Intrusion Detection for
the AWS Cloud
December 17, 2013

Justin Criswell
Cloud Solutions Architect

> www.alertlogic.com

...
Alert Logic Secures Datacenters in any Environment
PUBLIC
CLOUD

MANAGED
HOSTING

ON-PREM DATA
CENTER

> www.alertlogic.co...
In AWS, Security Responsibility is Shared
Web Application
Attacks

Brute Force

Reconnaissance
Vulnerability Scans

Primar...
Alert Logic Threat Manager

Context-Aware Network Threat Detection & Response
Intrusion Monitoring w/o False Positives Mul...
Threat Manager
Architecture

> www.alertlogic.com
Threat Manager Agents
Designed for Auto Scaling Environments
32-bit and 64-bit versions:
Debian (.deb)
5.0 (lenny)
6.0 (sq...
Threat Manager Virtual Appliance
Threat Manager tier
Alert Logic TM (AWS
Alert Logic TM (AWS
Alert Logic TM (AWS
Alert Log...
Policy Driven Assignments
Solves large scale asset management issues in a dynamic environment

> www.alertlogic.com

8
Threat Manager APIs
Assists in robust devops automation support

9
Demo

> www.alertlogic.com
10
Installation Details
cloud.docs.alertlogic.com

> www.alertlogic.com

info@alertlogic.com

11
Thank You! Q&A

jcriswell@alertlogic.com
dgarey@alertlogic.com

> www.alertlogic.com
Upcoming SlideShare
Loading in...5
×

Intrusion Detection for the AWS Cloud

1,063

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,063
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
36
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Agent discussion, including Role and Host agents
  • Appliance discussion and how the customer gets the appliance and decides what instance type to spin it up on
  • Now that agents and appliances are deployed the two communicate via policy.
  • Polices can be updated via our UI or through API’s for programmatic integration
  • Intrusion Detection for the AWS Cloud

    1. 1. Intrusion Detection for the AWS Cloud December 17, 2013 Justin Criswell Cloud Solutions Architect > www.alertlogic.com Diane Garey Product Marketing
    2. 2. Alert Logic Secures Datacenters in any Environment PUBLIC CLOUD MANAGED HOSTING ON-PREM DATA CENTER > www.alertlogic.com 2
    3. 3. In AWS, Security Responsibility is Shared Web Application Attacks Brute Force Reconnaissance Vulnerability Scans Primary Responsibility Customer > www.alertlogic.com 3
    4. 4. Alert Logic Threat Manager Context-Aware Network Threat Detection & Response Intrusion Monitoring w/o False Positives Multi-factor analysis enables more accurate detection Integrated Vulnerability Assessment Delivers context-aware threat detection and mitigation Automated Security Analysis Out of the box alerts and reports for key use cases Key Compliance Coverage Supports numerous control objectives including PCI Approved Scanning Vendor (ASV) requirement 24x7 Security Monitoring Security Operations Center staffed by GIAC-certified analysts > www.alertlogic.com 4
    5. 5. Threat Manager Architecture > www.alertlogic.com
    6. 6. Threat Manager Agents Designed for Auto Scaling Environments 32-bit and 64-bit versions: Debian (.deb) 5.0 (lenny) 6.0 (squeeze) Ubuntu (.deb) 7.x 8.x 9.x 10.x 11.x 12.x CentOS (.rpm) 5.x 6.x Red Hat Enterprise Linux (.rpm) 5.x 6.x > www.alertlogic.com 32-bit and 64-bit versions: Windows Server 2003 Windows Server 2008 Windows Server 2012 Windows Vista Windows XP Windows 7 Windows 8 Note Provisioning as a role serves to establish the role identity, while registration (which can occur many times for a single role identity) establishes the identity of a single instance within a role. The certificate files and role instance ID (obtained at registration) comprise its unique identity. Provisioning in role mode is useful when preparing to clone an OS image on to multiple hosts or start as multiple instances. 6
    7. 7. Threat Manager Virtual Appliance Threat Manager tier Alert Logic TM (AWS Alert Logic TM (AWS Alert Logic TM (AWS Alert Logic TM (AWS Alert Logic TM (AWS Alert Logic TM (AWS Alert Logic TM (AWS Alert Logic TM (AWS > www.alertlogic.com EC2) EC2) EC2) EC2) EC2) EC2) EC2) EC2) - 10 Mbps 35 Mbps 60 Mbps 85 Mbps 120 Mbps 250 Mbps 500 Mbps 1000 Mbps Recommended AWS instance type Standard Small Standard Medium Standard Medium Standard Large Standard Large High Memory Quadruple Extra Large High CPU Extra Large High CPU Extra Large 7 AWS instance name M1.Small M1.Medium M1.Medium M1.Large M1.Large M2.4XLarge C1.Xlarge C1.Xlarge
    8. 8. Policy Driven Assignments Solves large scale asset management issues in a dynamic environment > www.alertlogic.com 8
    9. 9. Threat Manager APIs Assists in robust devops automation support 9
    10. 10. Demo > www.alertlogic.com 10
    11. 11. Installation Details cloud.docs.alertlogic.com > www.alertlogic.com info@alertlogic.com 11
    12. 12. Thank You! Q&A jcriswell@alertlogic.com dgarey@alertlogic.com > www.alertlogic.com
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×