
Internet
Bad dude LogsMonitor
Security: New world
Always Green fields:
• Lessons learned enacted now
• DR testing and implemented as code
• IR failover or rebuild but retain old for investigation
• Manage scope
• One environment doesn’t impact another
• No cookie-cutters
• One new problem…
Trend Micro
Security with Trend
• Detect and enforce at the account level
• Auto load policy
• Alert on new or unsecured environments
• Reduce attack vectors by narrowing scope
• Improved 0-day hole
• Parallel IDS/IPS at each host
• File Integrity Management
• Log Inspection
Green or brown
Brown Green
Trend Micro Deep Security Protection
Defend against network attacks
Virtually patch software
Keep malware off workloads
Uncover suspicious changes
Copyright 2015 Trend Micro Inc.
Simplify your life with a single security solution, built for
AWS
Fits How You Want to Buy and Deploy
AWS Marketplace SoftwareSoftware as a Service
On your AWS bill
for simplified
procurement & billing
Annual license
for hybrid
environments or
maximum control
Usage based pricing
for small instances or
variable workloads
Copyright 2015 Trend Micro Inc.
aws.trendmicro.com

More Related Content

What's hot

Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSDevOps.com
 
Devops lifecycle with Kabanero Appsody, Codewind, Tekton
Devops lifecycle with Kabanero Appsody, Codewind, TektonDevops lifecycle with Kabanero Appsody, Codewind, Tekton
Devops lifecycle with Kabanero Appsody, Codewind, TektonWinton Winton
 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the boxKangaroot
 
Hypervisor "versus" Linux Containers with Docker !
Hypervisor "versus" Linux Containers with Docker !Hypervisor "versus" Linux Containers with Docker !
Hypervisor "versus" Linux Containers with Docker !Francisco Gonçalves
 
How are containers enabling 20th Century Fox to release the next great movie?
How are containers enabling 20th Century Fox to release the next great movie?How are containers enabling 20th Century Fox to release the next great movie?
How are containers enabling 20th Century Fox to release the next great movie?Docker, Inc.
 
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red HatContainers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red HatAmazon Web Services
 
Red Hhat Summit 2017 : Love Containers, Love Devops, Love Openshift, Where's ...
Red Hhat Summit 2017 : Love Containers, Love Devops, Love Openshift, Where's ...Red Hhat Summit 2017 : Love Containers, Love Devops, Love Openshift, Where's ...
Red Hhat Summit 2017 : Love Containers, Love Devops, Love Openshift, Where's ...Daniel Oh
 
OpenShift Overview - Red Hat Open School 2017
OpenShift Overview - Red Hat Open School 2017OpenShift Overview - Red Hat Open School 2017
OpenShift Overview - Red Hat Open School 2017Rodolfo Carvalho
 
Introducing github.com/open-cluster-management – How to deliver apps across c...
Introducing github.com/open-cluster-management – How to deliver apps across c...Introducing github.com/open-cluster-management – How to deliver apps across c...
Introducing github.com/open-cluster-management – How to deliver apps across c...Michael Elder
 
DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1Docker, Inc.
 
Enterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalEnterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalQAware GmbH
 
DockerCon 18 Cool Hacks: solo.io
DockerCon 18 Cool Hacks:  solo.ioDockerCon 18 Cool Hacks:  solo.io
DockerCon 18 Cool Hacks: solo.ioDocker, Inc.
 
PKS - Solving Complexity for Modern Data Workloads
PKS - Solving Complexity for Modern Data Workloads PKS - Solving Complexity for Modern Data Workloads
PKS - Solving Complexity for Modern Data Workloads Carlos Andrés García
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics sbbabu
 
Dockercon eu tour 2015 - Devoxx Casablanca
Dockercon eu tour 2015 - Devoxx CasablancaDockercon eu tour 2015 - Devoxx Casablanca
Dockercon eu tour 2015 - Devoxx CasablancaMichel Courtine
 
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Ashnikbiz
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 
OPEN SOURCE TECHNOLOGY: Docker Containers on IBM Bluemix
OPEN SOURCE TECHNOLOGY: Docker Containers on IBM BluemixOPEN SOURCE TECHNOLOGY: Docker Containers on IBM Bluemix
OPEN SOURCE TECHNOLOGY: Docker Containers on IBM BluemixDA SILVA, MBA
 
2015 DockeCon monitoring presentation
2015 DockeCon monitoring presentation2015 DockeCon monitoring presentation
2015 DockeCon monitoring presentationBrian Christner
 

What's hot (20)

Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNS
 
Devops lifecycle with Kabanero Appsody, Codewind, Tekton
Devops lifecycle with Kabanero Appsody, Codewind, TektonDevops lifecycle with Kabanero Appsody, Codewind, Tekton
Devops lifecycle with Kabanero Appsody, Codewind, Tekton
 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box
 
Hypervisor "versus" Linux Containers with Docker !
Hypervisor "versus" Linux Containers with Docker !Hypervisor "versus" Linux Containers with Docker !
Hypervisor "versus" Linux Containers with Docker !
 
How are containers enabling 20th Century Fox to release the next great movie?
How are containers enabling 20th Century Fox to release the next great movie?How are containers enabling 20th Century Fox to release the next great movie?
How are containers enabling 20th Century Fox to release the next great movie?
 
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red HatContainers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
Containers Anywhere with OpenShift by Red Hat - Session Sponsored by Red Hat
 
Red Hhat Summit 2017 : Love Containers, Love Devops, Love Openshift, Where's ...
Red Hhat Summit 2017 : Love Containers, Love Devops, Love Openshift, Where's ...Red Hhat Summit 2017 : Love Containers, Love Devops, Love Openshift, Where's ...
Red Hhat Summit 2017 : Love Containers, Love Devops, Love Openshift, Where's ...
 
OpenShift Overview - Red Hat Open School 2017
OpenShift Overview - Red Hat Open School 2017OpenShift Overview - Red Hat Open School 2017
OpenShift Overview - Red Hat Open School 2017
 
Introducing github.com/open-cluster-management – How to deliver apps across c...
Introducing github.com/open-cluster-management – How to deliver apps across c...Introducing github.com/open-cluster-management – How to deliver apps across c...
Introducing github.com/open-cluster-management – How to deliver apps across c...
 
Cloud-native Data
Cloud-native DataCloud-native Data
Cloud-native Data
 
DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1
 
Enterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalEnterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New Normal
 
DockerCon 18 Cool Hacks: solo.io
DockerCon 18 Cool Hacks:  solo.ioDockerCon 18 Cool Hacks:  solo.io
DockerCon 18 Cool Hacks: solo.io
 
PKS - Solving Complexity for Modern Data Workloads
PKS - Solving Complexity for Modern Data Workloads PKS - Solving Complexity for Modern Data Workloads
PKS - Solving Complexity for Modern Data Workloads
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
 
Dockercon eu tour 2015 - Devoxx Casablanca
Dockercon eu tour 2015 - Devoxx CasablancaDockercon eu tour 2015 - Devoxx Casablanca
Dockercon eu tour 2015 - Devoxx Casablanca
 
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
 
OPEN SOURCE TECHNOLOGY: Docker Containers on IBM Bluemix
OPEN SOURCE TECHNOLOGY: Docker Containers on IBM BluemixOPEN SOURCE TECHNOLOGY: Docker Containers on IBM Bluemix
OPEN SOURCE TECHNOLOGY: Docker Containers on IBM Bluemix
 
2015 DockeCon monitoring presentation
2015 DockeCon monitoring presentation2015 DockeCon monitoring presentation
2015 DockeCon monitoring presentation
 

Viewers also liked

An introduction to AWS Direct Connect
An introduction to AWS Direct ConnectAn introduction to AWS Direct Connect
An introduction to AWS Direct ConnectJulien SIMON
 
Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...
Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...
Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...Amazon Web Services
 
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...Amazon Web Services
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureAymen Mami
 
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...Amazon Web Services
 
AWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS FailoverAWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS FailoverAmazon Web Services
 
(SDD408) Amazon Route 53 Deep Dive: Delivering Resiliency, Minimizing Latency...
(SDD408) Amazon Route 53 Deep Dive: Delivering Resiliency, Minimizing Latency...(SDD408) Amazon Route 53 Deep Dive: Delivering Resiliency, Minimizing Latency...
(SDD408) Amazon Route 53 Deep Dive: Delivering Resiliency, Minimizing Latency...Amazon Web Services
 
AWS Security & Compliance in the AWS Cloud IP Expo 2013
AWS Security & Compliance in the AWS Cloud IP Expo 2013AWS Security & Compliance in the AWS Cloud IP Expo 2013
AWS Security & Compliance in the AWS Cloud IP Expo 2013Amazon Web Services
 
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Amazon Web Services
 
AWS re:Invent 2016: Reinventing Disaster Recovery Leveraging AWS Cloud Infras...
AWS re:Invent 2016: Reinventing Disaster Recovery Leveraging AWS Cloud Infras...AWS re:Invent 2016: Reinventing Disaster Recovery Leveraging AWS Cloud Infras...
AWS re:Invent 2016: Reinventing Disaster Recovery Leveraging AWS Cloud Infras...Amazon Web Services
 
(DEV310) CI/CD of Services with Mocking & Resiliency Testing Using AWS
(DEV310) CI/CD of Services with Mocking & Resiliency Testing Using AWS(DEV310) CI/CD of Services with Mocking & Resiliency Testing Using AWS
(DEV310) CI/CD of Services with Mocking & Resiliency Testing Using AWSAmazon Web Services
 
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...Amazon Web Services
 
(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53
(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53
(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53Amazon Web Services
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 

Viewers also liked (16)

Container Patterns
Container PatternsContainer Patterns
Container Patterns
 
An introduction to AWS Direct Connect
An introduction to AWS Direct ConnectAn introduction to AWS Direct Connect
An introduction to AWS Direct Connect
 
Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...
Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...
Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...
 
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft Azure
 
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summi...
 
AWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS FailoverAWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS Failover
 
(SDD408) Amazon Route 53 Deep Dive: Delivering Resiliency, Minimizing Latency...
(SDD408) Amazon Route 53 Deep Dive: Delivering Resiliency, Minimizing Latency...(SDD408) Amazon Route 53 Deep Dive: Delivering Resiliency, Minimizing Latency...
(SDD408) Amazon Route 53 Deep Dive: Delivering Resiliency, Minimizing Latency...
 
AWS Security & Compliance in the AWS Cloud IP Expo 2013
AWS Security & Compliance in the AWS Cloud IP Expo 2013AWS Security & Compliance in the AWS Cloud IP Expo 2013
AWS Security & Compliance in the AWS Cloud IP Expo 2013
 
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
 
AWS re:Invent 2016: Reinventing Disaster Recovery Leveraging AWS Cloud Infras...
AWS re:Invent 2016: Reinventing Disaster Recovery Leveraging AWS Cloud Infras...AWS re:Invent 2016: Reinventing Disaster Recovery Leveraging AWS Cloud Infras...
AWS re:Invent 2016: Reinventing Disaster Recovery Leveraging AWS Cloud Infras...
 
Architecting for Resiliency
Architecting for ResiliencyArchitecting for Resiliency
Architecting for Resiliency
 
(DEV310) CI/CD of Services with Mocking & Resiliency Testing Using AWS
(DEV310) CI/CD of Services with Mocking & Resiliency Testing Using AWS(DEV310) CI/CD of Services with Mocking & Resiliency Testing Using AWS
(DEV310) CI/CD of Services with Mocking & Resiliency Testing Using AWS
 
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
 
(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53
(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53
(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 

Similar to AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro

(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...Amazon Web Services
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...Amazon Web Services Korea
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Phil Copperwheat
 
Financial impact of Cloud Computing
Financial impact of Cloud ComputingFinancial impact of Cloud Computing
Financial impact of Cloud Computingkrisbliesner
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance   wwps pre-day sao paolo - markry1. aws security and compliance   wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology GovernanceAlert Logic
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
AWS Public Sector Symposium 2014 Canberra | Getting Started with AWS for Gove...
AWS Public Sector Symposium 2014 Canberra | Getting Started with AWS for Gove...AWS Public Sector Symposium 2014 Canberra | Getting Started with AWS for Gove...
AWS Public Sector Symposium 2014 Canberra | Getting Started with AWS for Gove...Amazon Web Services
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing OverviewManju Srinivas
 
Virtualization and cloud computing
Virtualization and cloud computingVirtualization and cloud computing
Virtualization and cloud computingDeep Gupta
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud SecurityRightScale
 
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAmazon Web Services
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for EnterprisesAmazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 

Similar to AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro (20)

(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
 
Financial impact of Cloud Computing
Financial impact of Cloud ComputingFinancial impact of Cloud Computing
Financial impact of Cloud Computing
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance   wwps pre-day sao paolo - markry1. aws security and compliance   wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology Governance
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
AWS Public Sector Symposium 2014 Canberra | Getting Started with AWS for Gove...
AWS Public Sector Symposium 2014 Canberra | Getting Started with AWS for Gove...AWS Public Sector Symposium 2014 Canberra | Getting Started with AWS for Gove...
AWS Public Sector Symposium 2014 Canberra | Getting Started with AWS for Gove...
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing Overview
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Virtualization and cloud computing
Virtualization and cloud computingVirtualization and cloud computing
Virtualization and cloud computing
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security
 
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
The Tightrope for K12 IT
The Tightrope for K12 ITThe Tightrope for K12 IT
The Tightrope for K12 IT
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 

Recently uploaded (20)

Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 

AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jason Cradit, VP of Information Services, Willbros Group Matt Yanchyshyn, Solutions Architect, AWS Dawn Smeaton, Director, AWS Security, Trend Micro April 21, 2015 How Willbros Builds Securely in AWS with Trend Micro
  • 2. AWS Global Infrastructure Application Services Networking Deployment & Administration DatabaseStorageCompute Amazon Web Services (AWS) provides flexible, scalable, and cost- effective IT infrastructure for businesses of all sizes around the world.
  • 3. What sets AWS apart? Building and managing cloud since 2006 40+ services to support any cloud workload History of rapid, customer-driven releases 11 regions, 28 availability zones, 53 edge locations 47 proactive price reductions to date Thousands of partners; 1,900+ Marketplace products Experience Service Breadth & Depth Pace of Innovation Global Footprint Pricing Philosophy Ecosystem
  • 4. “Increasingly, organizations are asking what can’t go to the cloud, rather than what can…”
  • 5. Security is Job Zero at AWS Facilities Physical security Physical infrastructure Network infrastructure Virtualization infrastructure • SOC 1, SOC 2 & SOC 3 ISO 27001 • PCI Level 1 • FedRAMP • AWS GovCloud (US) • MPAA best practices alignment Customer are running SOX, HIPAA, FISMA, DIACAP MAC III sensitive ATO, ITAR, …
  • 6. The Forrester Wave™: Public Cloud Platform Service Providers' Security, Q4 2014 The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
  • 7. Security with AWS Auditability Visibility Control Compliance reports Amazon CloudWatch AWS CloudTrail AWS Config “Describe” APIs AWS IAM AWS CloudHSM AWS CloudFormation AWS KMS
  • 8. Defense-in-depth Security groups VPC configuration Network Web application firewalls Bastion hosts Encryption in-transit Hardened AMIs OS and app patch mgmt. IAM roles for EC2 IAM credentials Systemsecurity Logical access controls User authentication Encryption at-rest Datasecurity AWS compliance program Third-party attestations Physical
  • 9. Encryption: data at rest in AWS EBS Volume encryption EBS encryption OS tools AWS marketplace/partner Object encryption S3 server side encryption (sse) S3 SSE w/ customer provided keys Client-side encryption Database encryption Amazon Redshift encryption RDS PostgreSQL KMS RDS MYSQL KMS RDS ORACLE TDE/HSM RDS MSSQL TDE
  • 10. AWS Identity and Access Management (IAM) Multi-factor authentication AWS Identify and Access Management Temporary Credentials User Groups Roles User User Hardware Software IAM AWS administrative users Root accountPolicies Enforce the principle of least privilege
  • 11. Security Groups and NACLs Security Groups • Instance level, stateful • ALLOW rules only • Default deny inbound, allow outbound • Use as “whitelist” – least privilege NACLs • Subnet level, stateless • ALLOW and DENY • Default allow all • Use as “blacklist”/“guardrails”(port 135,21,23…) Separation of duties. Changes audited via AWS CloudTrail Physical Interfaces Customer 1 Hypervisor Customer 2 Customer n … … Virtual Interfaces Firewall Customer 1 Security Groups Customer 2 Security Groups Customer n Security Groups Security Groups
  • 12. Configure and harden EC2 instances based on security and compliance needsforce consistent security on your hosts Launch instance EC2 AMI catalog Running instance Your instance Hardening Audit and logging Vulnerability management Malware and HIPS Whitelisting and integrity User administration Operating system Configure instance Host-based protection software Restrict access where possible Connect to existing services
  • 13. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jason Cradit April 21st 2015 Oil and Gas Asset Security Learn How Willbros Created Secure & Flexible Solutions with Trend Micro
  • 14. Agenda • Who is Willbros • Willbros Integrity use-cases • Security architecture and design considerations
  • 15. Willbros Willbros Group, Inc. is a global contractor specializing in energy infrastructure serving the oil, gas and power industries. Our offerings include engineering, procurement and construction, refinery turnarounds, pipeline construction, pipeline integrity management, GIS consulting and other specialty services to industry and government entities worldwide.
  • 18. Pipeline Routing Analytical routing solution • Land owners vs. corridors • Wetlands or other crossings • Populated areas • Slope or ground rock • Federal or conserved lands Old time vs. new time • 10x improvement!!
  • 19. Integra Link • Assets are bought and sold • Who made it? Where is it? When was it maintained? • Assets are replaced (or need to be) • Asset classifications change in the world • Lag time back to office
  • 20. Integra Link Collaboration • Field, Office, and Partners • Visualization • Risk • Location Requirements • Fast and familiar (secure) • One version of the truth
  • 21. Basic Infrastructure Infrastructure • VDI • Web • Dev • Archive Build and deploy promptly • Project based IT costs • Agile elasticity
  • 23. Information Security Confidentiality Only those that should have access, do. Integrity Only those that should modify it, can. Availability The service and information is there when you need it.
  • 24. Security Reference Architecture IDS/IPS FW WebServer FWInternet Bad dude Logs Monitor
  • 25. Security: In the old world • Minimize egress/ingress • Protections at the perimeter – impossible math • Once the bad dude is in, he is in • IDS definitions are BROAD! • Lots to manage • Endpoint, physical perimeter, network, server…etc… • Scale vs. cost vs. security • Scary patch cycles • Could just implement this in the cloud • Agility and scale, price
  • 26. Security: In the old world Brown fields: • Bolt-on, forklift or remove (or $$$$) • Incident response • Keep service up vs. drop service to mitigate vulnerability • Lessons learned are road-mapped • Resources to manage the old and the new • Rigorous change control processes • Disaster recovery expense • Manual testing not representative of actual failure
  • 27. Security: New world No physical, just logical Multiple ingress/egress Containerization Protection closer to the information Only necessary protections Shared security analytics
  • 29. Security: New world Always Green fields: • Lessons learned enacted now • DR testing and implemented as code • IR failover or rebuild but retain old for investigation • Manage scope • One environment doesn’t impact another • No cookie-cutters • One new problem…
  • 30. Trend Micro Security with Trend • Detect and enforce at the account level • Auto load policy • Alert on new or unsecured environments • Reduce attack vectors by narrowing scope • Improved 0-day hole • Parallel IDS/IPS at each host • File Integrity Management • Log Inspection
  • 32. Trend Micro Deep Security Protection Defend against network attacks Virtually patch software Keep malware off workloads Uncover suspicious changes Copyright 2015 Trend Micro Inc. Simplify your life with a single security solution, built for AWS
  • 33. Fits How You Want to Buy and Deploy AWS Marketplace SoftwareSoftware as a Service On your AWS bill for simplified procurement & billing Annual license for hybrid environments or maximum control Usage based pricing for small instances or variable workloads Copyright 2015 Trend Micro Inc.