December 3, 2013

Alert Logic Web Security Manager for AWS

Jon VaughtSales Engineer

Diane GareyProduct Marketing

Today’s Agenda

• Web Security Manager for AWS Architecture – What you need to run Web Security Manager

• Getting Started– Quick Tour

• Next Steps– Trial– Q&A

Page 2

Alert Logic Web Security Manager WAF Introduction

Page 3

Active Protection for Web Applications, Management IncludedPositive & Negative Security Active protection using signatures and leading learning engine

Key Compliance Coverage Supports PCI 6.6 and OWASP Top 10 risks

Management Included 24x7 management by experienced security analysts

AWS Auto Scaling Protection scales dynamically with your web apps

Security Where You Need It Works wherever you have your datacenter

Web Security Manager Architecture

Amazon

Page 5

VPC

Availability Zone 1

Deployment for Auto Scaling and High Availability in AWS VPC

Availability Zone 2

Elastic Load Balancer

Web Server Web Server

Web Security Manager AWS System Overview

Internet Gateway

Amazon

Page 6

VPC

Availability Zone 1

Deployment for Auto Scaling and High Availability in AWS VPC

Availability Zone 2

Elastic Load Balancer

Web Server Web Server

Web Security Manager AWS System Overview

Internet Gateway

Worker Subnet

WSM Worker

Worker Subnet

WSM Worker

Elastic Load Balancer

Internal Elastic Load Balancer

ELB Master

S3

Master Subnet

WSM Master

Public Subnet

NAT Instance NAT Instance

Public Subnet

EBS Log Volume

Overview• 1 Master AS group with 1 master at all times• 1 Worker AS group with 2-n workers at all times

ELB Master• External interface for WSM Master• Management and monitoring (https and ssh)

ELB Worker• SSL Termination• Load balances web traffic to worker AS group

S3 Bucket• Persists configuration data

NAT Instances• Required for S3 access from private subnets

WSM Master• Acts as management node for configuration• Queues and transports logs, stats from workers

EBS Log Volume• Persists Deny Log and Stats data for master• Attached at instance start up

WSM Worker• Retrieves configuration on instance launch• Protects web traffic in front of internal ELB• Transports logs, stats to master queue

Amazon

VPC

Availability Zone 1

ELB Master

Worker Subnet

WSM Worker

Website Traffic Data Flow

Page 7

S3Availability Zone 2

Public Subnet

NAT Instance NAT Instance

Public Subnet

Master Subnet

WSM Master

Worker Subnet

Internet Gateway

Worker Subnet

EBS Log Volume

ELB Worker

WSM Worker WSM Worker

Internal ELB for your application

Web Server Web Server

Client

Website Traffic• Browser clients

connect to worker ELB

• Traffic is load balanced to Web Security Manager appliances

• Web Security Manager appliances connect to backend ELB

Web Security Manager Performance

Web Security Manager Master Instance Processing Capacity• The estimated processing capacity per Master instance is:

– m1.medium: 10 workers, 250 Mbps (inbound + outbound) total across workers

– m1.large: 25 workers, 1 Gbps (inbound + outbound) total across workers

Worker Processing Capacity in Mbps• Worker instance processing capacity:

– m1.small: 13 Mbps total (inbound + outbound)– c1.medium: 50 Mbps total (inbound + outbound)– c1.xlarge: 200 Mbps total (inbound + outbound)

Page 8

Auto Scaling Parameters

• The Cloud Formation template that creates the Web Security Manager stack allows for defining Auto Scaling Parameters.

• The difference in thresholds for scaling up and down is to mitigate the risk of removing capacity too quickly, or incorrectly reducing capacity.

Page 9

Setting Default

Scale up CPU utilization threshold 80%

Scale up when CPU is above threshold for more than 120 seconds

Scale down CPU utilization threshold 50%

Scale down when CPU is below threshold for more than 600 seconds

Auto Scaling Web Security Manager at re:Invent

https://www.youtube.com/user/AmazonWebServices

Try Web Security Manager

• Contact Alert Logic:– www.alertlogic.com– info@alertlogic.com

• Installation steps:– Set up an Alert Logic account– Gather information from your web application stack– Create internal ELB for backend web servers– Run Cloud Formation template that creates the Web Security

Manager stack– Move inbound traffic to Web Security Manager external ELB– Configure additional web sites (if required)

Page 12

Thank You! Q&A

jvaught@alertlogic.comdgarey@alertlogic.com

Page 14

AWS Services Used to Deploy Web Security Manager

• Amazon Machine Image (AMI) - An encrypted machine image stored in Amazon Elastic Block Store or Amazon Simple Storage Service. AMIs are like a template of a computer's root drive. They contain the operating system and can also include software and layers of your application, such as database servers, middleware, web servers, and so on.

• Amazon Virtual Private Cloud (VPC) - A web service that enables you to create a virtual network for your AWS resources.

• Auto Scaling - A web service designed to launch or terminate instances automatically based on user-defined policies, schedules, and health checks.

• Auto Scaling group - A representation of multiple Amazon Elastic Compute Cloud instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management.

• Availability Zone (AZ) - A distinct location within a region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.

• AWS CloudFormation - A service for writing or changing templates that create and delete related AWS resources together as a unit.

• Elastic Load Balancing - Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances. Customers can enable Elastic Load Balancing within a single Availability Zone or across multiple zones for even more consistent application performance. Elastic Load Balancing can also be used in an Amazon Virtual Private Cloud (“VPC”) to distribute traffic between application tiers.