You might think it’s impossible to achieve NIST 800-53 high impact controls in your environment but with AWS and Trend Micro you can achieve this seemingly impossible mission, even in hybrid environments. Learn how to leverage AWS and Trend Micro security controls to retain logs, control access to systems or monitor changes and more and how to automate everything using technologies like AWS CloudFormation. Join this session and get a peek at the inner workings of the AWS & Trend Micro Quick Start Reference Deployment Guide for NIST 800-53 that can help you quickly deliver high-impact controls in an automated, repeatable fashion.
2. Why we’re here today
• Learn how to implement NIST SP 800-53 (rev 4)
High Impact security controls with AWS & partner technology
• Provide reusable building blocks and sample code
• Demonstrate automated deployment and integration of
multiple technologies
Mission:PossibleImpossible
3. What are the challenges of
achieving NIST high impact
security controls on AWS?
4. AWS and you share responsibility for security
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer applications & content
You get to
define your
controls ON
the Cloud
AWS takes
care of the
security OF
the Cloud
You
Inventory
& Config
Data
Encryption
9. AWS Identity & Access Management (IAM)
What is configured?
Base security, IAM and access configuration
for AWS account
Why?
• Manage user access
• Programmatically implement controls for
machines, roles, groups, data access
Control Families
• Access Control
• Audit & Accountability
• Configuration
Management
• Contingency Planning
• Identification &
Authentication
• System &
Communications
Protection
• System & Information
Integrity
CREATE_IN_PROGRESSCREATE_COMPLETE
10. AWS CloudTrail
What is configured?
Define S3 bucket, versioning enabled,
capture all events
Why?
• Automated audit of infrastructure and
change management
Control Families
• Access Control
• Audit & Accountability
• Configuration
Management
CREATE_IN_PROGRESSCREATE_COMPLETE
11.
12. Amazon SNS, AWS CloudWatch
What is configured?
Security alarms and notifications
Why?
• Automated exception notification and
configurable alarms
• Triggering incident response
Control Families
• Access Control
• Audit & Accountability
• Configuration
Management
CREATE_IN_PROGRESSCREATE_COMPLETE
13. VPC, NACL, Security Groups
What is configured?
Provides networking configuration for a standard
management VPC, enforces traffic with NACL
Why?
• Programmatic delivery of network infrastructure
and access controls
Control Families
• Access Control
CREATE_IN_PROGRESSCREATE_COMPLETE
14.
15. IAM,
AWS CloudTrail,
Amazon SNS,
Amazon VPC,
NACL
Infrastructure
security
Cloud
Infrastructure
Operating
System
Data
Applications
FileSecurityNetwork
Security
Log Inspection and
Application Scanning
Anti-malware and
Integrity Monitoring
Intrusion prevention,
Firewall
19. Management and Visibility
What is configured?
Deploys Deep Security Manager to AWS
Why?
• Visibility of EC2 resources
• Single console with integrated threat
information
Applicable Controls
• Access Control
• Audit & Accountability
• Incident Response
• Risk Assessment
• System &
Communications
Protection
• System & Information
Integrity
CREATE_IN_PROGRESSCREATE_COMPLETE
20. File Controls
What is configured?
Anti-Malware, Integrity Monitoring, Log Inspection
Why?
• Discover and block malicious code
• Monitor files for changes
• Inspect existing logs for indications of unusual
activity
Applicable Controls
• Audit & Accountability
• Configuration
Management
• System & Information
Integrity
Applicable Controls
• Audit & Accountability
• Security Assessment
& Authorization
• Configuration
Management
• System & Information
Integrity
CREATE_IN_PROGRESSCREATE_COMPLETE
21. Network Controls
What is configured?
Intrusion detection & prevention, Firewall
Why?
• Add additional stateful controls to enhance
security groups and NACLs
• Add layer 7 visibility and inspection
Applicable Controls
• Security Assessment
& Authorization
• Audit & Accountability
• Configuration
Management
• Contingency Planning
• Identification &
Authentication
• System &
Communications
Protection
• System & Information
IntegrityCREATE_IN_PROGRESSCREATE_COMPLETE
24. Why use it?
• Infrastructure
as code
• Repeatable
• Audit baseline
AWS CloudFormation
25. Third party integration with CloudFormation
If you can’t automate
3rd party products
with
AWS CloudFormation
They aren’t
built for AWS
26. AWS + Trend Micro Enterprise Accelerator:
NIST 800-53 High Impact Controls
• Adds additional coverage for High Impact controls
• Design philosophy
• NIST SP 800-53 (r4) security controls best practices
• Sample implementation for many different resource
types and hundreds of controls
• Plug and play sub-templates to fit your requirements
Mostly talking today about controls above the line
Massively grey area – we don’t know what to do
Delivering guidance and usage examples for configuration of services
Technology that stretches assistance above the line
Alarms and triggering incident response
Unauthorized access
Changes to security groups
[if
Top cell: Should read: Amazon EC2 Instances, Availability Zones, Amazon RDS Databases, and Auto Scaling
· Second cell down: Should read: Elastic Load Balancing load balancers, Amazon S3 Bucket Policies, Security Groups, Amazon SNS, Amazon SQS, Amazon Cloud Watch
· Bottom cell: Third line of text onward should read: and AWS Service Catalog constraints