In dynamic cloud environments, many organizations have a need to implement a unified threat management solution that enhances visibility across their workloads. Learn how REAN Cloud adopted Sophos Unified Threat Management (UTM) for increased simplicity, visibility, and security of their AWS workloads. Sophos is an Advanced Technology Partner in the AWS Partner Network that provides a reliable, unified security solution capable of scaling to meet the agility and speed of the AWS Cloud. Join the upcoming webinar to hear Sri Vasireddy from REAN Cloud, Bryan Nairn from Sophos, and Nick Matthews from AWS discuss security innovations on the AWS Cloud. Join us to learn: • Why Sophos end user REAN Cloud trusts Sophos UTM for simplicity, visibility and security. • How easy it can be to protect your AWS workloads, with a proven and scalable solution designed for the AWS Cloud. • AWS security innovations, including support across multiple Availability Zones and UTM Auto Scaling.
Who should attend: Security Managers, Security Engineers, Security Architects, IT System Administrators, System Administrators, IT Administrators, IT Managers, DevOps, Architects, IT Architects, IT Security Engineers, Business Decision Makers
2. $6.53M 56% 70%
Increase in theft of hard
intellectual property
Of consumers indicated
they’d avoid businesses
following a security breach
Average cost of a
data breach
Your Data and IP are Your Most Valuable Assets
https://www.csid.com/resources/stats/data-breaches/ http://www.pwc.com/gx/en/issues/cyber-
security/information-security-survey.html
https://www.csid.com/resources/stats/data-breaches/
3. In June 2015, IDC released a report which found that most customers
can be more secure in AWS than their on-premises environment. How?
Automating logging
and monitoring
Simplifying
resource access
Making it easy to
encrypt properly
Enforcing strong
authentication
AWS Can Be More Secure Than Your Existing
Environment
4. AWS and You Share Responsibility for Security
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer applications & content
You get to
define your
controls ON
the Cloud
AWS takes
care of the
security OF
the Cloud
You
Inventory
& Config
Data
Encryption
5. Constantly Monitored
The AWS infrastructure is protected by extensive network and security
monitoring systems:
Network access is monitored by AWS
security managers daily
AWS CloudTrail lets you monitor
and record all API calls
Amazon Inspector automatically assesses
applications for vulnerabilities
6. Highly Available
The AWS infrastructure footprint protects your data from costly downtime
38 Availability Zones in 14 regions for
multi-synchronous geographic redundancy
Retain control of where your data resides
for compliance with regulatory requirements
Mitigate the risk of DDoS attacks using
services like AutoScaling, Amazon Route 53
7. Integrated With Your Existing Resources
AWS enables you to improve your security using many of your existing
tools and practices
Integrate your existing Active Directory
Use dedicated connections as a secure,
low-latency extension of your data center
Provide and manage your own encryption
keys if you choose
9. Sophos Security for AWS
Bryan Nairn, CISSP
Director of Product Marketing – Sophos
10. Introduction to Sophos
Recognized leader in Endpoint Protection, Mobile
Data Protection, and Unified Threat Management.
Long history of helping customer secure their
applications, data, endpoints, and networks—both
on-premises and more recently in the cloud.
Our solutions help secure more than 200,000
customers in over 150 countries.
Customers like Xerox, Under Armour, Pixar,
Northrop Grumman, Ford, Avis, and Amazon.
AWS Security Competency Partner
11. AWS and You Share Responsibility for Security
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer Applications & Content
You get to
define your
controls ON
the Cloud
AWS takes
care of the
security OF
the Cloud
You
Inventory
& Config
Data
Encryption
Sophos Host
Security
IPS NGFW OGW VPN WAF
12. Sophos UTM: Next Generation Firewall
Unified Threat Management (UTM) Next Generation Firewall – combines multiple security tools
into a single solution:
All in one solution that helps reduce complexity and save you money.
Infrastructure Protection Web Application Firewall
(WAF)
Intrusion Prevention System
(IPS)
Sandstorm Protection
(ATP and Cloud Sandboxing)
13. High Availability (HA) and redundancy supporting multiple
Availability Zones (AZ)
Auto Scaling WAF that automatically scales to inspect all
web traffic
Built in load balancer support for ELB and site-to-site VPN
configuration for VPC
CloudFormation templates that automatically deploy and
configure Sophos UTM
Sophos UTM on AWS
Sophos UTM is integrated with AWS services to make deployment and
management easy
Amazon Elastic
Load Balancing
AWS
CloudFormation
Amazon S3 Auto Scaling
14. Sophos UTM Deployment and Pricing
Deploy directly from AWS
Marketplace
Evaluate under free trial
Easy pay-as-you-go pricing
Leverage an existing
investment with bring-your-
own-license (BYOL) option
15. Sophos UTM Security: Inbound & Outbound Traffic
Elasticity for inbound WAF traffic
& outbound VDI traffic.
Supports VPC peering and solves
Transitive Peering problem.
Supports share services
architecture between multiple VPCs.
Provides redundancy and automatic failover of
routes across Azs.
Same solution used by Amazon for “Office in a Box.”
Steve Mueller’s presentation at re:Invent ISM403
https://www.youtube.com/watch?v=kawZBGCLBJU
16. Sophos UTM Deployment Options –
Single Instance HA
Availability Zone #1
Availability Zone #2
Sophos UTM
Sophos UTM
Stand Bye (HA)
Instances
Instances
ELB
19. Amazon Office in a Box
Amazon
Corp Net
Secure protocols, analogous to VPN
(SSL and PCoIP w/ IPSec AES-265)
Kerberos/TGT ticket
Streaming gateway IP
US East Amazonians
Amazon
Corp servers
Active
directory
MFA 10.x.x.x/8
Amazon-provided hardware
Access from Corp (wired, wireless, VPN)
Internet
Users
20. Amazon Office in a Box
How client traffic flows
1) Client authenticates (AD and MFA)
via Authentication Gateway (SSL)
2) Client brokers desktop session with
Session Gateway (SSL)
3) Client accesses desktop through
Streaming Gateway (PC oiPvs IPSec
AES-256)
10.44.208.0/20
US East-1
KEY POINT
All corporate network access
untrusted prior to filtering
VGW
Source
filtering
by IP
Transit
WorkSpaces
Amazon.com VPC
InfoSec Logging
Zero Client
Gateway
Authentication
Gateway
Session
Gateway
Streaming
Gateway
WorkSpaces Service Broker
A) AWS-managed (public)
B) Customer-managed (public or private)
Regional proximity
Tie into corp via DX
Use existing IP space
Restrict corp network access
Sophos
AB
Internet
22. Established: 2013
Presence: USA and India
Number of Employees: 200+
AWS Certifications: 100+
(including 10+ Professional
Certifications)
Management team consisting of executives formerly from
Fortune 500 Enterprises - AWS, Amdocs, Merck, and
Cognizant with deep AWS cloud computing experience
Recognized by TechTarget as the top AWS Partner
providing innovative DevSecOps services
24x7 follow the sun model with offices around the world
with continuous operations in multiple time zones - EST,
PST, and IST
REĀN Organization Profile
24. REĀN
services
Business
consulting
Infra
services
REĀN Service Offering
REĀN Enterprise Cloud Management (ECM) Portfolio
ROI & Business Case
Justification
Cloud Adoption
Strategy
Security & Risk
Assessment
DR & Business
Continuity
Planning (BCP)
Cloud
Architecture
Devops
Strategy
Account
Management
Governance &
Compliance
Cloud Operations Strategy
Migration
Native AWS
Apllication
Development
Devops
(CD | CI)
Implementation
Billing as a
Service
Secure
Infrastructure
Setup
Managed Cloud
Services
AWS Infrastructure Hybrid On-prem Infrastructure
25. Roles and Responsibilities
Provides compute, network,
storage infrastructure
Provides UTM applianceProvides design and integration
services to secure infrastructure
using UTM appliance
26. REĀN Secure VPC Framework
BrowserMobile client
Users
Internet
HTML5VPNconnection
IPSecVPNconnection
Disk
encryption
key
Corporate Data Center
Administrators
DMZ
Continuous
monitoring
Access
policy
Auto scaling group
App tier
AZ-1
AZ-1
ElastiCache tier Amazon RDS
Web server Web server
App server App server
31. Next Steps
Try out the REAN Cloud UTM Test Drive
powered by Sophos
– http://www.reancloud.com/test-drive/rean-utm/
Promotion for Webinar Attendees
– Purchase Sophos UTM through REAN Cloud and
we will configure it for Auto-Scaling for you for free.