O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Managing Cloud Security:
Intrusion Detection in Public
Cloud Environments
Introduction

• About the presenter
   − Misha Govshteyn
   − Founder & VP of Emerging Products at Alert Logic
• Our topic...
Datapipe Cloud Services Stack




                  3
Comprehensive Security

 IDS

 2 Factor Authentication                     “Strong security controls are a
 Vulnerability ...
Why detect intrusions?

 Do you want to know if your
 webservers are making connections to
 botnet command & control serve...
Broad Cloud Adoption: Inhibitors




                       6
Public Cloud Security Complexity
Security solutions must be built specifically for public cloud


                      el...
AWS environment challenges


    1    • Lack of network introspection facilities such as SPAN




    2    • Ephemeral net...
Soft-Tap Architecture
Unique approach to network security monitoring in EC2




eth0                 eth0                 ...
Alert Logic for Amazon EC2


 Enabling:                                                     IDS for        LM for        V...
Components



  Customer EC2 Environment        Collection/Cloud Management System




       Security Portal             ...
Datapipe IDS for EC2: Setup Process


                                API         TM        LM   SOC
                     ...
Attack Scenario


               SQL Injection
               Attack
               (this time
               unsuccessful...
What happens next

 Incident identified    Threat level
   by correlation      escalated to 60
       engine            ou...
Availability

• In beta today with select customers
• Available as a managed service for AWS customers
  exclusively throu...
Próximos SlideShares
Carregando em…5
×

de

Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 1 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 2 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 3 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 4 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 5 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 6 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 7 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 8 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 9 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 10 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 11 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 12 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 13 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 14 Cloud Security Topics: Network Intrusion Detection for Amazon EC2 Slide 15
Próximos SlideShares
The rackspace difference v1 2016_10_03 (1)
Avançar
Transfira para ler offline e ver em ecrã inteiro.

2 gostaram

Compartilhar

Baixar para ler offline

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

Baixar para ler offline

With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

  1. 1. Managing Cloud Security: Intrusion Detection in Public Cloud Environments
  2. 2. Introduction • About the presenter − Misha Govshteyn − Founder & VP of Emerging Products at Alert Logic • Our topic today: − Deploying Network Intrusion Detection technologies in Amazon EC2 environment 2
  3. 3. Datapipe Cloud Services Stack 3
  4. 4. Comprehensive Security IDS 2 Factor Authentication “Strong security controls are a Vulnerability Scanning requirement for many mission-critical IT Integrity Monitoring workloads. Customers demand that service providers Configuration Assessment (Tripwire) address security as they move Firewall IT infrastructure to fully elastic public cloud environments” Antivirus Web Application Firewall - Joel Friedman, Datapipe CSO TDE – Transparent Database Encryption 4
  5. 5. Why detect intrusions? Do you want to know if your webservers are making connections to botnet command & control servers? Do you want to know if someone is running a vulnerability scan on you without your knowledge? Do you trust that your development teams and software vendors have eliminated 100% of SQL injection or other common attacks? 5
  6. 6. Broad Cloud Adoption: Inhibitors 6
  7. 7. Public Cloud Security Complexity Security solutions must be built specifically for public cloud elastic scaling utility management pricing automation PUBLIC CLOUD SECURITY REQUIREMENTS = managed self-service operations provisioning Traditional “Big Box” third-party ownership Security Appliances are Dead Page 7 7
  8. 8. AWS environment challenges 1 • Lack of network introspection facilities such as SPAN 2 • Ephemeral networking means IP addresses cannot be used as host identifiers • Services must be tightly coupled to provisioning systems 3 via API to support auto-scaling and role-based management Building a scalable security cloud service requires new solutions specifically designed to operate for cloud environments 8
  9. 9. Soft-Tap Architecture Unique approach to network security monitoring in EC2 eth0 eth0 eth0 eth0 eth0 Soft Soft Soft Soft Tap Tap IDS Tap Tap eth1 vpn eth1 vpn eth1 vpn vpn eth1 vpn eth1 VPN Transport 9
  10. 10. Alert Logic for Amazon EC2 Enabling: IDS for LM for VA for • Traffic monitoring via Cloud Cloud Cloud software-based network taps • Log collection via a software agents • Virtual appliances based data collection Virtual Appliances & Host Agents • Host agents that continuously track the state of monitored instances • Automated software and configuration Management API deployment via internal management APIs • Multi-tenant aware provisioning API for integration with service provider Provisioning API Provides: • Auto-scaling by tracking IP addresses of protected hosts • Load balancing & fail over between appliances • Transport-level data encryption • Centralized resource authorization via certificates for Amazon Web Services Page 10
  11. 11. Components Customer EC2 Environment Collection/Cloud Management System Security Portal Incident 11
  12. 12. Datapipe IDS for EC2: Setup Process API TM LM SOC Integration UI CMS Deploy certificates + + + Install software packages and virtual appliances VPN Transport
  13. 13. Attack Scenario SQL Injection Attack (this time unsuccessful) Attacker (me) VPN Transport 13
  14. 14. What happens next Incident identified Threat level by correlation escalated to 60 engine out of 100 Notification sent Incident to Datapipe investigated by security Alert Logic SOC Incident remediated by Attacker blocked Datapipe security at the firewall team 14
  15. 15. Availability • In beta today with select customers • Available as a managed service for AWS customers exclusively through Datapipe in early 2012 • RightScale enabled: bundled into ServerTemplates for automation • Auto-scaling support coming soon • Available as a self-service solution for AWS and other public clouds from Alert Logic in 1H 2012 Questions? Contact: @mgbits 15
  • YuryChemerkin

    Dec. 14, 2011
  • dlucky711

    Nov. 16, 2011

With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.

Vistos

Vistos totais

6.066

No Slideshare

0

De incorporações

0

Número de incorporações

50

Ações

Baixados

128

Compartilhados

0

Comentários

0

Curtir

2

×