codeless security for the apps you buy & build on aws

Codeless Security for the Apps You Buy & Build on AWS

Russell MillerDirector, Product Marketing

Ari LeedsSenior Product Manager

1

Michal Ferguson

?

Michal Ferguson

Remove "Capability" and find an interactive way to show suspicious locations. (maybe the map is black and is an animated gif that has dots highlighted in red?

Alex OConnor

are we allowed to use a map like this? got this from here: http://geekslop.com/2014/real-time-global-security-attacks-shown-happen Apparently it was created by "Kaspersky Labs"

Alex OConnor

match with first graphic

Alex OConnor

bee, flower, soil photos

Alex OConnor

change out

Russ Miller

[email protected] Can you take this section?

Continuing Professional Education (CPE) Credits

Claim your CPE credit for attending this webinarhttps://www.isc2.org/

For more information or questions please contact [email protected]

2

https://www.isc2.org/

mailto:[email protected]

Agenda

02

SaaS & IaaS Markets: Why are we here?

Security Requirements for IaaS

01

3

03

The CloudLock Approach to IaaS & AWS Security

“ 2016 Market Growth:● SaaS: 20.3%● IaaS: 38.4%

“IaaS continues to be the strongest-growing segment as enterprises move away from data center build-outs and move their infrastructure needs to the public cloud.”

4

SaaS vs. IaaS Market Growth

http://www.gartner.com/newsroom/id/3188817

- Sid Nag, Gartner Research Director

"Forecast: Public Cloud Services, Worldwide, 2013-2019, 4Q15 Update"

http://www.gartner.com/document/3180349?ref=solrAll&refval=161389607&qid=37bc1756347f7f98015dd9e2da164685

IaaS spending is skyrocketing

5

© Statista 2016

Apps on IaaS MORE critical than SaaS Apps

6

1. Internal & Partner-facing IaaS apps2. Customer-facing IaaS apps

Platformas a Service (PaaS)

People

Data

Applications

Runtime

Middleware

Operating System

Virtual Network

Hypervisor

Servers

Storage

Physical Network

Cloud Shared Responsibility - SaaS/PaaS/IaaS

7Gartner, Mind the SaaS Security Gaps, Craig Lawson and Sid Deshpande, May 19, 2016

Infrastructureas a Service (IaaS)

Hypervisor

Servers

Storage

Physical Network

SaaS

People

Data

Applications

Runtime

Middleware

Operating System

Virtual Network

Hypervisor

Servers

Storage

Physical Network

CSPResponsibility

CustomerResponsibility

People

Data

Applications

People

Data

Applications

People

Data

Applications

Runtime

Middleware

Operating System

Virtual Network

Amazon’s View: “The Shared Responsibility Model”

8Source: https://aws.amazon.com/compliance/shared-responsibility-model/

Let’s Talk About Bees (No Birds Needed)

9Source: http://www.ForestWander.com

http://www.forestwander.com/

Connections in AWS

EC2 Instance

S3 Bucket

User

App

10

Connections in AWS

EC2 Instance

S3 Bucket

S3 Bucket

Log File Log File Log File Log File

S3 Bucket

S3 Bucket

S3 Bucket

Employee

Customer AttackerPartner Admin

11

03 The CloudLock Approach to IaaS & AWS Security

12

CloudLock Coverage & Use Cases

Admin Console

Custom Apps

Data Loss PreventionCompliance

Forensics

Configuration Security

Visibility & User Behavior Analytics

13

AWS Use Case #1: Forensics

14

AWS Use Case #2A: Visibility & Behavior (Sec Admin)

15

AWS Use Case #2B: Suspicious Behavior (AWS Admin)

**********

16

Michal Ferguson

is this from the AWS console? Not sure what it's telling me.

Alex OConnor

Took that from here: http://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-overview.html ... I was trying to find an image that relates to the challenge "As the general admin for our AWS console, I need to know when potentially sensitive activities occur that may indicate new access points to our instances, changes in user accounts and updates to Identity Access Management (IAM) roles and policies, so that I can make sure that all changes have been approved and follow company protocol." but I can keep looking

AWS Use Case #3: Data Compliance & Auditing

17

Michal Ferguson

not sure what it means also..

Alex OConnor

again, trying to relate to the challenge "We have and allow certain types of sensitive data in our AWS environment in specific S3 buckets. However, for compliance and auditing purposes, I need to know exactly where that data resides, so that I can provide an export in the case of an audit." .. S3 bucket. but can keep looking

AWS Use Case #4: Data Leak Protection (DLP)

18

Michal Ferguson

sorry, don't like this one either.

Alex OConnor

will keep looking

AWS Use Case #5: Configuration Security

19

CloudLock Platform

Protect the usage of business apps in

the cloud

CASB for SaaS

Protect the usage of critical infrastructure

in the cloud

CASB for IaaS/PaaS

Include the cloud in security workflows

Cloud Security Orchestration

20

CloudLock Platform

DLP User

Behavior Analytics

CentralAuditing

Configuration

SecurityEncryption

ManagementApps

Firewall

Protect the usage of business apps in

the cloud

Protect the usage of critical infrastructure

in the cloud

CASB for SaaS

CASB for IaaS/PaaS

Include the cloud in security workflows

Cloud Security Orchestration

21

Where is the threat in your environment?

http://bit.ly/CL-aws-demo

22

http://bit.ly/CL-aws-demo

Questions

Russ MillerDirector, Product Marketing

Ari LeedsSenior Product Manager

23

codeless security for the apps you buy & build on aws

Technology