Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS Summit 2011 : Validating the Security of your AWS Cloud Deployments


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

AWS Summit 2011 : Validating the Security of your AWS Cloud Deployments

  1. 1. Validating the Security of your AWS Cloud DeploymentsPage 1
  2. 2. Quick Company Update Leader in real-world security test and measurement solutions – created automated penetration testing category 1000+ customers: Industry leaders and government – Top 3 Telecomm Companies – Top 3 Network & Communications Equipment Companies – 2 of 3 Top Computer Software Companies – 2 of 3 Top Pharmaceutical Companies – 6 of 7 Top Aerospace and Defense Companies Explosive product growth and technology innovation Announced this weekPage 2 - CONFIDENTIAL -
  3. 3. Cloud Security You are responsible for your own security – just because it is virtualized, does not mean the bad guys will not attack it – Confidence in your provider – Securing and testing your applications and systems Amazon Web Services – A leader in secure infrastructure – Ideal partner for Core – shared goal of making customers more secure You must: – Create secure applications and deployments – Use the same security diligence as in your physical infrastructure – Test as often as possiblePage 3
  4. 4. Case Study Customer Profile – Cloud-based security provider – Built and run their entire business infrastructure in AWS – Security savvy, and security is a top priority Challenge: – Want to follow security best practices for their cloud deployment » Similar to traditional on-premise security testing – Verify the security of their hosted applications & instances – Institute low cost, repeatable security testing program for their AWS instances – Miminize human/manual time and effortPage 4 - CONFIDENTIAL -
  5. 5. Case Study Solution – Core CloudInspect, the first automated security testing solution, integrated with AWS Benefits – Provides easy way to make security testing part of the ongoing deployment and maintenance process – Automates security testing of instances – Uses real-world attack techniques, delivers NO false positives – Automates the test request process via IAM, thus saving human time/effort – Leverage 15 years of security testing technology and expertise Regular testing should become a best practice for all cloud deployments, with retesting after exposures are remediatedPage 5 - CONFIDENTIAL -
  6. 6. https://www.corecloudinspect.comPage 6 - CONFIDENTIAL -
  7. 7. How Core CloudInspect WorksOne-time set-up of CloudInspect account with Core – Includes AWS authorization1. Log-in2. Select instances to test3. Select web applications to test4. Select reports5. Confirm and pay6. View progress7. Retrieve reportsPage 7 - CONFIDENTIAL -
  8. 8. How It Works:Set-up your CloudInspect accountPage 8 - CONFIDENTIAL -
  9. 9. How It Works:Log-in and view all your AWS instancesPage 9 - CONFIDENTIAL -
  10. 10. How It Works:Pick what you want to testPage 10 - CONFIDENTIAL -
  11. 11. How It Works:Pick the URLS to testPage 11 - CONFIDENTIAL -
  12. 12. How It Works:Select reportsPage 12 - CONFIDENTIAL -
  13. 13. How It Works:Pay for the testPage 13 - CONFIDENTIAL -
  14. 14. How It Works:View progress and retrieve reportsPage 14 - CONFIDENTIAL -
  15. 15. AWS Customers Test your first three instances each month for free*Page 15 - CONFIDENTIAL - * Limited offer for AWS customers in 2011
  16. 16. The leader in security testing introduces The first automated security testing service for cloud environments.• Fully automated security testing for AWS clients• SaaS-delivered penetration testing for AWS hosted instances: • Cloud-based machine instances • Cloud-based web applications• Identification of security exposures in hosted systems and applications• Verification and validation of cloud deployed applications and systems• Integrated and automated back-end test authorization and payment w/ AWS On-demand security testing service for the Cloud Page 16 - CONFIDENTIAL -