Your SlideShare is downloading. ×
0
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

AWS Summit Sydney 2014 | Updating Security Operations for the Cloud - Session Sponsored by Trend Micro

702

Published on

This session is recommended for technical users who want to know how the day-to-day work of securing their on-premise workloads should changes when moving to the cloud. Learn how to increase the …

This session is recommended for technical users who want to know how the day-to-day work of securing their on-premise workloads should changes when moving to the cloud. Learn how to increase the effectiveness of your security operations as you move to the cloud. We will discuss how your current incident response, forensic investigations, monitoring, and audit response tactics have to change in the cloud. Pulling from experiences helping clients move to the cloud, industry research, and the school of hard knocks, this talk will help provide practical advice you can apply today.

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
702
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. © 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc. Updating Security Operations For The Cloud Justin Foster Senior Product Manager, Cloud & Data Center Security Trend Micro
  • 2. G’Day Eh?
  • 3. Strategy Tactics
  • 4. Tactics
  • 5. Tactics Auditing Monitoring Incident Response Forensic Investigations
  • 6. Traditional Responsibility Model Operating System Application Account Management You Facilities Physical Security Physical Infrastructure Network Infrastructure Virtualization Infrastructure
  • 7. Shared Responsibility Model You Operating System Application Account Management Security Groups Network Configuration AWS Facilities Physical Security Physical Infrastructure Network Infrastructure Virtualization Infrastructure
  • 8. Before After Structure Bonus
  • 9. Auditing
  • 10. PCI Compliance
  • 11. Requirements Encrypting data at rest (3.4.1) Address new threats & vulnerabilities (6.6) Log external facing services & defences (10.2, 10.5.4) Protect systems against malware (5.1) * PCI has many, many more requirements, this is just a sample
  • 12. Creating an audit trail, before Servers Storage Area Network On-premises Firewall IPS Central logging Change Records Report
  • 13. Payment Client Data On-premises AWS Amazon CloudTrail EC2 instances Central management Amazon S3 Amazon CloudFrontAmazon RDS Creating an audit trail, after Report
  • 14. Creating an audit trail, bonus points You get Record of changes via AWS CloudTrail Security control reporting via Deep Security’s API Why it matters Regular assurance controls are in place
  • 15. In action…
  • 16. Monitoring
  • 17. Visibility
  • 18. Requirements Basic event info (5W+H) Context of the event Consistent identity across environments Timely
  • 19. Visibility, before On-premises FirewallIPS Central logging SIEM SwitchSwitchSwitchDirectory Server
  • 20. AWS Amazon CloudTrail EC2 instances Amazon S3 Bucket Amazon CloudFrontAmazon RDS Visibility, after Central loggingSIEM Amazon S3
  • 21. Visibility, bonus points You get More work to put together events Richer context around events Why it matters Visibility is key to your security practice
  • 22. In action…
  • 23. Incident Response
  • 24. Under pressure
  • 25. SANS incident response process Preparation Identification Containment Eradication Recovery Lessons Learned Get ready! What is it? Did we get it? Is it gone? Again? Get better, fast!
  • 26. Requirements Quickly identify affected area Minimize impact Recovery quickly
  • 27. Server On-premises Incident Response, before Replacement Analysis Report Improve
  • 28. AWS Incident Response, after Instance Analysis Report Improve Replacement
  • 29. Incident Response, bonus points You get Faster return to production More time for analysis Why it matters Every minute of downtime counts
  • 30. In action…
  • 31. Instance Analysis Report Analyst Optimized Response LogProcessorAPI Improve Replacement
  • 32. Forensic Investigations
  • 33. Rinse & Repeat
  • 34. Perception
  • 35. Reality
  • 36. Reality, visualized
  • 37. Requirements Repeatable Account for & prove each step Not get in the way of recovery Heavily documented
  • 38. Forensics, before Server On-premises Logs Analysis Testimony Copy
  • 39. AWS Forensics, after Instance Logs Analysis Testimony Copy
  • 40. Forensics, bonus points You get Faster analysis & lower costs Ability to replicate entire environment Why it matters Legal requirements Better defences
  • 41. In action…
  • 42. Original Concurrent Analysis Examiner Commands Copy 1 Copy 2 Copy 0 Analysis
  • 43. Keys
  • 44. Auditing Monitoring IR Forensics
  • 45. Thank you. Justin Foster justin_foster@trendmicro.com @justin_foster Care of: Mark Nunnikhoven @marknca
  • 46. © 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

×