Your SlideShare is downloading. ×
  • Like
AWS CloudTrail & Alert Logic Log Manager
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

AWS CloudTrail & Alert Logic Log Manager

  • 722 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
722
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
26
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Scenario from http://www.alertlogic.com/tracking-network-changes-with-aws-cloudtrail/.

Transcript

  • 1. AWS CloudTrail & Alert Logic Log Manager December 10, 2013 Justin Criswell Cloud Solutions Architect > www.alertlogic.com Diane Garey Product Marketing
  • 2. The Shared Security Model for AWS • Secure coding and best practices • Access management • Software and virtual patching • Application level attack monitoring • Configuration management Apps Hosts VPC Networks • • • • Hardened hypervisor Promiscuous mode prevented Deny-all default in security group Root access provided to customer • • • • • Access management Patch management Configuration hardening Security monitoring Log analysis • VPC provides Logically isolated environments • Security groups filter inbound/outbound • External DDoS, spoofing and scanning prevented • Network threat detection • Security monitoring Foundation Services Compute AWS Global Infrastructure Storage Multiple Availability Zones DB Network Globally Distributed Regions 2 > www.alertlogic.com 2 Web Application Attacks Brute Force Reconnaissance Vulnerability Scans Primary Responsibility Customer
  • 3. AWS CloudTrail http://aws.amazon.com/cloudtrail Who took this action? When did the action take place? What action was taken? Where was this action performed? How was this action performed? > www.alertlogic.com 3
  • 4. Currently Supported AWS Services • • • • • • • • Amazon Elastic Compute Cloud (Amazon EC2) Amazon Elastic Block Store (Amazon EBS) Amazon Redshift Amazon Relational Database Service (Amazon RDS) Amazon Virtual Private Cloud (Amazon VPC) AWS CloudTrail AWS Identity and Access Management (AWS IAM) AWS Security Token Service (AWS STS) Amazon EC2 > www.alertlogic.com Amazon EBS Amazon Redshift Amazon RDS 4 Amazon VPC IAM STS
  • 5. Alert Logic Log Manager for AWS Cloud-Based Security Log Analysis All Log Data, All Together Collect, archive and analyze log data in real-time all data sources Quick access to log data Dozens of reports, fast and intuitive search function Compliance friendly Supports numerous standards such as PCI, HIPAA, FFIEC, SOX Available as a service Auditable daily log review with integrated case management by dedicated GIAC-certified System Security Analysts AWS Friendly Designed for AWS workloads and reference architectures 5
  • 6. Create a CloudTrail Trail 1. Use the console or CLI to create a trail 2. Enable CloudTrail logging 3. Create SQS queue 4. Create IAM group and user > www.alertlogic.com 6
  • 7. Set up a CloudTrail Source in Log Manager > www.alertlogic.com 7
  • 8. Collecting Additional AWS Log Data > www.alertlogic.com
  • 9. Demo 9> www.alertlogic.com
  • 10. Try Alert Logic Log Manager with CloudTrail • Contact Alert Logic: – www.alertlogic.com – info@alertlogic.com – cloud.docs.alertlogic.com • Installation steps: – Enable CloudTrail in your AWS account – In Log Manager, create a new CloudTrail data source > www.alertlogic.com Page 10
  • 11. Thank You! Q&A jcriswell@alertlogic.com dgarey@alertlogic.com > www.alertlogic.com