intrusion detection for the aws cloud

> www.alertlogic.com

December 17, 2013

Intrusion Detection for the AWS Cloud

Justin CriswellCloud Solutions Architect

Diane GareyProduct Marketing

> www.alertlogic.com 2

Alert Logic Secures Datacenters in any Environment

PUBLIC CLOUD

MANAGED HOSTING

ON-PREM DATA CENTER

> www.alertlogic.com

Brute Force

Web Application Attacks

ReconnaissanceVulnerability Scans

In AWS, Security Responsibility is Shared

3

Customer

Primary Responsibility

> www.alertlogic.com 4

Alert Logic Threat Manager

Context-Aware Network Threat Detection & ResponseIntrusion Monitoring w/o False Positives Multi-factor analysis enables more accurate detection

Integrated Vulnerability Assessment Delivers context-aware threat detection and mitigation

Automated Security Analysis Out of the box alerts and reports for key use cases

Key Compliance Coverage Supports numerous control objectives including PCI Approved Scanning Vendor (ASV) requirement

24x7 Security Monitoring Security Operations Center staffed by GIAC-certified analysts

> www.alertlogic.com

Threat Manager Architecture

> www.alertlogic.com 6

Threat Manager AgentsDesigned for Auto Scaling Environments

32-bit and 64-bit versions:Debian (.deb)

5.0 (lenny)6.0 (squeeze)

Ubuntu (.deb)7.x8.x9.x10.x11.x12.x

CentOS (.rpm)5.x6.x

Red Hat Enterprise Linux (.rpm)

5.x6.x

32-bit and 64-bit versions:Windows Server 2003Windows Server 2008Windows Server 2012Windows VistaWindows XPWindows 7Windows 8

Note Provisioning as a role serves to establish the role identity, while registration (which can occur many times for a single role identity) establishes the identity of a single instance within a role.

The certificate files and role instance ID (obtained at registration) comprise its unique identity. Provisioning in role mode is useful when preparing to clone an OS image on to multiple hosts or start as multiple instances.

> www.alertlogic.com 7

Threat Manager Virtual Appliance

Threat Manager tier Recommended AWS instance type AWS instance name

Alert Logic TM (AWS EC2) - 10 Mbps Standard Small M1.Small

Alert Logic TM (AWS EC2) - 35 Mbps Standard Medium M1.Medium

Alert Logic TM (AWS EC2) - 60 Mbps Standard Medium M1.Medium

Alert Logic TM (AWS EC2) - 85 Mbps Standard Large M1.Large

Alert Logic TM (AWS EC2) - 120 Mbps Standard Large M1.Large

Alert Logic TM (AWS EC2) - 250 Mbps High Memory Quadruple Extra Large M2.4XLarge

Alert Logic TM (AWS EC2) - 500 Mbps High CPU Extra Large C1.Xlarge

Alert Logic TM (AWS EC2) - 1000 Mbps High CPU Extra Large C1.Xlarge

> www.alertlogic.com 8

Policy Driven AssignmentsSolves large scale asset management issues in a dynamic environment

Assists in robust devops automation support

Threat Manager APIs

> www.alertlogic.com

Demo

10

> www.alertlogic.com 11

cloud.docs.alertlogic.com info@alertlogic.com

Installation Details

> www.alertlogic.com

Thank You! Q&A

jcriswell@alertlogic.comdgarey@alertlogic.com