IT security teams are increasingly pressured to accomplish more, with fewer resources. Trend Micro Deep Security helps organizations understand and overcome their most common cloud security challenges, without having to expand their cloud tool set. Join the upcoming webinar to learn how Essilor, a world leader in the design and manufacturing of corrective lenses, has enabled their IT teams to apply, maintain and scale security across their AWS environments by overcoming these common challenges in cloud migrations.
We will discuss how Essilor managed, and overcame, the pace of change when adopting a cloud environment, the transformation of their traditional IT security roles, and how they chose the right security tools and technology to achieve their business goals.
Why Teams call analytics are critical to your entire business
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges with Deep Security and AWS
1. Seeing More Clearly: How Essilor Overcame
Three Common Cloud Security Challenges
with Deep Security and AWS
Patrick McDowell, Solutions Architect, AWS
Zack Milem, Cloud Solutions Architect, Trend Micro
Tanweer Surve, Director of IT, Infrastructure Shared Services, Essilor
August 16th, 2017
2. $6.53M 56% 70%
Increase in theft of hard
intellectual property
http://www.pwc.com/gx/en/issues/cyber-
security/information-security-survey.html
Of consumers indicated
they’d avoid businesses
following a security breach
https://www.csid.com/resources/stats/data-breaches/https://www.csid.com/resources/stats/data-breaches/
Average cost of a
data breach
Your Data and IPAre Your Most Valuable Assets
3. In June 2015, IDC released a report which found that most customers
can be more secure in AWS than their on-premises environment. How?
Automating logging
and monitoring
Simplifying
resource access
Making it easy to
encrypt properly
Enforcing strong
authentication
AWS Can Be More Secure Than Your
Existing Environment
5. AWS CloudTrail lets you monitor and
record all API calls
Amazon Inspector automatically
assesses applications for vulnerabilities
VPC Flow Logs provides details about
traffic flowing in and out of your VPC
AWS Config gives an inventory of your
AWS account and visibility into changes
Leverage AWS services to have constant visibility
into what is going on in your AWS account:
Constantly Monitor Your Environment
6. 43 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
Retain control of where your data resides
for compliance with regulatory requirements
Use AWS Shield to protect your infrastructure
and applications from DDoS attacks
Implement server side or client side encryption
to protect the data you store in AWS
Implement data protection to meet your security requirements
Control and Protect Your Data
7. Integrate your existing Active Directory
Use dedicated connections as a secure,
low-latency extension of your data center
Provide and manage your own encryption
keys if you choose
Implement partner security solutions in
the customer portion of the shared
responsibility model
AWS enables you to improve your security
using many of your existing tools and practices
Integrated with Your Existing Resources
13. Right Tools for the Right Job
Eliminate the manual work involved with
applying security policies to workloads
Gain a comprehensive suite of security tools
Make the most out of your current tools
while “aging out” legacy software
17. Deep Security for AWS
Breadth
Layered protection with
one enforcement point
Designed for cloud and
hybrid environments
Accelerated compliance
Performance
Optimized for AWS
Fastest server IPS
Purchasing speed
and flexibility
Multi-platform Application
Control built for DevOps
Architecture
Protection close to server
Designed for automation
and easy deployment
Connected across Trend
Micro products (SPN, ZDI)
19. LEGEND
Known
Good
Known
Bad
Unknown
Anti-Malware & Web Reputation
Intrusion Prevention (IPS) & Firewall
Integrity Monitoring & Log Inspection
Application Control
Safe files &
actions allowed
Malicious files &
actions blocked
Machine Learning
Behavioral Analysis
Custom Sandbox Analysis
SOON!
Protect Against Advanced Threats
NEW!
NEW!
NEW!
20. Eliminate Manual Security Processes
Get full visibility across environments
Automatically scale up and down
Scan for vulnerabilities & recommend
or apply security based on policy
Install security controls for
maximum performance
Bake security into workloads
24. Prevent Ransomware
Stop ransomware on servers with
advanced anti-malware
Lock down servers with application control
Shield from network attacks with IPS
Stop lateral movement and detect
command & control traffic
25. Accelerate Security & Compliance
8 of 12
requirements
10 of 20
requirements
6 of 10
requirements
26. Customer Success Story: Essilor
Tanweer Surve, Director of Infrastructure Shared Services, Essilor
27. The world’s leading ophthalmic optic company
Revenue of €7.1 billion in 2016
Varilux®, Crizal®, Transitions®, Eyezen™, Xperio®, Foster Grant®, Bolon™ and Costa®
70,000 people globally across 100 countries, 33 plants, & 500 laboratories
5 years in a row, Essilor has made it on to Forbes magazine. Ranks - 23rd most
innovative company in the World, the 5th in Europe, and the 2nd in France.
Listed on CAC 40 and included in Euro Stoxx 50
About Essilor
28. Essilor Environment
Goal: To modernize data centers
on cloud to lower cost, and
improve performance and
overall efficiency
29. Why Did We Choose AWS?
Simplicity of acquisitions, on-boarding,
and consolidation effort
Deployment speed, agility and scalability
Automatic scaling and high availability
Regulatory compliance requirement –
PCI & HIPPA
30. Overcoming Cloud Security Challenges
1. Having the right tools for the right job
2. Managing the pace of change in the cloud
3. Filling the cybersecurity skills gap
31. Having the right tools for the right job
Challenge: Too many tools that don’t
work in the cloud
Integration with cloud service provider
Automation is critical
– Create a template so that any instance
deployed has Deep Security put into place
32. Managing the pace of change in cloud
Challenge: Things move fast in the
cloud, security needs to keep pace
Cultivating a DevSecOps culture
Single pane of glass view
Real-time view and the instant
insight you need
33. Lack of Skills and Resources
Challenge: Small security
team doing a lot of
different tasks
Getting the right training
and understanding
Gaining complete
management and visibility
in a single pane of glass
34. Evaluating Security Solutions
Objectives
– Integration with AWS
– Acceleration of cloud adoption
– Ease of use & deployment flexibility
– Proactive & complete protection
– Consolidated billing through
AWS Marketplace
35. Results of AWS + Deep Security
Investment costs justified
Huge productive and performance gain
Reduce potential risks
Administrative overhead reduction
Centralized dashboard
Increased speed to market
36. Advice on Securing Cloud Instances
What worked/didn’t work with your cloud migration?
– Host-based security could be new to you – agent to agentless
back to agent again
What questions should you ask of your security vendor?
– Do you have an APIs with AWS?
– Will I have centralized visibility for my hybrid cloud environment?
What roadblocks should you look for?
– Potential loss of visibility of the hypervisor which can be solved
by moving to host-based security
When you move to the cloud, you still have security
responsibilities as a customer
38. Next Steps for Essilor
Expanding AWS footprint with new
acquisitions / on-boarding
Deploying Deep Security Solution through
AWS Marketplace globally