Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Managing Cloud Security:Intrusion Detection in PublicCloud Environments
Introduction• About the presenter   − Misha Govshteyn   − Founder & VP of Emerging Products at Alert Logic• Our topic toda...
Datapipe Cloud Services Stack                  3
Comprehensive Security IDS 2 Factor Authentication                     “Strong security controls are a Vulnerability Scann...
Why detect intrusions? Do you want to know if your webservers are making connections to botnet command & control servers? ...
Broad Cloud Adoption: Inhibitors                       6
Public Cloud Security ComplexitySecurity solutions must be built specifically for public cloud                      elasti...
AWS environment challenges    1    • Lack of network introspection facilities such as SPAN    2    • Ephemeral networking ...
Soft-Tap ArchitectureUnique approach to network security monitoring in EC2eth0                 eth0                 eth0  ...
Alert Logic for Amazon EC2 Enabling:                                                     IDS for        LM for        VA f...
Components  Customer EC2 Environment        Collection/Cloud Management System       Security Portal                      ...
Datapipe IDS for EC2: Setup Process                                API         TM        LM   SOC                         ...
Attack Scenario               SQL Injection               Attack               (this time               unsuccessful)    A...
What happens next Incident identified    Threat level   by correlation      escalated to 60       engine            out of...
Availability• In beta today with select customers• Available as a managed service for AWS customers  exclusively through D...
You’ve finished this document.
Download and read it offline.
Upcoming SlideShare
The rackspace difference v1 2016_10_03 (1)
Next
Upcoming SlideShare
The rackspace difference v1 2016_10_03 (1)
Next
Download to read offline and view in fullscreen.

Share

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

Download to read offline

With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

  1. 1. Managing Cloud Security:Intrusion Detection in PublicCloud Environments
  2. 2. Introduction• About the presenter − Misha Govshteyn − Founder & VP of Emerging Products at Alert Logic• Our topic today: − Deploying Network Intrusion Detection technologies in Amazon EC2 environment 2
  3. 3. Datapipe Cloud Services Stack 3
  4. 4. Comprehensive Security IDS 2 Factor Authentication “Strong security controls are a Vulnerability Scanning requirement for many mission-critical IT Integrity Monitoring workloads. Customers demand that service providers Configuration Assessment (Tripwire) address security as they move Firewall IT infrastructure to fully elastic public cloud environments” Antivirus Web Application Firewall - Joel Friedman, Datapipe CSO TDE – Transparent Database Encryption 4
  5. 5. Why detect intrusions? Do you want to know if your webservers are making connections to botnet command & control servers? Do you want to know if someone is running a vulnerability scan on you without your knowledge? Do you trust that your development teams and software vendors have eliminated 100% of SQL injection or other common attacks? 5
  6. 6. Broad Cloud Adoption: Inhibitors 6
  7. 7. Public Cloud Security ComplexitySecurity solutions must be built specifically for public cloud elastic scaling utility management pricing automation PUBLIC CLOUD SECURITY REQUIREMENTS = managed self-service operations provisioning Traditional “Big Box” third-party ownership Security Appliances are Dead Page 7 7
  8. 8. AWS environment challenges 1 • Lack of network introspection facilities such as SPAN 2 • Ephemeral networking means IP addresses cannot be used as host identifiers • Services must be tightly coupled to provisioning systems 3 via API to support auto-scaling and role-based management Building a scalable security cloud service requires new solutions specifically designed to operate for cloud environments 8
  9. 9. Soft-Tap ArchitectureUnique approach to network security monitoring in EC2eth0 eth0 eth0 eth0 eth0 Soft Soft Soft Soft Tap Tap IDS Tap Tap eth1 vpn eth1 vpn eth1 vpn vpn eth1 vpn eth1 VPN Transport 9
  10. 10. Alert Logic for Amazon EC2 Enabling: IDS for LM for VA for • Traffic monitoring via Cloud Cloud Cloud software-based network taps • Log collection via a software agents • Virtual appliances based data collection Virtual Appliances & Host Agents • Host agents that continuously track the state of monitored instances • Automated software and configuration Management API deployment via internal management APIs • Multi-tenant aware provisioning API for integration with service provider Provisioning API Provides: • Auto-scaling by tracking IP addresses of protected hosts • Load balancing & fail over between appliances • Transport-level data encryption • Centralized resource authorization via certificates for Amazon Web Services Page 10
  11. 11. Components Customer EC2 Environment Collection/Cloud Management System Security Portal Incident 11
  12. 12. Datapipe IDS for EC2: Setup Process API TM LM SOC Integration UI CMSDeploy certificates + + +Install softwarepackages andvirtual appliances VPN Transport
  13. 13. Attack Scenario SQL Injection Attack (this time unsuccessful) Attacker (me) VPN Transport 13
  14. 14. What happens next Incident identified Threat level by correlation escalated to 60 engine out of 100 Notification sent Incident to Datapipe investigated by security Alert Logic SOC Incident remediated by Attacker blocked Datapipe security at the firewall team 14
  15. 15. Availability• In beta today with select customers• Available as a managed service for AWS customers exclusively through Datapipe in early 2012 • RightScale enabled: bundled into ServerTemplates for automation • Auto-scaling support coming soon• Available as a self-service solution for AWS and other public clouds from Alert Logic in 1H 2012 Questions? Contact: @mgbits 15
  • YuryChemerkin

    Dec. 14, 2011
  • dlucky711

    Nov. 16, 2011

With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.

Views

Total views

6,047

On Slideshare

0

From embeds

0

Number of embeds

49

Actions

Downloads

128

Shares

0

Comments

0

Likes

2

×