Using Security to Build with Confidence in AWS - Trend Micro
1. Using Security To Build
With Confidence In AWS
Sasha Pavlovic
Director, Cloud and Datacenter Security | APAC
2. The Story
More at aws.trendmicro.com
2012 re:Invent
SPR203 : Cloud Security is a Shared Responsibility
http://bit.ly/2012-spr203
2013 re:Invent
SEC208: How to Meet Strict Security & Compliance Requirements in the Cloud
http://bit.ly/2013-sec208
SEC307: How Trend Micro Build their Enterprise Security Offering on AWS
http://bit.ly/2013-sec307
2014 re:Invent
SEC313: Updating Security Operations for the Cloud
http://bit.ly/2014-sec313
SEC314: Customer Perspectives on Implementing Security Controls with AWS
http://bit.ly/2014-sec314
20. AWS VPC Checklist
Review
IAM roles
Security groups
Network segmentation
Network access control lists (NACL)
More in the Auditing Security Checklist for Use of AWS, media.amazonwebservices.com/AWS_Auditing_Security_Checklist.pdf
45. Safe. Easy. Fast.™
Promo
• First 50 Signups from this event
will get $5 worth of top-up Free.
• You can use this to pay your AWS
Bills! No Bill Shock!
52. Safe. Easy. Fast.™
What we Needed
• Our instances needs to
get the latest updates
without going online
• Anti-Malware Patching
• New Configurations
• New Threats
• Centralized Security
Logging
53. Safe. Easy. Fast.™
Our implementation
VPC
InternetWeb
Servers
Private Subnet Public Subnet
Deep Security
Manager
63. Safe. Easy. Fast.™
lessons
• We saved money and time
because instead of hiring
a security team
• We didn’t know attacks
happen THAT frequently
even on our test
environments
64. Safe. Easy. Fast.™
lessons
• Building a secure cloud
infrastructure can be
challenging to begin with
but it all works out in the
end
• Cloudformation /
Opsworks / Beanstalk is
your friend
• Better know Account Limits
(ie LB) so you can better
plan ahead