SlideShare a Scribd company logo

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

Download as PPTX, PDF
Alert Logic
Alert Logic

With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.

Technology
1 of 15
Managing Cloud Security: Intrusion Detection in Public Cloud Environments
Introduction • About the presenter − Misha Govshteyn − Founder & VP of Emerging Products at Alert Logic • Our topic today: − Deploying Network Intrusion Detection technologies in Amazon EC2 environment 2
Datapipe Cloud Services Stack 3
Comprehensive Security IDS 2 Factor Authentication “Strong security controls are a Vulnerability Scanning requirement for many mission-critical IT Integrity Monitoring workloads. Customers demand that service providers Configuration Assessment (Tripwire) address security as they move Firewall IT infrastructure to fully elastic public cloud environments” Antivirus Web Application Firewall - Joel Friedman, Datapipe CSO TDE – Transparent Database Encryption 4
Why detect intrusions? Do you want to know if your webservers are making connections to botnet command & control servers? Do you want to know if someone is running a vulnerability scan on you without your knowledge? Do you trust that your development teams and software vendors have eliminated 100% of SQL injection or other common attacks? 5
Broad Cloud Adoption: Inhibitors 6
Public Cloud Security Complexity Security solutions must be built specifically for public cloud elastic scaling utility management pricing automation PUBLIC CLOUD SECURITY REQUIREMENTS = managed self-service operations provisioning Traditional “Big Box” third-party ownership Security Appliances are Dead Page 7 7
AWS environment challenges 1 • Lack of network introspection facilities such as SPAN 2 • Ephemeral networking means IP addresses cannot be used as host identifiers • Services must be tightly coupled to provisioning systems 3 via API to support auto-scaling and role-based management Building a scalable security cloud service requires new solutions specifically designed to operate for cloud environments 8
Soft-Tap Architecture Unique approach to network security monitoring in EC2 eth0 eth0 eth0 eth0 eth0 Soft Soft Soft Soft Tap Tap IDS Tap Tap eth1 vpn eth1 vpn eth1 vpn vpn eth1 vpn eth1 VPN Transport 9
Alert Logic for Amazon EC2 Enabling: IDS for LM for VA for • Traffic monitoring via Cloud Cloud Cloud software-based network taps • Log collection via a software agents • Virtual appliances based data collection Virtual Appliances & Host Agents • Host agents that continuously track the state of monitored instances • Automated software and configuration Management API deployment via internal management APIs • Multi-tenant aware provisioning API for integration with service provider Provisioning API Provides: • Auto-scaling by tracking IP addresses of protected hosts • Load balancing & fail over between appliances • Transport-level data encryption • Centralized resource authorization via certificates for Amazon Web Services Page 10
Components Customer EC2 Environment Collection/Cloud Management System Security Portal Incident 11
Datapipe IDS for EC2: Setup Process API TM LM SOC Integration UI CMS Deploy certificates + + + Install software packages and virtual appliances VPN Transport
Attack Scenario SQL Injection Attack (this time unsuccessful) Attacker (me) VPN Transport 13
What happens next Incident identified Threat level by correlation escalated to 60 engine out of 100 Notification sent Incident to Datapipe investigated by security Alert Logic SOC Incident remediated by Attacker blocked Datapipe security at the firewall team 14
Availability • In beta today with select customers • Available as a managed service for AWS customers exclusively through Datapipe in early 2012 • RightScale enabled: bundled into ServerTemplates for automation • Auto-scaling support coming soon • Available as a self-service solution for AWS and other public clouds from Alert Logic in 1H 2012 Questions? Contact: @mgbits 15

Recommended

Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudRobb Boyd
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Canada
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT
 
Device Management for Internet of Things Constrained Devices OMA Lightweight M2M
Device Management for Internet of Things Constrained Devices OMA Lightweight M2MDevice Management for Internet of Things Constrained Devices OMA Lightweight M2M
Device Management for Internet of Things Constrained Devices OMA Lightweight M2MDuncan Purves
 

Recommended

Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudRobb Boyd
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Canada
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT
 
Device Management for Internet of Things Constrained Devices OMA Lightweight M2M
Device Management for Internet of Things Constrained Devices OMA Lightweight M2MDevice Management for Internet of Things Constrained Devices OMA Lightweight M2M
Device Management for Internet of Things Constrained Devices OMA Lightweight M2MDuncan Purves
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNaloscocco
 
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Amazon Web Services
 
How do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scaleHow do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scaleDuncan Purves
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
IoT Device Management using open standards end-to-end
IoT Device Management using open standards end-to-endIoT Device Management using open standards end-to-end
IoT Device Management using open standards end-to-endPilgrim Beart
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorCA API Management
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Canada
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudAlert Logic
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsComparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsReal-Time Innovations (RTI)
 
CensorNet ISP Filtering
CensorNet ISP FilteringCensorNet ISP Filtering
CensorNet ISP Filteringtlloyduk
 
Innovations in Switching
Innovations in SwitchingInnovations in Switching
Innovations in SwitchingCisco Canada
 
A10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securelyA10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securelyDavid Ayoub
 
Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowMyNOG
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingCisco Canada
 
Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Novosco
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaEdureka!
 
The rackspace difference v1 2016_10_03 (1)
The rackspace difference v1 2016_10_03 (1)The rackspace difference v1 2016_10_03 (1)
The rackspace difference v1 2016_10_03 (1)Jill Coveney
 
CorporateOverview8-31-2016
CorporateOverview8-31-2016CorporateOverview8-31-2016
CorporateOverview8-31-2016Jessica Anderson
 

More Related Content

What's hot

Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNaloscocco
 
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Amazon Web Services
 
How do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scaleHow do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scaleDuncan Purves
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
IoT Device Management using open standards end-to-end
IoT Device Management using open standards end-to-endIoT Device Management using open standards end-to-end
IoT Device Management using open standards end-to-endPilgrim Beart
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorCA API Management
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Canada
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudAlert Logic
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsComparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsReal-Time Innovations (RTI)
 
CensorNet ISP Filtering
CensorNet ISP FilteringCensorNet ISP Filtering
CensorNet ISP Filteringtlloyduk
 
Innovations in Switching
Innovations in SwitchingInnovations in Switching
Innovations in SwitchingCisco Canada
 
A10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securelyA10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securelyDavid Ayoub
 
Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowMyNOG
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingCisco Canada
 
Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Novosco
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaEdureka!
 

What's hot (20)

Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPN
 
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
 
How do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scaleHow do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scale
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
 
IoT Device Management using open standards end-to-end
IoT Device Management using open standards end-to-endIoT Device Management using open standards end-to-end
IoT Device Management using open standards end-to-end
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to Cloud
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public Sector
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
 
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco MerakiCisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
Cisco Connect Ottawa 2018 the intelligent network with Cisco Meraki
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the Cloud
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
 
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsComparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
 
CensorNet ISP Filtering
CensorNet ISP FilteringCensorNet ISP Filtering
CensorNet ISP Filtering
 
Innovations in Switching
Innovations in SwitchingInnovations in Switching
Innovations in Switching
 
A10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securelyA10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securely
 
Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid Chow
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
 
Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
 

Viewers also liked

The rackspace difference v1 2016_10_03 (1)
The rackspace difference v1 2016_10_03 (1)The rackspace difference v1 2016_10_03 (1)
The rackspace difference v1 2016_10_03 (1)Jill Coveney
 
CorporateOverview8-31-2016
CorporateOverview8-31-2016CorporateOverview8-31-2016
CorporateOverview8-31-2016Jessica Anderson
 
James Moore Resume 2016
James Moore Resume 2016James Moore Resume 2016
James Moore Resume 2016James Moore
 
Zayo UK - Global Network Map
Zayo UK - Global Network MapZayo UK - Global Network Map
Zayo UK - Global Network MapJames O'Brien
 
Zayo Group Overview
Zayo Group OverviewZayo Group Overview
Zayo Group Overviewcbrandt69
 
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...Amazon Web Services
 

Viewers also liked (6)

The rackspace difference v1 2016_10_03 (1)
The rackspace difference v1 2016_10_03 (1)The rackspace difference v1 2016_10_03 (1)
The rackspace difference v1 2016_10_03 (1)
 
CorporateOverview8-31-2016
CorporateOverview8-31-2016CorporateOverview8-31-2016
CorporateOverview8-31-2016
 
James Moore Resume 2016
James Moore Resume 2016James Moore Resume 2016
James Moore Resume 2016
 
Zayo UK - Global Network Map
Zayo UK - Global Network MapZayo UK - Global Network Map
Zayo UK - Global Network Map
 
Zayo Group Overview
Zayo Group OverviewZayo Group Overview
Zayo Group Overview
 
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
AWS re:Invent 2016: Deliver Engaging Experiences with Custom Apps Built on Sa...
 

Similar to Cloud Security Topics: Network Intrusion Detection for Amazon EC2

Managing Cloud Security: Intrusion Detection Services in a Public Cloud
Managing Cloud Security: Intrusion Detection Services in a Public CloudManaging Cloud Security: Intrusion Detection Services in a Public Cloud
Managing Cloud Security: Intrusion Detection Services in a Public CloudRightScale
 
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfOpenStack Foundation
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingCloudPassage
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsCA API Management
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
BIG-IP ADCs and ADF
BIG-IP ADCs and ADFBIG-IP ADCs and ADF
BIG-IP ADCs and ADFF5 Networks
 
CNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pksCNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pkslucpaquin
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesAmazon Web Services
 
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWSAmazon Web Services
 
Daniel künzli cloudgateway.next
Daniel künzli cloudgateway.nextDaniel künzli cloudgateway.next
Daniel künzli cloudgateway.nextDigicomp Academy AG
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 

Similar to Cloud Security Topics: Network Intrusion Detection for Amazon EC2 (20)

Managing Cloud Security: Intrusion Detection Services in a Public Cloud
Managing Cloud Security: Intrusion Detection Services in a Public CloudManaging Cloud Security: Intrusion Detection Services in a Public Cloud
Managing Cloud Security: Intrusion Detection Services in a Public Cloud
 
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdf
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
Enterprise Applications on AWS
Enterprise Applications on AWSEnterprise Applications on AWS
Enterprise Applications on AWS
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual Environments
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model Requirements
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
BIG-IP ADCs and ADF
BIG-IP ADCs and ADFBIG-IP ADCs and ADF
BIG-IP ADCs and ADF
 
CNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pksCNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pks
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid Architectures
 
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
 
Daniel künzli cloudgateway.next
Daniel künzli cloudgateway.nextDaniel künzli cloudgateway.next
Daniel künzli cloudgateway.next
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

  • 1. Managing Cloud Security: Intrusion Detection in Public Cloud Environments
  • 2. Introduction • About the presenter − Misha Govshteyn − Founder & VP of Emerging Products at Alert Logic • Our topic today: − Deploying Network Intrusion Detection technologies in Amazon EC2 environment 2
  • 4. Comprehensive Security IDS 2 Factor Authentication “Strong security controls are a Vulnerability Scanning requirement for many mission-critical IT Integrity Monitoring workloads. Customers demand that service providers Configuration Assessment (Tripwire) address security as they move Firewall IT infrastructure to fully elastic public cloud environments” Antivirus Web Application Firewall - Joel Friedman, Datapipe CSO TDE – Transparent Database Encryption 4
  • 5. Why detect intrusions? Do you want to know if your webservers are making connections to botnet command & control servers? Do you want to know if someone is running a vulnerability scan on you without your knowledge? Do you trust that your development teams and software vendors have eliminated 100% of SQL injection or other common attacks? 5
  • 6. Broad Cloud Adoption: Inhibitors 6
  • 7. Public Cloud Security Complexity Security solutions must be built specifically for public cloud elastic scaling utility management pricing automation PUBLIC CLOUD SECURITY REQUIREMENTS = managed self-service operations provisioning Traditional “Big Box” third-party ownership Security Appliances are Dead Page 7 7
  • 8. AWS environment challenges 1 • Lack of network introspection facilities such as SPAN 2 • Ephemeral networking means IP addresses cannot be used as host identifiers • Services must be tightly coupled to provisioning systems 3 via API to support auto-scaling and role-based management Building a scalable security cloud service requires new solutions specifically designed to operate for cloud environments 8
  • 9. Soft-Tap Architecture Unique approach to network security monitoring in EC2 eth0 eth0 eth0 eth0 eth0 Soft Soft Soft Soft Tap Tap IDS Tap Tap eth1 vpn eth1 vpn eth1 vpn vpn eth1 vpn eth1 VPN Transport 9
  • 10. Alert Logic for Amazon EC2 Enabling: IDS for LM for VA for • Traffic monitoring via Cloud Cloud Cloud software-based network taps • Log collection via a software agents • Virtual appliances based data collection Virtual Appliances & Host Agents • Host agents that continuously track the state of monitored instances • Automated software and configuration Management API deployment via internal management APIs • Multi-tenant aware provisioning API for integration with service provider Provisioning API Provides: • Auto-scaling by tracking IP addresses of protected hosts • Load balancing & fail over between appliances • Transport-level data encryption • Centralized resource authorization via certificates for Amazon Web Services Page 10
  • 11. Components Customer EC2 Environment Collection/Cloud Management System Security Portal Incident 11
  • 12. Datapipe IDS for EC2: Setup Process API TM LM SOC Integration UI CMS Deploy certificates + + + Install software packages and virtual appliances VPN Transport
  • 13. Attack Scenario SQL Injection Attack (this time unsuccessful) Attacker (me) VPN Transport 13
  • 14. What happens next Incident identified Threat level by correlation escalated to 60 engine out of 100 Notification sent Incident to Datapipe investigated by security Alert Logic SOC Incident remediated by Attacker blocked Datapipe security at the firewall team 14
  • 15. Availability • In beta today with select customers • Available as a managed service for AWS customers exclusively through Datapipe in early 2012 • RightScale enabled: bundled into ServerTemplates for automation • Auto-scaling support coming soon • Available as a self-service solution for AWS and other public clouds from Alert Logic in 1H 2012 Questions? Contact: @mgbits 15