AWS offers extensive logging capabilities with services including Amazon Simple Storage Service (S3), Amazon Elastic Load Balancing (ELB), and Amazon CloudTrail. Yet when meeting compliance standards such as the Payment Card Industry Data Security Standard (PCI DSS), it can be challenging to process a large amount of log data in a short amount of time to produce audit-ready reports. USM Anywhere from AlienVault provides a comprehensive threat detection and compliance solution for monitoring cloud and on-premises environments. Join our webinar to hear from security experts from AWS and AlienVault, along with AlienVault customer CeloPay, who will discuss the essential compliance capabilities provided by the AlienVault solution.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
December 5, 2017 | 8:00 AM PT
How to Achieve PCI DSS
Compliance on AWS
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.

2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Today’s Presenters
Scott Ward, Solutions Architect, Amazon Web Services
Ryan Leatherbury, Product Manager, AlienVault
Jason Harper, CEO & Founder, CeloPay

3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Today’s Agenda
• Security on AWS
• AlienVault USM Anywhere for AWS workloads
• Case Study: CeloPay
• Q&A/Discussion

4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Learning Objectives
• How AWS enables you to build a secure platform
• How AlienVault can help you simplify security monitoring
and compliance on AWS
• How AWS and AlienVault customer CeloPay transformed
their PCI DSS compliance efforts with AlienVault USM
Anywhere

5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security and Compliance on AWS

6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
$6.53M 56% 70%
Your data and IP are your most valuable assets
https://www.csid.com/resources/stats/data-breaches/
Increase in theft of hard
intellectual property
http://www.pwc.com/gx/en/issues/cyber-
security/information-security-survey.html
Of consumers indicated
they’d avoid businesses
following a security breach
https://www.csid.com/resources/stats/data-
breaches/
Average cost of a
data breach

7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How?
AWS can be more secure than your existing environment
Automating logging
and monitoring
Simplifying
resource access
Making it easy to
encrypt properly
Enforcing strong
authentication

8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer applications & content
You get to
define your
controls ON
the Cloud
AWS takes
care of the
security OF
the Cloud
You
Inventory
& Config
Data
Encryption
AWS and you share responsibility for security

9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Leverage AWS services to have constant visibility into what is going on in
your AWS account:
 AWS CloudTrail lets you monitor
and record all API calls
 Amazon Inspector automatically assesses
applications for vulnerabilities
 VPC Flow Logs provides details about traffic
flowing in and out of your VPC
 AWS Config gives an inventory of your AWS
account and visibility into changes
Constantly Monitor Your Environment

10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Implement data protection to meet your security requirements
• 44 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
 Retain control of where your data resides
for compliance with regulatory requirements
 Use AWS Shield to protect your infrastructure and
applications from DDoS attacks
 Implement server side or client side encryption to
protect the data you store in AWS
Control and Protect Your Data

11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS enables you to improve your security using many of your existing
tools and practices
• Integrate your existing Active Directory
• Use dedicated connections as a secure,
low-latency extension of your data center
• Provide and manage your own encryption
keys if you choose
• Implement partner security solutions in the
customer portion of the shared responsibility model
Integrated with your existing resources

12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Our Audit and Certification Approach
70+
services
7,710 Audit
Artifacts
2,670
Controls
3,030 Audit
Requirements https://aws.amazon.com/compliance/

13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Compliance
AWS Artifact
Speeding Access to Compliance
Reports
Get the answers you need to how
AWS is addressing compliance

14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability Zones
Edge Locations
Customers
You can build end-to-end compliant solutions
• Culture of security and continual
improvement
• Ongoing audits and assurance
• Protection of large-scale service
endpoints
• Achieve PCI, HIPAA and MPAA
compliance
• Certify against ISO27001 with a
reduced scope
• Have key controls audited or
publish your own independent
attestations
• Use partner solutions to help with
compliance
Your own compliant
solutions
Your own 27001 and
9001 certifications
Your own financial or
SOC audits if you are a
service provider

15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Foundation Services
Encryption Key
Management
Client and Server
Encryption
Network Traffic Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer contentCustomers
Security is Shared Between AWS and Customers
Fits Here

16. Jeff Olen, Senior Product Manager, AlienVault
Kate MacLean, Senior Product Marketing Manager, Cisco
How to Implement Effective
Security Monitoring for AWS
Environments
Ryan Leatherbury, AlienVault Product Manager

17. PCI Objective
Asset
Discovery
Vulnerability
Assessment
Security
Monitoring
Intrusion
Detection
Event / Log
Management
Build and maintain a secure
network & systems
Protect Cardholder Data
Maintain a Vulnerability
Management Program
Implement Strong Access
Control Measures
Regularly Test & Monitor
Networks
Maintain an Information
Security Policy
PCI Compliance is Hard, and Requires Multiple
Solutions

18. Unified Security Management with Five Security Essentials
Vulnerability Assessment
Know where the vulnerabilities are to avoid easy
exploitation and compromise
Behavioral Monitoring
Identify suspicious behavior and potentially
compromised systems
Intrusion Detection
Know when suspicious activities happen in
your environment
SIEM Log Management
Correlate and analyze security event data from across
your network and respond
Asset Discovery
Know who and what is connected to your cloud or
on-premises environments at all times
Designed to natively monitor cloud
environments from a single cloud-
based pane of glass

19. Compliance Is Faster & Easier with USM
Anywhere
Streamline Compliance &
Security in One Solution
Continuous protection for your
cloud & on-premises environments
 Asset Discovery
 Vulnerability Assessment
 Intrusion Detection
 Incident Response
 SIEM & Log Management
 PCI, HIPAA & SOC 2 Certified
Automate Your Log
Collection & Analysis
• Collect, analyze, and report on
log data with up to 90 days of
online, searchable events.
• Be alerted to suspicious or
anomalous activities in your
environment.
• Store logs in our secure,
compliant log storage for 12 mos.
Accelerate & Maintain
Your Compliance
• Continuous security monitoring,
threat detection and automated
incident response
• Threat Intelligence from the
AlienVault Labs security
research team, delivered
automatically and continuously
updated.

20. Compliance Reporting out of the Box
Predefined, customizable reports for PCI DSS that map
directly to regulatory requirements,
• Event reports from your security tools such as firewalls,
and by key event types such as authentication
Customize alarm and event views, and save or
export them into new reports quickly, easily
Add visual elements for an executive-level summary
Integrity of raw log data is ensured with a “Write
Once, Ready Many (WORM)” method, and data is
timestamped as required by PCI DSS Section 10.4

21. AWS Integration

22. AUTOMATED ASSET DISCOVERY
Manage security the way your infrastructure is managed
AWS INFRASTRUCTURE ASSESSMENT
Double check configuration and detect changes
LOG MANAGEMENT & CORRELATION
Monitor your applications & systems for compliance & security
CLOUDTRAIL MONITORING & ALERTING
Notification of environmental changes & abuse
AWS Integration

23. Customer Story: CeloPay
About CeloPay
• Jason Harper, CEO & Founder
• Founded in 2011, CeloPay provides a
solution for businesses to securely
collect credit card information from their
customers
• AlienVault customer for 2 years

24. Customer Story: CeloPay
Key challenges:
• Security monitoring - manual log reviews
were cumbersome and susceptible to error
• PCI DSS Compliance
• Strong desire to do everything possible to
protect customer data from threats, not just
“checking the boxes” for compliance

25. Customer Story: CeloPay
We chose AlienVault USM because:
• Comprehensive product: One product, easy to use,
no integrations to worry about
• Ease of deployment: Deployed with internal
resources, no expensive services needed, up and
running quickly (under 2 hours)
• Affordable: Price point accessible to a small business
• Low maintenance: Because it is a SaaS-based
product, no maintenance or upgrades to manage

26. Customer Story: CeloPay
Benefits gained using USM include:
• Centralized Log Management: Ability to pull in
Amazon CloudTrail, Amazon S3 and other AWS logs
into one place for reporting and alerting
• PCI DSS Compliance: Makes it really simple to prove
compliance. Can produce what the auditor needs in
seconds - very powerful
• Full security visibility and intelligent alerting: No
longer reliant on manual log reviews to spot threats

27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Q & A

28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Next Steps and Further Information
Free Trial:
• Go to https://aws.amazon.com/marketplace/
• Search for “AlienVault”
Learn more about AlienVault on AWS:
• https://www.alienvault.com/
Try AWS for free:
• https://aws.amazon.com/

29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!