• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AWS re:Invent 2013
 

How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AWS re:Invent 2013

on

  • 696 views

"In this session, learn how Trend Micro built Deep Security as a service on AWS. This service offers enterprise-grade security controls for AWS deployments in the form of intrusion detection and ...

"In this session, learn how Trend Micro built Deep Security as a service on AWS. This service offers enterprise-grade security controls for AWS deployments in the form of intrusion detection and prevention, anti-malware, a firewall, web reputation, and integrity monitoring.
With over 400 internal requirements set by their in-house Information Security and IT Operations teams, the Service team was challenged with building the case to deploy Deep Security as a service on AWS instead of in-house. This session walks through the reasons why the team chose AWS, the design decisions they made, and how they were able to meet or exceed their in-house requirements while deploying on AWS."

Statistics

Views

Total Views
696
Views on SlideShare
563
Embed Views
133

Actions

Likes
0
Downloads
25
Comments
0

2 Embeds 133

http://www.scoop.it 132
http://webcache.googleusercontent.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AWS re:Invent 2013 How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AWS re:Invent 2013 Presentation Transcript

    • Learn How Trend Micro Used AWS to Build their Enterprise Security Offering (Deep Security as a Service) Mark Nunnikhoven, Principal Engineer at Trend Micro November 14, 2013 © 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc. Friday, November 15, 13
    • "The following story is fictional and does not depict any actual person or event" Friday, November 15, 13
    • "The following story is completely real and depicts actual people & events" * Only the names have been changes to protect the innocent ;-) Friday, November 15, 13
    • The stage Friday, November 15, 13
    • What is Deep Security? Centralized security control management Friday, November 15, 13
    • What is Deep Security? Centralized security control management Manager Friday, November 15, 13
    • What is Deep Security? Centralized security control management Manager Friday, November 15, 13 Agent
    • What could be... Friday, November 15, 13
    • What could be... • Friday, November 15, 13 For the cloud
    • What could be... For the cloud • In the cloud • Friday, November 15, 13
    • What was Determine what an appropriate visual here would be (old style for contrast?) Friday, November 15, 13
    • What was • Determine what an appropriate visual here would be (old style for contrast?) Friday, November 15, 13 For the data center
    • What was For the data center • In the data center • Determine what an appropriate visual here would be (old style for contrast?) Friday, November 15, 13
    • The story so far... Friday, November 15, 13
    • Deep Security—The Early Years Security for servers and virtual machines Friday, November 15, 13
    • Deep Security—The Early Years Security for servers and virtual machines Product focus • Enterprise only • Tight integration with virtualization platform • Focused on Windows platforms Friday, November 15, 13
    • Deep Security—The Middle Years Security for servers and virtual machines Friday, November 15, 13
    • Deep Security—The Middle Years Security for servers and virtual machines Big changes • Acquired by Trend Micro in 2009 • Provided more protection • Agentless protection is key • Expanded platform support Friday, November 15, 13
    • Deep Security—Now Friday, November 15, 13
    • Deep Security—Now Product changes • Protection regardless of location • “Single pane of glass” • Smart, simple, security that fits taken to heart Friday, November 15, 13
    • Deep Security—Now Security for servers, virtual machines Product changes • Protection regardless of location • “Single pane of glass” • Smart, simple, security that fits taken to heart Friday, November 15, 13
    • Deep Security—Now Security for servers, virtual machines, & the cloud Product changes • Protection regardless of location • “Single pane of glass” • Smart, simple, security that fits taken to heart Friday, November 15, 13
    • The Decision Time to offer Deep Security as a service Friday, November 15, 13
    • Why a Service? Security for servers, virtual machines Friday, November 15, 13
    • Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients Friday, November 15, 13
    • Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients • Work directly with clients Friday, November 15, 13
    • Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients • Work directly with clients • Smaller feedback loop for new features Friday, November 15, 13
    • The players Friday, November 15, 13
    • Internal Teams Friday, November 15, 13
    • Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* Friday, November 15, 13
    • Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* Friday, November 15, 13
    • Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* People to win over Executives Information Security Operations R&D Product Team Friday, November 15, 13
    • Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* vs People to win over Executives Information Security Operations R&D Product Team Friday, November 15, 13
    • Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* vs People to win over Executives Information Security Operations R&D Product Team Friday, November 15, 13
    • Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* Friday, November 15, 13 + People who helped Executives Information Security Operations R&D Product Team
    • Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* Friday, November 15, 13 + People who helped Executives Information Security Operations R&D Product Team
    • Team Profile Information Security • Own existing security policy Friday, November 15, 13
    • Friday, November 15, 13
    • Team Profile Information Security • Own existing security policy Friday, November 15, 13
    • Team Profile Information Security • Own existing security policy • 400+ requirements for operational services Friday, November 15, 13
    • Team Profile Information Security • Own existing security policy • 400+ requirements for operational services • Wants development of cloud best practices Friday, November 15, 13
    • Team Profile Operations • Run several data centers worldwide Friday, November 15, 13
    • Team Profile Operations • Run several data centers worldwide • Rigid change management with complex schedules Friday, November 15, 13
    • Team Profile Operations • Run several data centers worldwide • Rigid change management with complex schedules • Wants development of DevOps runbook Friday, November 15, 13
    • Team Profile R&D Product Team • Develop & maintain the product Friday, November 15, 13
    • Team Profile R&D Product Team • Develop & maintain the product • Only operational work is emergency support Friday, November 15, 13
    • Team Profile R&D Product Team • Develop & maintain the product • Only operational work is emergency support • Wants tighter feedback loop Friday, November 15, 13
    • The details Friday, November 15, 13
    • High Level Architecture Friday, November 15, 13
    • High Level Architecture Agent Friday, November 15, 13
    • High Level Architecture Agent Friday, November 15, 13
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Load balancers Friday, November 15, 13
    • High Level Architecture Friday, November 15, 13
    • High Level Architecture Agent Friday, November 15, 13
    • High Level Architecture Agent Friday, November 15, 13
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Load Balancers Friday, November 15, 13
    • Load Balancers Requirements • 3 flows, all incoming on :443 Friday, November 15, 13
    • Load Balancers Requirements • 3 flows, all incoming on :443 • SSL off loading Friday, November 15, 13
    • Load Balancers Requirements • 3 flows, all incoming on :443 • SSL off loading • High number of concurrent connections Friday, November 15, 13
    • Load Balancers HAProxy Met requirements 2+ instances required (for HA) EC2 instance costs More boxes to maintain Friday, November 15, 13
    • Load Balancers HAProxy Elastic Load Balancing Met requirements Can meet requirements 2+ instances required (for HA) 3 load balancers required (1x flow) EC2 instance costs More boxes to maintain Cheap Minimal maintenance Friday, November 15, 13
    • Load Balancer Architecture Fix Load Balancer Friday, November 15, 13
    • Load Balancer Architecture Fix Agent Friday, November 15, 13 Load Balancer
    • Load Balancer Architecture Fix Agent Friday, November 15, 13 Load Balancer
    • Load Balancer Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay
    • Load Balancer Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Load Balancer Architecture Bi-direction communications Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Manager + Relay Friday, November 15, 13
    • High Level Architecture Load Balancer Friday, November 15, 13
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Manager + Relay Friday, November 15, 13
    • Manager + Relay Requirements • Hosts JVM-based application Friday, November 15, 13
    • Manager + Relay Requirements • Hosts JVM-based application • Memory, CPU, and network are constraints Friday, November 15, 13
    • Manager + Relay AWS Windows Base Met requirements Harder to script More expensive Friday, November 15, 13
    • Manager + Relay AWS Windows Base AWS Linux Base Met requirements Met requirements Harder to script Simple scripting More expensive Cheaper Friday, November 15, 13
    • Manager + Relay Architecture Fix Load Balancer Friday, November 15, 13
    • Manager + Relay Architecture Fix Agent Friday, November 15, 13 Load Balancer
    • Manager + Relay Architecture Fix Agent Friday, November 15, 13 Load Balancer
    • Manager + Relay Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay
    • Manager + Relay Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Manager + Relay Architecture Bi-direction communications Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Manager + Relay—Tips & Tricks Friday, November 15, 13
    • Manager + Relay—Tips & Tricks Tips & tricks • We don’t use AMIs Friday, November 15, 13
    • Manager + Relay—Tips & Tricks Tips & tricks • We don’t use AMIs • Auto-scale only for failover Friday, November 15, 13
    • Database Friday, November 15, 13
    • High Level Architecture Load Balancer Friday, November 15, 13 Manager + Relay
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Database Friday, November 15, 13
    • Database Requirements • MS SQL or Oracle Friday, November 15, 13
    • Database Requirements • MS SQL or Oracle • Low latency path to Manager + Relay nodes Friday, November 15, 13
    • Manager + Relay on Amazon EC2 Met requirements 2x cost for clustered pairs More maintenance Friday, November 15, 13
    • Manager + Relay on Amazon EC2 on Amazon RDS Met requirements Can meet requirements 2x cost for clustered pairs 1.3x cost for clustered pairs More maintenance Less effort Friday, November 15, 13
    • Manager + Relay MS SQL Teams are more familiar Better tools available* 30 DB limit per Amazon RDS instance Friday, November 15, 13
    • Manager + Relay MS SQL Oracle Teams are more familiar Forces product improvements Better tools available* “Encourages” learning 30 DB limit per Amazon RDS instance No tablespace limits Friday, November 15, 13
    • Database Architecture Fix Load Balancer Friday, November 15, 13 Manager + Relay
    • Database Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay
    • Database Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay
    • Database Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Database Architecture Bi-direction communications Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Final(ish) Design Friday, November 15, 13
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • High Level Architecture Add highly detailed graphic here Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • High Level Architecture Add highly detailed graphic here Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • High Level Architecture Add highly detailed graphic here Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
    • Supporting Services Friday, November 15, 13
    • Supporting Services Amazon Route 53 for all DNS Friday, November 15, 13
    • Supporting Services Amazon S3 for deployment storage Friday, November 15, 13
    • Supporting Services Change graphic AWS Trusted Advisor for sanity checks Friday, November 15, 13
    • Supporting Services Change graphic Premium Support for CYA Friday, November 15, 13
    • “Soft” (not easy) changes Friday, November 15, 13
    • Team Profile Validating lessons for the team Information Security • Own existing security policy Friday, November 15, 13
    • Team Profile Validating lessons for the team Information Security • Own existing security policy • 400+ requirements for operational services Friday, November 15, 13
    • Team Profile Validating lessons for the team Information Security • Own existing security policy • 400+ requirements for operational services • Wants development of cloud best practices Friday, November 15, 13
    • Team Profile Validating lessons for the team Operations • Run several data centers worldwide Friday, November 15, 13
    • Team Profile Validating lessons for the team Operations • Run several data centers worldwide • Rigid change management with complex schedules Friday, November 15, 13
    • Team Profile Validating lessons for the team Operations • Run several data centers worldwide • Rigid change management with complex schedules • Wants development of DevOps runbook Friday, November 15, 13
    • Chart Example Region 1 Region 2 2007 Add stats for Service 2008 Add goals for other Trend services 2009 2010 0 Friday, November 15, 13 25 50 75 100
    • Team Profile Validating lessons for the team R&D Product Team • Develop & maintain the product Friday, November 15, 13
    • Team Profile Validating lessons for the team R&D Product Team • Develop & maintain the product • Only operational work is emergency support Friday, November 15, 13
    • Team Profile Validating lessons for the team R&D Product Team • Develop & maintain the product • Only operational work is emergency support • Wants tighter feedback loop Friday, November 15, 13
    • Chart Example Region 1 Region 2 2007 Add bug/feature stats 2008 2009 2010 0 Friday, November 15, 13 25 50 75 100
    • Team Profile Validating lessons for the team Service Team • Own existing security policy Friday, November 15, 13
    • Team Profile Validating lessons for the team Service Team • Own existing security policy • 400+ requirements for operational services Friday, November 15, 13
    • Team Profile Validating lessons for the team Service Team • Own existing security policy • 400+ requirements for operational services • Wants development of cloud best practices Friday, November 15, 13
    • Chart Example Region 1 Region 2 2007 Add stats for support? 2008 2009 2010 0 Friday, November 15, 13 25 50 75 100
    • Well? Friday, November 15, 13
    • Why a Service? Security for servers, virtual machines Friday, November 15, 13
    • Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients Friday, November 15, 13
    • Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients • Work directly with clients Friday, November 15, 13
    • Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients • Work directly with clients • Smaller feedback loop for new features Friday, November 15, 13
    • Please give us your feedback on this presentation SEC307 As a thank you, we will select prize winners daily for completed surveys! Friday, November 15, 13 Thank You