Managing Cloud Security:Intrusion Detection in PublicCloud Environments
Introduction• About the presenter   − Misha Govshteyn   − Founder & VP of Emerging Products at Alert Logic• Our topic toda...
Datapipe Cloud Services Stack                  3
Comprehensive Security IDS 2 Factor Authentication                     “Strong security controls are a Vulnerability Scann...
Why detect intrusions? Do you want to know if your webservers are making connections to botnet command & control servers? ...
Broad Cloud Adoption: Inhibitors                       6
Public Cloud Security ComplexitySecurity solutions must be built specifically for public cloud                      elasti...
AWS environment challenges    1    • Lack of network introspection facilities such as SPAN    2    • Ephemeral networking ...
Soft-Tap ArchitectureUnique approach to network security monitoring in EC2eth0                 eth0                 eth0  ...
Alert Logic for Amazon EC2 Enabling:                                                     IDS for        LM for        VA f...
Components  Customer EC2 Environment        Collection/Cloud Management System       Security Portal                      ...
Datapipe IDS for EC2: Setup Process                                API         TM        LM   SOC                         ...
Attack Scenario               SQL Injection               Attack               (this time               unsuccessful)    A...
What happens next Incident identified    Threat level   by correlation      escalated to 60       engine            out of...
Availability• In beta today with select customers• Available as a managed service for AWS customers  exclusively through D...
Upcoming SlideShare
Loading in …5
×

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

5,602 views

Published on

With the rapid growth of online commerce, the challenge to secure and monitor internal and customer-facing websites, card processing systems and other critical infrastructure has never been greater. Deploying full-featured intrusion detection in a public cloud has been challenging – the network models and multi-tenancy of public clouds do not make deep network services easy to deploy. Misha Govshteyn, VP of Emerging Products at Alert Logic will present a new approach for a an IDS solution in a public cloud.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,602
On SlideShare
0
From Embeds
0
Number of Embeds
38
Actions
Shares
0
Downloads
121
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Cloud Security Topics: Network Intrusion Detection for Amazon EC2

  1. 1. Managing Cloud Security:Intrusion Detection in PublicCloud Environments
  2. 2. Introduction• About the presenter − Misha Govshteyn − Founder & VP of Emerging Products at Alert Logic• Our topic today: − Deploying Network Intrusion Detection technologies in Amazon EC2 environment 2
  3. 3. Datapipe Cloud Services Stack 3
  4. 4. Comprehensive Security IDS 2 Factor Authentication “Strong security controls are a Vulnerability Scanning requirement for many mission-critical IT Integrity Monitoring workloads. Customers demand that service providers Configuration Assessment (Tripwire) address security as they move Firewall IT infrastructure to fully elastic public cloud environments” Antivirus Web Application Firewall - Joel Friedman, Datapipe CSO TDE – Transparent Database Encryption 4
  5. 5. Why detect intrusions? Do you want to know if your webservers are making connections to botnet command & control servers? Do you want to know if someone is running a vulnerability scan on you without your knowledge? Do you trust that your development teams and software vendors have eliminated 100% of SQL injection or other common attacks? 5
  6. 6. Broad Cloud Adoption: Inhibitors 6
  7. 7. Public Cloud Security ComplexitySecurity solutions must be built specifically for public cloud elastic scaling utility management pricing automation PUBLIC CLOUD SECURITY REQUIREMENTS = managed self-service operations provisioning Traditional “Big Box” third-party ownership Security Appliances are Dead Page 7 7
  8. 8. AWS environment challenges 1 • Lack of network introspection facilities such as SPAN 2 • Ephemeral networking means IP addresses cannot be used as host identifiers • Services must be tightly coupled to provisioning systems 3 via API to support auto-scaling and role-based management Building a scalable security cloud service requires new solutions specifically designed to operate for cloud environments 8
  9. 9. Soft-Tap ArchitectureUnique approach to network security monitoring in EC2eth0 eth0 eth0 eth0 eth0 Soft Soft Soft Soft Tap Tap IDS Tap Tap eth1 vpn eth1 vpn eth1 vpn vpn eth1 vpn eth1 VPN Transport 9
  10. 10. Alert Logic for Amazon EC2 Enabling: IDS for LM for VA for • Traffic monitoring via Cloud Cloud Cloud software-based network taps • Log collection via a software agents • Virtual appliances based data collection Virtual Appliances & Host Agents • Host agents that continuously track the state of monitored instances • Automated software and configuration Management API deployment via internal management APIs • Multi-tenant aware provisioning API for integration with service provider Provisioning API Provides: • Auto-scaling by tracking IP addresses of protected hosts • Load balancing & fail over between appliances • Transport-level data encryption • Centralized resource authorization via certificates for Amazon Web Services Page 10
  11. 11. Components Customer EC2 Environment Collection/Cloud Management System Security Portal Incident 11
  12. 12. Datapipe IDS for EC2: Setup Process API TM LM SOC Integration UI CMSDeploy certificates + + +Install softwarepackages andvirtual appliances VPN Transport
  13. 13. Attack Scenario SQL Injection Attack (this time unsuccessful) Attacker (me) VPN Transport 13
  14. 14. What happens next Incident identified Threat level by correlation escalated to 60 engine out of 100 Notification sent Incident to Datapipe investigated by security Alert Logic SOC Incident remediated by Attacker blocked Datapipe security at the firewall team 14
  15. 15. Availability• In beta today with select customers• Available as a managed service for AWS customers exclusively through Datapipe in early 2012 • RightScale enabled: bundled into ServerTemplates for automation • Auto-scaling support coming soon• Available as a self-service solution for AWS and other public clouds from Alert Logic in 1H 2012 Questions? Contact: @mgbits 15

×