atlo software delivers secure training programs with sophos utm on aws.pdf
TRANSCRIPT
ATLO Software Delivers Secure Training
Programs with Sophos UTM on AWS
Nick Matthews, Solutions Architect, AWS
Bryan Nairn, Director of Product Marketing, Sophos
Clay Mixon, Co-owner, ATLO Software
Devin Broome, Co-owner, ATLO Software
August 17, 2017
$6.53M 56% 70%
https://www.csid.com/resources/stats/data-breaches/
Increase in theft of hard
intellectual property
http://www.pwc.com/gx/en/issues/cyber-
security/information-security-survey.html
Of consumers indicated
they’d avoid businesses
following a security breach
https://www.csid.com/resources/stats/data-breaches/
Average cost of a
data breach
Your Data and IP Are Your Most Valuable Assets
In a recent IDC report which found that most customers can be more secure
in AWS than their on-premises environment. How?
Automating logging
and monitoring
Simplifying
resource access
Making it easy to
encrypt properly
Enforcing strong
authentication
AWS Can Be More Secure than
Your Existing Environment
AWS and You Share Responsibility for Security
Constantly Monitored
The AWS infrastructure is protected by extensive
network and security monitoring systems:
Network access is monitored by AWS
security managers daily
AWS CloudTrail lets you monitor
and record all API calls
Amazon Inspector automatically assesses
applications for vulnerabilities
Highly Available
The AWS infrastructure footprint helps protect your data from costly
downtime
43 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
Retain control of where your data resides
for compliance with regulatory requirements
Mitigate the risk of DDoS attacks using
services like Route 53
Dynamically grow to meet unforeseen demand using
Auto Scaling
Integrated with Your Existing Resources
AWS enables you to improve your security using many
of your existing tools and practices
Integrate your existing Active Directory
Use dedicated connections as a secure,
low-latency extension of your data center
Provide and manage your own encryption
keys if you choose
Key AWS Certifications and Assurance Programs
Sophos Security for AWS
Bryan Nairn, Director of Product Marketing, Sophos
Introduction to Sophos
Recognized leader in Endpoint Protection, Mobile
Data Protection, and Unified Threat Management.
Long history of helping customer secure their
applications, data, endpoints, and networks—both
on-premises and more recently in the cloud.
Our solutions help secure more than 200,000
customers in over 150 countries.
Customers like Xerox, Under Armour, Pixar,
Northrop Grumman, Ford, Avis, and Amazon.
AWS Security Competency Partner
AWS and You Share Responsibility for Security
AWS Foundation Services
Compute Storage Database Networking
AWS Global
InfrastructureRegions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer Applications & Content
You get to
define your
controls ON
the Cloud
AWS takes
care of the
security OF
the Cloud
You
Inventory
& Config
Data
Encryption
SophosHost
SecurityIPS NGFW OGW VPN WAF
UTM
Application control
Outbound URL filtering
IPS deep packet inspection
Rules based on hostnames
How Customers Can Be More Secure in AWS
AWS covers the physical layer and provides tools for other layers; with UTM
on top of AWS customers get additional security for deeper protection
Virtual firewalls that control inbound/outbound access
Rules based on port or IP address
Security Groups
Sophos UTM: Next Generation Firewall
All in one solution that helps reduce complexity and save you money.
Infrastructure Protection Web Application Firewall
(WAF)
Intrusion Prevention System
(IPS)
Sandstorm Protection
(ATP and Cloud Sandboxing)
Unified Threat Management (UTM) Next Generation Firewall – combines
multiple security tools into a single solution:
Why Organizations Choose UTM on AWS
All-in-one protection
Simple and easy to manage across multiple environments
Automatically scale the size of protection
Industry leading solution – Gartner Magic Quadrant Leader
Integrates with AWS services
High Availability (HA) and redundancy supporting multiple
Availability Zones (AZ)
Auto Scaling WAF that automatically scales to inspect all
web traffic
Built in load balancer support for ELB and site-to-site VPN
configuration for VPC
CloudFormation templates that automatically deploy and
configure Sophos UTM
Sophos UTM on AWS Integrations
Sophos UTM is integrated with AWS services to make
deployment and management easy
Amazon Elastic
Load BalancingAWS
CloudFormation
Amazon S3 Auto Scaling
Sophos UTM Deployment and Pricing
Deploy directly from AWS
Marketplace
Evaluate under free trial
Easy pay-as-you-go pricing
Leverage an existing
investment with bring-your-
own-license (BYOL) option
Sophos UTM Security: Inbound & Outbound Traffic
Elasticity for inbound WAF traffic &
outbound VDI traffic.
Supports VPC peering and solves
Transitive Peering problem.Supports share services architecture
between multiple VPCs.
Provides redundancy and automatic failover of
routes across Azs.
Same solution used by Amazon for “Office in a Box.”
Steve Mueller’s presentation at re:Invent ISM403
https://www.youtube.com/watch?v=kawZBGCLBJU
Sophos UTM – Single Instance HA
Availability Zone #1 Availability Zone #2
Instances
Instances
Sophos UTM
Controller
Sophos UTM
Workers
Sophos UTM
Workers
Amazon SNSAmazon S3 AWS CloudFormation
Amazon
CloudWatch
AutoScaling
Amazon
ELB
Amazon
ELB
Sophos UTM WAF with Auto Scaling
Sophos UTM OGW with Auto Scaling
Availability Zone #1
Availability Zone #2
Syslog(Controller <- Workers)
Admin(Controller -> Workers)
Automatically discover and display EC2 instances
within Sophos Central whether on-premises or in the
AWS cloud
EC2 instance meta-data is displayed, including EC2
Lifecycle state, instance ID, AMI ID, Region, AWS
Account ID, VPC ID, Auto-scaling group
Server policies can be applied to Auto-scaling Groups
in the console; new instances in the group receive the
applied policy automatically
Terminated EC2 instances are removed from the
Sophos Central management console automatically
Amazon EC2 Auto Scaling
NEW:
Sophos Central
AWS Connector
Server Protection on AWS
Why Consider Sophos Server Protection on AWS
Powerful protection for servers
Performance without impact
One-click server lockdown
Easy to deploy and manage
Security for every platform
Protects servers on-premises or in the cloud
Sophos Server Protection on AWS
Availability Zone #1
Availability Zone #2
Syslog(Controller <- Workers)
Admin(Controller -> Workers)
Assemble. Test. Launch. Operate.
Clay Mixon, Principle, ATLO Software
Devin Broome, Principle, ATLO Software
Who is ATLO?
Clay Mixon Devin Broome
Challenge
Develop a solution to improve computer based learning and testing for incarcerated
adults and adjudicated youth.
95% of people incarcerated today are
going to be released.
Inmate labs receive little attention from short staffed IT dept.
Updated to content was slow to get done, if done at all.
Some software vendors no longer updating content via CD/DVD.
Professional certification testing no longer available on pen and
paper. Tests only available via online computer based interfaces.
Using the words, 'inmate' and 'internet' in a single sentence gives
Warden's and Correction's Administration folks a 'rash’.
ATLO Offering
The ATLO platform combines technology from AWS
&
SOPHOS along with proprietary software and
hardware
systems developed by ATLO. Secure, monitored Internet access to allowed content
Secure hardware terminal
Monitoring and alerting based on terminal usage anomalies
Accreditation from national testing organizations
Management portal for detailed reporting and administration
ATLO, ASE & General Motors Success Story
Industry standard certification.
Delivered only on computer based tests. No pen and paper.
Required Inmate transport from secure facility to public
testing center.
Very expensive to transport due to overhead of Correctional
Officers, State Police escorts and overtime.
Uncomfortable and burdensome to the Inmates.
Disrupted normal business activities for testing center.
Risk of escape for Dept. of Corrections.
Automotive Service Excellence Professional
(ASE) Computer Based Testing
ASE Professional Testing Inside the Fence First Time in US History
General Motors Master Technician TrainingBehind the Fence
First time in US history.
Ground Breaking, revolutionary
workforce development.
Win for GM, Win for the
Dealership, Win for the Inmate
and family, Win for the State, Win
for society.
Former Angola Inmates Now Working for GM
Dealership
Q & A