Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Securing Your Cloud       Servers with Halo NetSec       Rand Wacker       VP of Products       rand@cloudpassage.com     ...
CloudPassage Halo was              purpose-built to            deliver real security          for servers in the cloud.© 2...
What does CloudPassage do?                Security for virtual servers running                   in public and private clo...
CloudPassage Halo Packages                                   Halo Basic                       Free security for initial cl...
Cloud Requires A New      Approach to Security© 2012 CloudPassage Inc.
Cloud Security Is New                                    private datacenter                           www-1   www-2       ...
Cloud Security Is Different                                    private datacenter                           www-1   www-2 ...
Cloud Security Is Complex                                                                            www-7   www-8   www-9...
Security Products Aren’t Adapting                                                           Metered Usage                 ...
Cloud Security      Responsibility© 2012 CloudPassage Inc.
Cloud Security Responsibility                                                                             Responsibility  ...
Survey: Cloud Providers     Question: Which cloud hosting providers do you use?                                           ...
Survey: Cloud Security Practices                  Question: How do you secure your cloud servers today?                   ...
Survey: Cloud Security Concerns     Question: What security concerns are most important to you regarding     public cloud ...
Introducing Halo NetSec© 2012 CloudPassage Inc.
Halo NetSec provides     firewalling, 2-factor   authentication, and fullautomation for the protection       of cloud serv...
Halo NetSec:      Dynamic Cloud Firewall© 2012 CloudPassage Inc.
Traditional Perimeter Security                                      private datacenter                             App    ...
Dynamic Cloud Firewall                                      Load                                     Balancer             ...
Dynamic Cloud Firewall                                      Load                             Load                         ...
Dynamic Cloud Firewall                                      Load                             Load                         ...
Dynamic Cloud Firewall                                      Load                             Load                         ...
Multi-Cloud Firewall         App           App            DB                                        DB            App     ...
Multi-Cloud Firewall         App           App            DB                                        DB            App     ...
Halo NetSec:      GhostPorts 2-Factor      Authentication© 2012 CloudPassage Inc.
GhostPorts 2-Factor Auth        YubiKey-generated one-time                password   USB token contains no batteries      ...
GhostPorts 2-Factor Auth                                 DB                                Server                         ...
GhostPorts 2-Factor Auth                                         DB                                        Server         ...
GhostPorts 2-Factor Auth                                         DB                                        Server         ...
GhostPorts 2-Factor Auth                                 DB                                Server                         ...
© 2012 CloudPassage Inc.
Halo NetSec:      Integration API© 2012 CloudPassage Inc.
Halo Reduces Your Workload  Things you DON’T need to script with          CloudPassage Halo          Managed Automatically...
Adding New Server Accounts                                         www-1            www-2    Security   Operations     Por...
Other Cool Halo/API Tricks•   Set password reset requirements for a server user account.•   Find server accounts that dont...
CloudPassage Halo      Architecture© 2012 CloudPassage Inc.
How It Works                                          Halo• Halo Daemon                            Daemon                 ...
www-1   Alerts, Reports                                           www-1      www-2    and Trending                        ...
Getting Started© 2012 CloudPassage Inc.
CloudPassage Halo Packages                                   Halo Basic                       Free security for initial cl...
Features and Pricing                                               Basic        NetSec              Pro  Network Security ...
FREE 5 Minute Setup                  Register at           cloudpassage.com/register              Install daemons on cloud...
Summary                           Cloud deployments require a new                                 approach to security    ...
Q&A                  Rand Wacker                           rand@cloudpassage.com                           @randwacker© 20...
Thank You!                             For more information:                           info@cloudpassage.com© 2012 CloudPa...
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
Upcoming SlideShare
Loading in …5
×

Securing Your Cloud Servers with Halo NetSec

2,952 views

Published on

Published in: Technology
  • Be the first to comment

Securing Your Cloud Servers with Halo NetSec

  1. 1. Securing Your Cloud Servers with Halo NetSec Rand Wacker VP of Products rand@cloudpassage.com @randwacker© 2012 CloudPassage Inc.
  2. 2. CloudPassage Halo was purpose-built to deliver real security for servers in the cloud.© 2012 CloudPassage Inc.
  3. 3. What does CloudPassage do? Security for virtual servers running in public and private clouds Firewall Compromise & Management intrusion alerting Server Security & compliance Configurations auditing Server account Vulnerability Management Management© 2012 CloudPassage Inc.
  4. 4. CloudPassage Halo Packages Halo Basic Free security for initial cloud migrationsNEW Halo NetSec Full perimeter protection and security integration Halo Professional Comprehensive security and compliance controls© 2012 CloudPassage Inc.
  5. 5. Cloud Requires A New Approach to Security© 2012 CloudPassage Inc.
  6. 6. Cloud Security Is New private datacenter www-1 www-2 www-3 www-4 public cloud© 2012 CloudPassage Inc.
  7. 7. Cloud Security Is Different private datacenter www-1 www-2 www-3 www-4 www-4 public cloud© 2012 CloudPassage Inc.
  8. 8. Cloud Security Is Complex www-7 www-8 www-9 www-10 Cloud Provider B www-4 www-5 www-6 www-7 www-8 www-9 www-10 Cloud Provider A www-1 www-2 www-3 www-4 Private Datacenter© 2012 CloudPassage Inc.
  9. 9. Security Products Aren’t Adapting Metered Usage www-7 www-8 www-9 www-10 www-4 www-5 www-6 Cloud Provider B Temporary & Elastic Deployments Cloud Provider A www-1 www-2 www-3 Multiple Cloud Environments Private Datacenter© 2012 CloudPassage Inc.
  10. 10. Cloud Security Responsibility© 2012 CloudPassage Inc.
  11. 11. Cloud Security Responsibility Responsibility Data AWS Shared Responsibility Model Customer “…the customer should assume responsibility App Code and management of, but not limited to, the guest operating system.. and associated application software...” App Framework “it is possible for customers to enhance security Operating System and/or meet more stringent compliance requirements with the addition of… host Virtual Machine based firewalls, host based intrusion Responsibility detection/prevention, encryption and key Hypervisor Provider management.” Compute & Storage Amazon Web Services: Overview of Security Processes Shared Network Physical Facilities© 2012 CloudPassage Inc.
  12. 12. Survey: Cloud Providers Question: Which cloud hosting providers do you use? 50% 30% 16% 9% 6% Amazon EC2 Rackspace Terramark GoGrid Other© 2012 CloudPassage Inc. Source: CloudPassage CloudSec Community Survey
  13. 13. Survey: Cloud Security Practices Question: How do you secure your cloud servers today? Open source or custom-developed tools Commercial Tool Were not securing our cloud servers My provider does it for me Amazon Security Group Source: CloudPassage CloudSec Community Survey© 2012 CloudPassage Inc.
  14. 14. Survey: Cloud Security Concerns Question: What security concerns are most important to you regarding public cloud computing? Multiple ChoiceLack of perimeter defenses and/or network 44% control Multi-tenancy of infrastructure or 40% applications Achieving compliance with PCI or other 26% standards Provider access to guest servers 24% Enterprise security tools dont work in the 23% cloud© 2012 CloudPassage Inc. Source: CloudPassage CloudSec Community Survey
  15. 15. Introducing Halo NetSec© 2012 CloudPassage Inc.
  16. 16. Halo NetSec provides firewalling, 2-factor authentication, and fullautomation for the protection of cloud servers.© 2012 CloudPassage Inc.
  17. 17. Halo NetSec: Dynamic Cloud Firewall© 2012 CloudPassage Inc.
  18. 18. Traditional Perimeter Security private datacenter App DB App DB Server Server Load App Load App Balancer Server Balancer Server Firewall© 2012 CloudPassage Inc.
  19. 19. Dynamic Cloud Firewall Load Balancer FW Halo App App Server Server FW FW Halo Halo DB Master FW Halo public cloud© 2012 CloudPassage Inc.
  20. 20. Dynamic Cloud Firewall Load Load Balancer Balancer FW FW Halo Halo App App App Server Server Server FW FW FW Halo Halo Halo DB DB Master Slave FW FW Halo Halo public cloud© 2012 CloudPassage Inc.
  21. 21. Dynamic Cloud Firewall Load Load Balancer Balancer FW FW Halo Halo App App App Server Server App Server FW FW Server FW IP Halo Halo Halo DB DB Master Slave FW FW Halo Halo public cloud© 2012 CloudPassage Inc.
  22. 22. Dynamic Cloud Firewall Load Load Balancer Balancer FW FW Halo Halo App App Server Server App FW FW Server IP Halo Halo DB DB Master Slave FW FW Halo Halo public cloud© 2012 CloudPassage Inc.
  23. 23. Multi-Cloud Firewall App App DB DB App App Server Server Server Server FW FW FW FW FW FW Halo Halo Halo Halo Halo Halo US West Cloud US East Cloud Firewall DB DB Halo Halo Private Datacenter© 2012 CloudPassage Inc.
  24. 24. Multi-Cloud Firewall App App DB DB App App Server Server Server Server FW FW FW FW FW FW Halo Halo Halo Halo Halo Halo US West Cloud US East Cloud Firewall DB DB Halo Halo Private Datacenter© 2012 CloudPassage Inc.
  25. 25. Halo NetSec: GhostPorts 2-Factor Authentication© 2012 CloudPassage Inc.
  26. 26. GhostPorts 2-Factor Auth YubiKey-generated one-time password USB token contains no batteries or moving parts Prevent brute force attacks on SSH and web applications© 2012 CloudPassage Inc.
  27. 27. GhostPorts 2-Factor Auth DB Server FW Halo© 2012 CloudPassage Inc.
  28. 28. GhostPorts 2-Factor Auth DB Server FW Halo CloudPassa ge Halo https Halo Grid© 2012 CloudPassage Inc.
  29. 29. GhostPorts 2-Factor Auth DB Server FW Halo CloudPassa ge Halo https Halo Grid© 2012 CloudPassage Inc.
  30. 30. GhostPorts 2-Factor Auth DB Server FW Halo© 2012 CloudPassage Inc.
  31. 31. © 2012 CloudPassage Inc.
  32. 32. Halo NetSec: Integration API© 2012 CloudPassage Inc.
  33. 33. Halo Reduces Your Workload Things you DON’T need to script with CloudPassage Halo Managed Automatically Monitored Continually • Add new server to policy • Verify firewall rules match group policy • Remove firewall policies • Alert administrators of when servers are retired missing servers • Scan for vulnerabilities of • Monitor critical server installed software configuration files for packages security posture • Many, many more… • Many, many more…© 2012 CloudPassage Inc.
  34. 34. Adding New Server Accounts www-1 www-2 Security Operations Portal Halo Halo public cloud Enterprise Provisionin GhostPorts Access, Local g System Server Accounts CloudPassa ge Halo Corporate Directory RESTful API Gateway Halo Grid private datacenter© 2012 CloudPassage Inc.
  35. 35. Other Cool Halo/API Tricks• Set password reset requirements for a server user account.• Find server accounts that dont have passwords (it happens)• Find those spooky root-owned setuid files.• Generate alerts if PID files go missing.• Generate an alert if someone is in a group they shouldnt be in (like wheel).• Generate massively detailed reports of server configuration status for auditors (keep em busy for weeks).• Get a report of every server that a user *does not* have an account on.• Get a report of every server that a user has an account on.• Get alerted if a new cloud server gets created.• Learn what process that TCP/IP port is bound to.• Make sure that init.d startup scripts cant be tampered with by non-root users.• Make sure that services are not running with excessive privileges.• Monitor servers to detect old user accounts that should have been cleaned up, but might have gotten missed. Many, many more at community.cloudpassage.com© 2012 CloudPassage Inc.
  36. 36. CloudPassage Halo Architecture© 2012 CloudPassage Inc.
  37. 37. How It Works Halo• Halo Daemon Daemon www-1 – Ultra light-weight software – Installed on server image Halo – Automatically provisioned www-1• Halo Grid – Elastic compute grid – Hosted by CloudPassage – Does the heavy lifting for the Halo Daemons Halo Grid© 2012 CloudPassage Inc.
  38. 38. www-1 Alerts, Reports www-1 www-2 and Trending www-3 www-4 Halo Halo Halo Halo User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid© 2012 CloudPassage Inc.
  39. 39. Getting Started© 2012 CloudPassage Inc.
  40. 40. CloudPassage Halo Packages Halo Basic Free security for initial cloud migrationsNEW Halo NetSec Full perimeter protection and security integration Halo Professional Comprehensive security and compliance controls© 2012 CloudPassage Inc.
  41. 41. Features and Pricing Basic NetSec Pro Network Security New! Host Firewall Management ✔ ✔ ✔ GhostPorts Multi-Factor Authentication ✔ ✔ Host Security Server Exposure Monitoring ✔ ✔ ✔ Software Vulnerability Monitoring ✔ ✔ ✔ Account & Access Scanning ✔ ✔ ✔ Cloud Server Event Logging & Alerting ✔ ✔ ✔ File Integrity Monitoring ✔ Data Storage One day Two years Two years (FW events) (All scans) Maximum Scanning Frequency Daily Daily Hourly Integration, Management Support Web Management Portal ✔ ✔ ✔ RESTful API Access ✔ ✔ Professiona Technical Support Community Professional l Servers Protected Up to 25 Unlimited Unlimited Pricing FREE 3.5¢/hour 10¢/hour
  42. 42. FREE 5 Minute Setup Register at cloudpassage.com/register Install daemons on cloud servers Configure security policies in Halo web portal© 2012 CloudPassage Inc.
  43. 43. Summary Cloud deployments require a new approach to security Halo is the only security platform purpose-built for the cloud All you need to secure your cloud servers© 2012 CloudPassage Inc.
  44. 44. Q&A Rand Wacker rand@cloudpassage.com @randwacker© 2012 CloudPassage Inc.
  45. 45. Thank You! For more information: info@cloudpassage.com© 2012 CloudPassage Inc.

×