Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Seeing More Clearly: How Essilor Overcame
Three Common Cloud Security Challenges
with Deep Security and AWS
Patrick McDowe...
$6.53M 56% 70%
Increase in theft of hard
intellectual property
http://www.pwc.com/gx/en/issues/cyber-
security/information...
In June 2015, IDC released a report which found that most customers
can be more secure in AWS than their on-premises envir...
AWS and You: Shared Responsibility for Security
 AWS CloudTrail lets you monitor and
record all API calls
 Amazon Inspector automatically
assesses applications for vuln...
 43 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
 Retain control of where your data resi...
 Integrate your existing Active Directory
 Use dedicated connections as a secure,
low-latency extension of your data cen...
Key AWS Certifications and Assurance Programs
Trend Micro Deep Security
Zack Milem, Cloud Solutions Architect, Trend Micro
Traditional on-premises security is applied at the perimeter
On-Premises Security
Workload-Centric Security
Protect dynamic environments with Trend Micro Deep Security’s
workload-centric automated protect...
Challenges
Having the right
tools for the job
Managing the pace
of change in cloud
Filling the cybersecurity
skills gap
Right Tools for the Right Job
 Eliminate the manual work involved with
applying security policies to workloads
 Gain a c...
Response &
Containment
Intrusion
Prevention
Integrity
Monitoring
Anti-Malware &
Content Filtering
Machine
Learning
Sandbox...
Manage the Pace of Change of the Cloud



Eliminate the Cyber Security Skills Gap



Deep Security for AWS
Breadth
 Layered protection with
one enforcement point
 Designed for cloud and
hybrid environments...
Trend Micro Deep Security Use Cases







LEGEND
Known
Good
Known
Bad
Unknown
Anti-Malware & Web Reputation
Intrusion Prevention (IPS) & Firewall
Integrity Monitori...
Eliminate Manual Security Processes
 Get full visibility across environments
 Automatically scale up and down
 Scan for...
Eliminate Security Silos
Reduce Deployment Complexity
Support for leading
orchestration tools
and automation
PowerShell
Streamline Information Sharing
Prevent Ransomware
 Stop ransomware on servers with
advanced anti-malware
 Lock down servers with application control
 ...
Accelerate Security & Compliance
8 of 12
requirements
10 of 20
requirements
6 of 10
requirements
Customer Success Story: Essilor
Tanweer Surve, Director of Infrastructure Shared Services, Essilor
 The world’s leading ophthalmic optic company
 Revenue of €7.1 billion in 2016
 Varilux®, Crizal®, Transitions®, Eyezen...
Essilor Environment

 Goal: To modernize data centers
on cloud to lower cost, and
improve performance and
overall effici...
Why Did We Choose AWS?
 Simplicity of acquisitions, on-boarding,
and consolidation effort
 Deployment speed, agility and...
Overcoming Cloud Security Challenges
1. Having the right tools for the right job
2. Managing the pace of change in the clo...
Having the right tools for the right job
 Challenge: Too many tools that don’t
work in the cloud
 Integration with cloud...
Managing the pace of change in cloud
 Challenge: Things move fast in the
cloud, security needs to keep pace
 Cultivating...
Lack of Skills and Resources
 Challenge: Small security
team doing a lot of
different tasks
 Getting the right training
...
Evaluating Security Solutions
 Objectives
– Integration with AWS
– Acceleration of cloud adoption
– Ease of use & deploym...
Results of AWS + Deep Security
 Investment costs justified
 Huge productive and performance gain
 Reduce potential risk...
Advice on Securing Cloud Instances
 What worked/didn’t work with your cloud migration?
– Host-based security could be new...
AWS and You: Shared Responsibility for Security
Next Steps for Essilor
 Expanding AWS footprint with new
acquisitions / on-boarding
 Deploying Deep Security Solution th...
Q & A
Upcoming SlideShare
Loading in …5
×

Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges with Deep Security and AWS

1,219 views

Published on

IT security teams are increasingly pressured to accomplish more, with fewer resources. Trend Micro Deep Security helps organizations understand and overcome their most common cloud security challenges, without having to expand their cloud tool set. Join the upcoming webinar to learn how Essilor, a world leader in the design and manufacturing of corrective lenses, has enabled their IT teams to apply, maintain and scale security across their AWS environments by overcoming these common challenges in cloud migrations.

We will discuss how Essilor managed, and overcame, the pace of change when adopting a cloud environment, the transformation of their traditional IT security roles, and how they chose the right security tools and technology to achieve their business goals.

Published in: Technology
  • Be the first to comment

Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges with Deep Security and AWS

  1. 1. Seeing More Clearly: How Essilor Overcame Three Common Cloud Security Challenges with Deep Security and AWS Patrick McDowell, Solutions Architect, AWS Zack Milem, Cloud Solutions Architect, Trend Micro Tanweer Surve, Director of IT, Infrastructure Shared Services, Essilor August 16th, 2017
  2. 2. $6.53M 56% 70% Increase in theft of hard intellectual property http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey.html Of consumers indicated they’d avoid businesses following a security breach https://www.csid.com/resources/stats/data-breaches/https://www.csid.com/resources/stats/data-breaches/ Average cost of a data breach Your Data and IPAre Your Most Valuable Assets
  3. 3. In June 2015, IDC released a report which found that most customers can be more secure in AWS than their on-premises environment. How? Automating logging and monitoring Simplifying resource access Making it easy to encrypt properly Enforcing strong authentication AWS Can Be More Secure Than Your Existing Environment
  4. 4. AWS and You: Shared Responsibility for Security
  5. 5.  AWS CloudTrail lets you monitor and record all API calls  Amazon Inspector automatically assesses applications for vulnerabilities  VPC Flow Logs provides details about traffic flowing in and out of your VPC  AWS Config gives an inventory of your AWS account and visibility into changes Leverage AWS services to have constant visibility into what is going on in your AWS account: Constantly Monitor Your Environment
  6. 6.  43 Availability Zones in 16 regions for multi-synchronous geographic redundancy  Retain control of where your data resides for compliance with regulatory requirements  Use AWS Shield to protect your infrastructure and applications from DDoS attacks  Implement server side or client side encryption to protect the data you store in AWS Implement data protection to meet your security requirements Control and Protect Your Data
  7. 7.  Integrate your existing Active Directory  Use dedicated connections as a secure, low-latency extension of your data center  Provide and manage your own encryption keys if you choose  Implement partner security solutions in the customer portion of the shared responsibility model AWS enables you to improve your security using many of your existing tools and practices Integrated with Your Existing Resources
  8. 8. Key AWS Certifications and Assurance Programs
  9. 9. Trend Micro Deep Security Zack Milem, Cloud Solutions Architect, Trend Micro
  10. 10. Traditional on-premises security is applied at the perimeter On-Premises Security
  11. 11. Workload-Centric Security Protect dynamic environments with Trend Micro Deep Security’s workload-centric automated protection
  12. 12. Challenges Having the right tools for the job Managing the pace of change in cloud Filling the cybersecurity skills gap
  13. 13. Right Tools for the Right Job  Eliminate the manual work involved with applying security policies to workloads  Gain a comprehensive suite of security tools  Make the most out of your current tools while “aging out” legacy software
  14. 14. Response & Containment Intrusion Prevention Integrity Monitoring Anti-Malware & Content Filtering Machine Learning Sandbox Analysis Application Control Behavioral Analysis Cloud Integrated Tools Trend Micro offers a unique blend of cross-generational threat defense techniques
  15. 15. Manage the Pace of Change of the Cloud   
  16. 16. Eliminate the Cyber Security Skills Gap   
  17. 17. Deep Security for AWS Breadth  Layered protection with one enforcement point  Designed for cloud and hybrid environments  Accelerated compliance Performance  Optimized for AWS  Fastest server IPS  Purchasing speed and flexibility  Multi-platform Application Control built for DevOps Architecture  Protection close to server  Designed for automation and easy deployment  Connected across Trend Micro products (SPN, ZDI)
  18. 18. Trend Micro Deep Security Use Cases       
  19. 19. LEGEND Known Good Known Bad Unknown Anti-Malware & Web Reputation Intrusion Prevention (IPS) & Firewall Integrity Monitoring & Log Inspection Application Control Safe files & actions allowed Malicious files & actions blocked Machine Learning Behavioral Analysis Custom Sandbox Analysis SOON! Protect Against Advanced Threats NEW! NEW! NEW!
  20. 20. Eliminate Manual Security Processes  Get full visibility across environments  Automatically scale up and down  Scan for vulnerabilities & recommend or apply security based on policy  Install security controls for maximum performance  Bake security into workloads
  21. 21. Eliminate Security Silos
  22. 22. Reduce Deployment Complexity Support for leading orchestration tools and automation PowerShell
  23. 23. Streamline Information Sharing
  24. 24. Prevent Ransomware  Stop ransomware on servers with advanced anti-malware  Lock down servers with application control  Shield from network attacks with IPS  Stop lateral movement and detect command & control traffic
  25. 25. Accelerate Security & Compliance 8 of 12 requirements 10 of 20 requirements 6 of 10 requirements
  26. 26. Customer Success Story: Essilor Tanweer Surve, Director of Infrastructure Shared Services, Essilor
  27. 27.  The world’s leading ophthalmic optic company  Revenue of €7.1 billion in 2016  Varilux®, Crizal®, Transitions®, Eyezen™, Xperio®, Foster Grant®, Bolon™ and Costa®  70,000 people globally across 100 countries, 33 plants, & 500 laboratories  5 years in a row, Essilor has made it on to Forbes magazine. Ranks - 23rd most innovative company in the World, the 5th in Europe, and the 2nd in France.  Listed on CAC 40 and included in Euro Stoxx 50 About Essilor
  28. 28. Essilor Environment   Goal: To modernize data centers on cloud to lower cost, and improve performance and overall efficiency
  29. 29. Why Did We Choose AWS?  Simplicity of acquisitions, on-boarding, and consolidation effort  Deployment speed, agility and scalability  Automatic scaling and high availability  Regulatory compliance requirement – PCI & HIPPA
  30. 30. Overcoming Cloud Security Challenges 1. Having the right tools for the right job 2. Managing the pace of change in the cloud 3. Filling the cybersecurity skills gap
  31. 31. Having the right tools for the right job  Challenge: Too many tools that don’t work in the cloud  Integration with cloud service provider  Automation is critical – Create a template so that any instance deployed has Deep Security put into place
  32. 32. Managing the pace of change in cloud  Challenge: Things move fast in the cloud, security needs to keep pace  Cultivating a DevSecOps culture  Single pane of glass view  Real-time view and the instant insight you need
  33. 33. Lack of Skills and Resources  Challenge: Small security team doing a lot of different tasks  Getting the right training and understanding  Gaining complete management and visibility in a single pane of glass
  34. 34. Evaluating Security Solutions  Objectives – Integration with AWS – Acceleration of cloud adoption – Ease of use & deployment flexibility – Proactive & complete protection – Consolidated billing through AWS Marketplace
  35. 35. Results of AWS + Deep Security  Investment costs justified  Huge productive and performance gain  Reduce potential risks  Administrative overhead reduction  Centralized dashboard  Increased speed to market
  36. 36. Advice on Securing Cloud Instances  What worked/didn’t work with your cloud migration? – Host-based security could be new to you – agent to agentless back to agent again  What questions should you ask of your security vendor? – Do you have an APIs with AWS? – Will I have centralized visibility for my hybrid cloud environment?  What roadblocks should you look for? – Potential loss of visibility of the hypervisor which can be solved by moving to host-based security  When you move to the cloud, you still have security responsibilities as a customer
  37. 37. AWS and You: Shared Responsibility for Security
  38. 38. Next Steps for Essilor  Expanding AWS footprint with new acquisitions / on-boarding  Deploying Deep Security Solution through AWS Marketplace globally
  39. 39. Q & A

×