ATLO Software Delivers Secure Training

Programs with Sophos UTM on AWS

Nick Matthews, Solutions Architect, AWS

Bryan Nairn, Director of Product Marketing, Sophos

Clay Mixon, Co-owner, ATLO Software

Devin Broome, Co-owner, ATLO Software

August 17, 2017

$6.53M 56% 70%

https://www.csid.com/resources/stats/data-breaches/

Increase in theft of hard

intellectual property

http://www.pwc.com/gx/en/issues/cyber-

security/information-security-survey.html

Of consumers indicated

they’d avoid businesses

following a security breach

https://www.csid.com/resources/stats/data-breaches/

Average cost of a

data breach

Your Data and IP Are Your Most Valuable Assets

In a recent IDC report which found that most customers can be more secure

in AWS than their on-premises environment. How?

Automating logging

and monitoring

Simplifying

resource access

Making it easy to

encrypt properly

Enforcing strong

authentication

AWS Can Be More Secure than

Your Existing Environment

AWS and You Share Responsibility for Security

Constantly Monitored

The AWS infrastructure is protected by extensive

network and security monitoring systems:

Network access is monitored by AWS

security managers daily

AWS CloudTrail lets you monitor

and record all API calls

Amazon Inspector automatically assesses

applications for vulnerabilities

Highly Available

The AWS infrastructure footprint helps protect your data from costly

downtime

43 Availability Zones in 16 regions for

multi-synchronous geographic redundancy

Retain control of where your data resides

for compliance with regulatory requirements

Mitigate the risk of DDoS attacks using

services like Route 53

Dynamically grow to meet unforeseen demand using

Auto Scaling

Integrated with Your Existing Resources

AWS enables you to improve your security using many

of your existing tools and practices

Integrate your existing Active Directory

Use dedicated connections as a secure,

low-latency extension of your data center

Provide and manage your own encryption

keys if you choose

Key AWS Certifications and Assurance Programs

Sophos Security for AWS

Bryan Nairn, Director of Product Marketing, Sophos

Introduction to Sophos

Recognized leader in Endpoint Protection, Mobile

Data Protection, and Unified Threat Management.

Long history of helping customer secure their

applications, data, endpoints, and networks—both

on-premises and more recently in the cloud.

Our solutions help secure more than 200,000

customers in over 150 countries.

Customers like Xerox, Under Armour, Pixar,

Northrop Grumman, Ford, Avis, and Amazon.

AWS Security Competency Partner

AWS and You Share Responsibility for Security

AWS Foundation Services

Compute Storage Database Networking

AWS Global

InfrastructureRegions

Availability Zones

Edge Locations

Identity &

Access Control

Network

Security

Customer Applications & Content

You get to

define your

controls ON

the Cloud

AWS takes

care of the

security OF

the Cloud

You

Inventory

& Config

Data

Encryption

SophosHost

SecurityIPS NGFW OGW VPN WAF

UTM

Application control

Outbound URL filtering

IPS deep packet inspection

Rules based on hostnames

How Customers Can Be More Secure in AWS

AWS covers the physical layer and provides tools for other layers; with UTM

on top of AWS customers get additional security for deeper protection

Virtual firewalls that control inbound/outbound access

Rules based on port or IP address

Security Groups

Sophos UTM: Next Generation Firewall

All in one solution that helps reduce complexity and save you money.

Infrastructure Protection Web Application Firewall

(WAF)

Intrusion Prevention System

(IPS)

Sandstorm Protection

(ATP and Cloud Sandboxing)

Unified Threat Management (UTM) Next Generation Firewall – combines

multiple security tools into a single solution:

Why Organizations Choose UTM on AWS

All-in-one protection

Simple and easy to manage across multiple environments

Automatically scale the size of protection

Industry leading solution – Gartner Magic Quadrant Leader

Integrates with AWS services

High Availability (HA) and redundancy supporting multiple

Availability Zones (AZ)

Auto Scaling WAF that automatically scales to inspect all

web traffic

Built in load balancer support for ELB and site-to-site VPN

configuration for VPC

CloudFormation templates that automatically deploy and

configure Sophos UTM

Sophos UTM on AWS Integrations

Sophos UTM is integrated with AWS services to make

deployment and management easy

Amazon Elastic

Load BalancingAWS

CloudFormation

Amazon S3 Auto Scaling

Sophos UTM Deployment and Pricing

Deploy directly from AWS

Marketplace

Evaluate under free trial

Easy pay-as-you-go pricing

Leverage an existing

investment with bring-your-

own-license (BYOL) option

Sophos UTM Security: Inbound & Outbound Traffic

Elasticity for inbound WAF traffic &

outbound VDI traffic.

Supports VPC peering and solves

Transitive Peering problem.Supports share services architecture

between multiple VPCs.

Provides redundancy and automatic failover of

routes across Azs.

Same solution used by Amazon for “Office in a Box.”

Steve Mueller’s presentation at re:Invent ISM403

https://www.youtube.com/watch?v=kawZBGCLBJU

Sophos UTM – Single Instance HA

Availability Zone #1 Availability Zone #2

Instances

Instances

Sophos UTM

Controller

Sophos UTM

Workers

Sophos UTM

Workers

Amazon SNSAmazon S3 AWS CloudFormation

Amazon

CloudWatch

AutoScaling

Amazon

ELB

Amazon

ELB

Sophos UTM WAF with Auto Scaling

Sophos UTM OGW with Auto Scaling

Availability Zone #1

Availability Zone #2

Syslog(Controller <- Workers)

Admin(Controller -> Workers)

Automatically discover and display EC2 instances

within Sophos Central whether on-premises or in the

AWS cloud

EC2 instance meta-data is displayed, including EC2

Lifecycle state, instance ID, AMI ID, Region, AWS

Account ID, VPC ID, Auto-scaling group

Server policies can be applied to Auto-scaling Groups

in the console; new instances in the group receive the

applied policy automatically

Terminated EC2 instances are removed from the

Sophos Central management console automatically

Amazon EC2 Auto Scaling

NEW:

Sophos Central

AWS Connector

Server Protection on AWS

Why Consider Sophos Server Protection on AWS

Powerful protection for servers

Performance without impact

One-click server lockdown

Easy to deploy and manage

Security for every platform

Protects servers on-premises or in the cloud

Sophos Server Protection on AWS

Availability Zone #1

Availability Zone #2

Syslog(Controller <- Workers)

Admin(Controller -> Workers)

Assemble. Test. Launch. Operate.

Clay Mixon, Principle, ATLO Software

Devin Broome, Principle, ATLO Software

Who is ATLO?

Clay Mixon Devin Broome

Challenge

Develop a solution to improve computer based learning and testing for incarcerated

adults and adjudicated youth.

95% of people incarcerated today are

going to be released.

Inmate labs receive little attention from short staffed IT dept.

Updated to content was slow to get done, if done at all.

Some software vendors no longer updating content via CD/DVD.

Professional certification testing no longer available on pen and

paper. Tests only available via online computer based interfaces.

Using the words, 'inmate' and 'internet' in a single sentence gives

Warden's and Correction's Administration folks a 'rash’.

ATLO Offering

The ATLO platform combines technology from AWS

&

SOPHOS along with proprietary software and

hardware

systems developed by ATLO. Secure, monitored Internet access to allowed content

Secure hardware terminal

Monitoring and alerting based on terminal usage anomalies

Accreditation from national testing organizations

Management portal for detailed reporting and administration

ATLO, ASE & General Motors Success Story

Industry standard certification.

Delivered only on computer based tests. No pen and paper.

Required Inmate transport from secure facility to public

testing center.

Very expensive to transport due to overhead of Correctional

Officers, State Police escorts and overtime.

Uncomfortable and burdensome to the Inmates.

Disrupted normal business activities for testing center.

Risk of escape for Dept. of Corrections.

Automotive Service Excellence Professional

(ASE) Computer Based Testing

ASE Professional Testing Inside the Fence First Time in US History

General Motors Master Technician TrainingBehind the Fence

First time in US history.

Ground Breaking, revolutionary

workforce development.

Win for GM, Win for the

Dealership, Win for the Inmate

and family, Win for the State, Win

for society.

Former Angola Inmates Now Working for GM

Dealership

Q & A