stackArmor Security MicroSummit - Next Generation Firewalls for AWS

•Download as PPTX, PDF•

0 likes•378 views

stackArmor Security MicroSummit How to select a Next Generation Firewall by Palo Alto Networks: Ed Caswell from Palo Alto Networks will talk about how to select and deploy a next generation firewall. He will cover the topics described below. Understand key threats and use cases for NGFW : Understand the threat vectors and use cases that are driving NGFW adoption. Key features and benefits of NGFW : Understand key capabilities and the protections that are delivered for cloud hosting environments. NGFW Best Practices : Common deployment models and cloud-architecture best practices for security focused organizations leveraging cloud platforms such as AWS.

Technology

Ed Caswell
Consulting Engineer
Palo Alto Networks
Securing the Public Cloud
AWS Deployment Scenarios

4 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Region 1
Web farm Web farm
Internal
ELB
AZ1 AZ2
External ELB

CloudFormation Template: Automates full
use case deployments
S3: AWS service where bootstrapping files
are stored
CloudWatch: Consumes metrics and makes
intelligent scale in/out decisions
Lambda: Code as a service pushes custom
metrics to CloudWatch via XML API
Auto Scale Groups (ASG): The firewalls are
members of an ASG that scales in/out based
on custom metrics
PAN-OS Bootstrapping: Automates
creation of fully configured firewall
PAN-OS API: enables delivery of custom
metric to CloudWacth
Panorama: Optional but highly
recommended to simplify VM-Series
management
Native AWS and PAN-OS/VM-Series Services Used
5 | © 2015, Palo Alto Networks. Confidential and Proprietary.
AWS Services PAN-OS/VM-Series Services

Region 1
AZ1
External ELB
AZ2
Internal ELB
Web ASG
1
CFT deploys
base topology
ASG1
2 Initial firewalls are
bootstrapped from S3
ASG2
Bootstrapping adds
VM-Series firewalls to
Panorama
Auto Scaling the VM-Series on AWS
6 | © 2016, Palo Alto Networks. Confidential and Proprietary.

Region 1
AZ1
External ELB
AZ2
Internal ELB
Web ASG
ASG1
3
Standard metrics
sent to CloudWatch
4
Alarm triggers
ASG scale out
ASG2
Auto Scaling the VM-Series on AWS
7 | © 2016, Palo Alto Networks. Confidential and Proprietary.

Region 1
AZ1
External ELB
AZ2
Internal ELB
Web ASG
ASG1
5 l function collects
PAN-OS metrics via API
Custom metrics
sent to
CloudWatch
6
7
Alarm triggers FW
ASG scale events
ASG2
Bootstrapping
continues to add
FWs to Panorama
l Function
removes FWs
from Panorama
Auto Scaling the VM-Series on AWS
8 | © 2016, Palo Alto Networks. Confidential and Proprietary.

Region 1
AZ1
IELB VIP 1 IELB VIP 2
AZ2
Web ASG
ASG1 ASG2
8
l function monitors
for ELB VIP changes IELB VIP 3
9 l function deploys new
ASG with NAT rule for new VIP
ASG3
IELB VIP 4
ASG4
External ELB
Internal ELB
Auto Scaling the VM-Series on AWS
9 | © 2016, Palo Alto Networks. Confidential and Proprietary.

Securing one VPC
IPSec VPN
DC-FW1
DC-FW2
AZ1b
Web1-01
Web1-02

AZ1c
Securing one VPC
AZ1b
IPSec VPN
DC-FW1
DC-FW2
Web1-01
Web1-02
Web2-01
Web2-02
IPSec VPNs

Securing lots of VPCs
DC-FW1
DC-FW2
Marketing App
HR App
QA Environment
Dev Environment

Region
Services VPC
Subnet 1
Availability Zone 2
Availability Zone 1
Subnet 2
Region
Subscribing VPC
Subnet 1
Availability Zone 2
Availability Zone 1
Subnet 2

Region
Services VPC
Subnet 1
Availability Zone 2
Availability Zone 1
Subnet 2

DC-FW1
DC-FW2
Services VPC + Hybrid + Internet Gateway

DC-FW1
DC-FW2
LOTS more scale
Direct Connect
Location
Service Provider Links

stackArmor MicroSummit Securing the AWS Environment by McAfee: Larry Kovalsky will cover topics relevant to securing the AWS hosting environment for compliance and security focused customers. He will cover the topics described below. Endpoint Focused : McAfee Public Cloud Security Suite – Workload Discovery, Visibility, and Comprehensive Threat Protection for AWS Network Focused : McAfee Virtual Network Security Platform – Network intrusion prevention featuring advanced signature-less detection techniques and true East/West IPS/prevention capabilities within AWS. Data Focus : Pervasive Data Protection Suite – Visibility, Encryption, Data Loss Prevention, Web/Cloud Access Service Broker (CASB) protection. Follow the data between on-prem and AWS.

stackArmor Security MicroSummit - AWS Security with Splunk

Gaurav "GP" Pal

Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...

Amazon Web Services

The document provides an overview of the Amazon Inspector security assessment service. It discusses how Amazon Inspector can automate vulnerability assessments for DevSecOps workflows, complementing AWS's shared security model. The session demonstrates how to quickly assess an entire Amazon EC2 fleet using Amazon Inspector, tailor assessments by tuning rules and schedules, and scale assessments using CloudFormation templates.

Amazon EC2

Amazon Web Services

The document provides an overview of Amazon EC2 purchasing options including On-Demand, Reserved, and Spot instances. It discusses using the different options for various workload types and provides examples of how companies from different industries utilize the different purchasing models. The key models are: On-Demand for short term needs, Reserved for steady state workloads to get discounts for long term commitments, and Spot for flexible workloads that can be interrupted. It also emphasizes having a balanced approach across the different options.

Migrating the GoPro Plus Cloud Service to Amazon ECS

Amazon Web Services

The document summarizes GoPro's migration of their Plus platform from a third-party worker solution to using Amazon ECS. Some key points: 1. They moved all worker services running on Auto Scaling Groups to ECS in under a quarter for improved deployment processes, cost savings, and stability. 2. Using Terraform they defined all infrastructure as code for a more consistent and automated migration. 3. They implemented container tagging, auto-scaling based on queue size and CPU utilization, and container instance draining for smoother deployments. 4. GoPro realized significant cost savings by gaining better utilization compared to keeping minimum instances, improved metrics and monitoring, and developer and operations happiness with the

Strengthening Operations with Splunk and AWS CloudTrail

Alan Williams

The document discusses using AWS CloudTrail and Splunk to gain visibility into AWS API calls across multiple AWS accounts. CloudTrail logs API calls and Splunk is used to centrally aggregate those logs. Examples are provided of how this setup could be used for incident response, operations troubleshooting, and compliance auditing. The integration of CloudTrail and Splunk provides scalability and a single view across accounts for security and operations teams.

The Serverless Tidal Wave - SwampUP 2018 Keynote

Arun Gupta

The document discusses the rise of serverless computing and its benefits. It describes how AWS pioneered serverless computing with AWS Lambda and has since expanded its serverless offerings. The serverless model provides easy scaling, high availability, and developers can focus on writing code without worrying about infrastructure management. Containers are also discussed as working with serverless computing.

Opening Keynote - AWS Summit SG 2017

Amazon Web Services

Today, many enterprises' data centers are at capacity, and these data centers are looking to expand their infrastructure footprint using the cloud. By leveraging a hybrid architecture, enterprises can expand their capabilities while maintaining some or all of their existing management tools. This session will go into detail on managing your AWS infrastructure with the AWS Management Portal for vCenter, integrating the AWS Management Pack for Microsoft System Center for monitoring your AWS resources, and possible future System Center and vCenter AWS cloud management features and functionality.

Jump-start your application migration to AWS with CloudEndure - STG305 - New ...

Amazon Web Services

CloudEndure Migration is a no-cost solution for moving applications from any physical, virtual, or cloud-based infrastructure to AWS. It simplifies, expedites, and reduces the cost of cloud migration by offering a highly automated lift-and-shift solution. In this workshop, you learn how to install a CloudEndure agent, monitor initial replication process steps in the console, configure target blueprints, and launch test instances in AWS.

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...

Amazon Web Services

Splunk Cloud

Splunk

If you are looking to gain all the benefits of Splunk software with all the benefits of a cloud-service, this is a must-attend session. In this session learn why Splunk Cloud is the industry-leading SaaS platform for operational intelligence and hear how Splunk Cloud customers use Splunk software with zero operational overhead. You will also learn how Splunk Cloud offers the full feature set of Splunk Enterprise, access to 500+ apps and single pane-of-glass visibility across Splunk Cloud and Splunk Enterprise deployments.

Running Splunk on AWS

Alan Williams

What's New

Amazon Web Services

This document provides a summary of new and updated services from Amazon Web Services. Some key points include: - AWS IoT now integrates with Elasticsearch Service and CloudWatch via rules engine. - Amazon EMR 4.4.0 was released with new features. - New Amazon S3 lifecycle policies allow for automatic archiving and deletion of objects. - Amazon Inspector is now generally available for assessing applications for vulnerabilities. - Two new low-cost storage options were introduced for Amazon EBS. - Amazon Kinesis Firehose now allows ingesting data into Elasticsearch domains.

Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018

Amazon Web Services

This session covers how a Kubernetes cluster can be run over multiple AWS accounts to separate the control plane from the worker nodes and increase security, separate concerns, and isolate workloads. Amazon Elastic Container Service for Kubernetes (Amazon EKS) manages the Kubernetes control plane and recommends that customers launch worker nodes in their accounts. We cover in detail how we made this topology possible, the challenges we faced, and how we solved it.

How Autodesk Leverages Splunk as an Assurance Platform on AWS

Alan Williams

Kubernetes on AWS with Amazon EKS

Amazon Web Services

This document summarizes Paul Maddox's presentation on Amazon EKS (Elastic Container Service for Kubernetes). It includes an agenda for the presentation, introduces Maddox and his background, and addresses some frequently asked questions about EKS. The presentation then provides an introduction to Kubernetes and EKS, describing how EKS manages the Kubernetes control plane and allows customers to run Kubernetes clusters on AWS, while also integrating AWS services. It highlights new features of EKS like Kubernetes certification and cross-account networking capabilities.

Using the Force.com Integration APIs

Richard Seroter

This document discusses various integration techniques for connecting Salesforce to external systems. It outlines the SOAP, REST, and Bulk APIs which allow inbound integration into Salesforce. Outbound techniques include the Streaming API, custom Apex code, and Outbound Messaging. The best integration approach depends on requirements like real-time access, bulk data transfer, or connecting mobile apps. Integrating systems efficiently regardless of location is ideal to avoid failed cloud projects.

DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...

Amazon Web Services

PARTNER PRESENTATION: Transform into a Cloud First Business with Capgemini’s ...

Amazon Web Services

AWS X-Ray를 활용한 서비스 건강검진- 한승호@에멘탈

Seungho Han

Building a Secured Network environment on AWS

Amazon Web Services

In this session, we will explore common use cases for (server based or generally load balanced) workloads in AWS and how they compare with the on-prem deployment patterns. you will learn the architectural patterns and line of thinking for deploying security perimeters and segmentation across a multiple account/vpc strategy, Edge security. also, you how you can make sure the pattern you develop will be applied uniformly across your current and future environments.

Visualising Your Data Insights with Amazon QuickSight

Amazon Web Services

Visualisation is an essential part of analysing your data to gain insights and communicate them across your organisation. In this session we will explore Amazon QuickSight which makes it easy to build visualisations, perform ad-hoc analysis, and quickly get business insights from your data. You'll see a live demonstration of how you can easily connect to your data, perform advanced analysis, and create visualisations and dashboards that can be accessed from any browser or mobile device. Speaker: David McAmis, Big Data Consultant, Amazon Web Services

Lesson 1 in Cloud – Read Instructions Carefully - session sponsored by Vocus

Amazon Web Services

Brett Looney from Amazon Web Services and Luke MacKinnon from Vocus will provide a lesson on cloud computing. Vocus is a national provider of fiber, Ethernet, internet, data center, cloud, and unified communications services across Australia and New Zealand. The lesson will cover Vocus's cloud compute, backup and archive, and disaster recovery services, as well as their Cloud Connect service which provides private, high-speed connections to public clouds like AWS.

Reactive Cloud Security | AWS Public Sector Summit 2016

Amazon Web Services

Modern deployment and hosting environments have created a new dynamism to application, network, and development architectures. Compute resources are ephemeral, networks are instantiated and configured with API calls, and new versions of applications are deployed in seconds... security has not met this challenge gracefully. In this talk, we explore some new and interesting ways to make security reactive within cloud environments by dynamically changing the environment in response to and in preparation for security incidents, baby steps toward an architecture that can protect itself.

Architecting for Greater Security on AWS

Amazon Web Services

Leveraging AWS for your business provides a catalyst for security programs as customers inherit a faster pace of security innovation simply by using AWS. This session highlights design and architecture patterns customers can employ to measurably improve the security of their organization. In this session, customers explore design patterns for data security using encryption, strong access controls, and least privilege; for implementing detective security controls, such as logging and monitoring, at scale; and for implementing a defense-in-depth network security architecture.

Twelve-Factor Serverless Applications

Amazon Web Services

The “Twelve-Factor” application model has come to represent twelve best practices for building modern, cloud-native applications. With guidance on things like configuration, deployment, run time, and multiple service communication, the Twelve-Factor model prescribes best practices that apply to everything from web applications to APIs to data processing applications. Although serverless computing and AWS Lambda have changed how application development is done, the “Twelve-Factor” best practices remain relevant and applicable in a serverless world. In this talk, we’ll apply the “Twelve-Factor” model to serverless application development with AWS Lambda and Amazon API Gateway and show you how these services enable you to build scalable, well built, and low administration applications.

AWS Webcast - Splunk and Autodesk

Amazon Web Services

Autodesk is strengthening its operations with Splunk and AWS by using CloudTrail to log API calls across its AWS accounts and sending the logs to Splunk. This provides Autodesk with a single view of activity across all accounts for security monitoring, compliance auditing, and troubleshooting. Specifically, Autodesk can search logs to investigate incidents, identify compromised hosts, and monitor sign-in locations for security. For compliance, Autodesk can set alerts on sensitive API calls and user creations. Using CloudTrail and Splunk provides Autodesk with a scalable, cost-effective logging solution.

saa3_wk5.pdf

Michgo1

The document discusses various AWS services including Elastic Load Balancing, Auto Scaling, AWS CloudFormation, and Amazon CloudFront. It provides information on: - How Elastic Load Balancing distributes traffic across multiple targets to improve scalability. It describes different types of load balancers. - How Auto Scaling automatically launches or terminates EC2 instances based on user-defined policies to dynamically scale capacity as needed. - How AWS CloudFormation allows defining infrastructure as code using templates to deploy and manage AWS resources in a reproducible and predictable manner. - How Amazon CloudFront is a global content delivery network (CDN) that securely delivers data, videos, applications, and APIs to customers with low latency and high transfer

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Amazon Web Services

AWS Outposts allows customers to run compute and storage on-premises while connecting to AWS's full range of services in the cloud. It provides three main benefits: 1) It allows customers to build applications once and deploy them on-premises or in the cloud using the same AWS APIs, services, and tools. 2) It offers a fully managed service model so customers don't have to worry about procuring, operating, or maintaining their own infrastructure. 3) It provides the same security, performance, reliability, and operational experience of AWS regions while also addressing the needs of applications that require low latency access to on-premises systems or local data processing.

What's hot

(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...

Amazon Web Services

Jump-start your application migration to AWS with CloudEndure - STG305 - New ...

Amazon Web Services

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...

Amazon Web Services

Splunk Cloud

Splunk

Running Splunk on AWS

Alan Williams

What's New

Amazon Web Services

Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018

Amazon Web Services

How Autodesk Leverages Splunk as an Assurance Platform on AWS

Alan Williams

Kubernetes on AWS with Amazon EKS

Amazon Web Services

Using the Force.com Integration APIs

Richard Seroter

DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...

Amazon Web Services

PARTNER PRESENTATION: Transform into a Cloud First Business with Capgemini’s ...

Amazon Web Services

AWS X-Ray를 활용한 서비스 건강검진- 한승호@에멘탈

Seungho Han

Building a Secured Network environment on AWS

Amazon Web Services

Visualising Your Data Insights with Amazon QuickSight

Amazon Web Services

Lesson 1 in Cloud – Read Instructions Carefully - session sponsored by Vocus

Amazon Web Services

Reactive Cloud Security | AWS Public Sector Summit 2016

Amazon Web Services

Architecting for Greater Security on AWS

Amazon Web Services

Twelve-Factor Serverless Applications

Amazon Web Services

AWS Webcast - Splunk and Autodesk

Amazon Web Services

What's hot (20)

(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...

Jump-start your application migration to AWS with CloudEndure - STG305 - New ...

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...

Splunk Cloud

Running Splunk on AWS

What's New

Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018

How Autodesk Leverages Splunk as an Assurance Platform on AWS

Kubernetes on AWS with Amazon EKS

Using the Force.com Integration APIs

DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...

PARTNER PRESENTATION: Transform into a Cloud First Business with Capgemini’s ...

AWS X-Ray를 활용한 서비스 건강검진- 한승호@에멘탈

Building a Secured Network environment on AWS

Visualising Your Data Insights with Amazon QuickSight

Lesson 1 in Cloud – Read Instructions Carefully - session sponsored by Vocus

Reactive Cloud Security | AWS Public Sector Summit 2016

Architecting for Greater Security on AWS

Twelve-Factor Serverless Applications

AWS Webcast - Splunk and Autodesk

Similar to stackArmor Security MicroSummit - Next Generation Firewalls for AWS

saa3_wk5.pdf

Michgo1

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Amazon Web Services

Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...

Amazon Web Services

Securing DoD workloads in the cloud is no task to be taken lightly. Today's ever-changing threat landscape requires the advanced capabilities of Palo Alto Networks VM-Series Next Generation Firewall to secure your AWS deployment. Granular security controls based upon users, their applications and the content within those applications give you complete visibility into, and control over, the "who" (via User-ID), and "what" (via App-ID) of your cloud traffic while preventing both known and unknown threats. Coupled with Palo Alto Networks and Amazon's Secure Cloud Computing Architecture (SCCA) Quick Start deployment template, the process of attaining your accreditation is greatly streamlined. Automate your deployment on AWS with many required SCCA security controls both pre-configured and documented at the time of deployment. This session will relate the capabilities that Palo Alto Networks Next Generation Firewall brings to the cloud- including a product demonstration conducted on a VM-Series firewall running on AWS. The target audience is technical security practitioners and information assurance professionals who want to understand the capabilities of Palo Alto Networks on AWS, prevent data breaches, and efficiently attain their accreditation. Learn More: https://aws.amazon.com/government-education/

Deep Dive - Hybrid Architectures

Amazon Web Services

In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as automated provisioning with AWS CloudFormation, and configuration management with AWS OpsWorks. Speakers: Miha Kralj, AWS Solutions Architect Amarpal S. Attwal, Senior Technical Lead, ICT Engineering, Just Eat Koen van den Biggelaar, AWS Solutions Architect

Hybrid Infrastructure Integration

Amazon Web Services

Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.

Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirez

javier ramirez

Hybrid Infrastructure Integration

Amazon Web Services

Hybrid Infrastructure Integration

Amazon Web Services

This document discusses integrating on-premises infrastructure with AWS. It examines integrated infrastructure using VPN and Direct Connect, integrated services like Active Directory and monitoring tools, and an integrated platform for deployment and management. Example integrated solutions discussed include storage expansion, backup/archiving, and continuous integration/deployment. The takeaways emphasize the importance of connectivity and authentication/authorization for hybrid integration.

Transform into a Cloud-First Business with SAP on AWS and Capgemini’s Cloud C...

Capgemini

Find out how to gain a competitive edge by migrating your SAP workloads to the AWS Cloud with the help of Capgemini’s Cloud Choice services. You will hear best practices for migrating any existing SAP installation to the AWS Cloud. We will discuss migration pitfalls to avoid as well as real-life tips for reducing complexity, increasing flexibility, lowering risk, and generating cost savings. Presented at SAPPHIRE NOW 2016.

F5 Cloud Story

MarketingArrowECS_CZ

This document discusses F5's strategy for application services across private, public, hybrid, and multi-cloud environments. It outlines F5 solutions that provide automation, orchestration, and security for application services spanning on-premises private clouds and off-premises public clouds. The solutions aim to unify application services and policies across environments while addressing challenges around security, storage costs, cloud lock-in, and latency.

Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...

Amazon Web Services

The document discusses using AWS CloudFormation for continuous integration and continuous deployment (CI/CD) of infrastructure as code. It covers version controlling templates, static analysis and testing of templates, and deploying templates through pipelines to different environments like staging and production. It also provides examples of deploying full application stacks including EC2 instances, containers, serverless architectures, and strategies for grouping resource types.

[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker

Amazon Web Services Korea

This document provides an overview and summary of Amazon Web Services (AWS) announcements from a conference in Seoul, South Korea. It includes summaries of new and updated AWS services across various categories such as compute, database, analytics, developer tools, and containers. Key announcements include the general availability of AWS App Mesh for managing communications between microservices applications and the public beta of AWS Cloud Map for service discovery.

(NET406) Deep Dive: AWS Direct Connect and VPNs

Amazon Web Services

As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We’ll show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.

Intro to "Asgard"

Pritiman Panda

Asgard is a web interface created by Netflix for deploying applications and managing cloud resources on Amazon Web Services (AWS). It provides features like load balancing, auto-scaling, and security that address limitations of AWS management console. Key advantages of Asgard include centralized access control, audit logging, enforcement of naming conventions, and integration with other systems. It can automate workflows for deploying applications on AWS through a single form submission.

Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...

Amazon Web Services

In this session, learn how OrangeX in Spain is transforming enterprise networks with AWS and Nokia’s Nuage SD-WAN, which is delivered with management, control, and user plane in the AWS Cloud. It is powered by EC2 i3.metal and AWS hybrid IT services, via true multi-tenant, built-in multi-segment orchestrators, and multi-tier management spanning from operators to partners to direct enterprise portals. With SD-WAN becoming an essential function in vCPE deployments, Nuage’s SD-WAN has been established as the platform for simplifying delivery and deployment of virtual network functions such as security and agility, on premises and in the cloud. Learn factors to consider in using SD-WAN with AWS, agile implementation of the solution, and leveraging a cloud-ready operating model. We share references to continue learning.

Infrastructure Security: Your Minimum Security Baseline

Amazon Web Services

After IAM and Detective Controls you’ll turn to Infrastructure Security, which means tuning AWS Service configurations, AMI composition, and hardening other digital assets that will be deployed. We will cover how to define networking architecture (e.g. VPC, subnets, security groups); how to develop hardened AMIs based on your requirements; the importance of defining Internet ingress and egress flows, and how to determine Vulnerability Management and operational maintenance cadence.

How to Run Amazon Web Services Workloads on Your VMware vCloud®

Cloudsoft Corp

ISTIO-Envoy-MutualTLS_v2.pptx

yingxinwang4

Istio and Envoy provide a service mesh solution for microservices architectures that addresses many of the challenges of that architecture style. The service mesh handles tasks like load balancing, service discovery, failure handling, and authentication/authorization transparently for services. Istio's control plane components like Pilot and Mixer configure Envoy sidecar proxies that intercept and route traffic for each service instance. When using Istio, special logic does not need to be added to each individual service to handle these tasks. The service mesh approach improves development, maintenance and portability of microservices.

AWS Serverless concepts and solutions

ElenaIvannikova3

The document discusses AWS serverless concepts and solutions. It covers serverless computing advantages like dynamic resource allocation and scaling with usage. It then discusses serverless architectures using AWS services like Lambda, S3, SNS, SQS, and Kinesis. It also covers AWS Lambda configuration and deployment using the Serverless Application Model and CloudFormation. Finally, it discusses CI/CD pipelines and infrastructure as code for serverless applications.

Enterprise Service Delivery from the AWS Cloud (ARC208) | AWS re:Invent 2013

Amazon Web Services

(Presented by Citrix) As we move to a world where all users are mobile and apps are increasingly delivered from the cloud, security, compliance, and user experience service-level expectations are higher than ever, necessitating that IT look beyond traditional methods for delivering applications. However, there are intelligent cloud networking and provisioning solutions on AWS that can be leveraged to create a service delivery model that addresses the new paradigm. Learn how Citrix NetScaler VPX on AWS provides full application visibility and control through a combination of customer case studies and demos. In this session, you learn how to: -Deploy Citrix application delivery technologies (NetScaler, NetScaler Gateway, CloudBridge) into AWS -Optimize next-gen web applications delivered from AWS, using traffic management and application acceleration capabilities -Provide global application availability across on-premises data centers and multiple AWS regions using CloudBridge, global server load balancing, and Amazon Route 53 DNS

Similar to stackArmor Security MicroSummit - Next Generation Firewalls for AWS (20)

saa3_wk5.pdf

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...

Deep Dive - Hybrid Architectures

Hybrid Infrastructure Integration

Re:Invent 2019 Recap. AWS User Groups in Spain. Javier Ramirez

Hybrid Infrastructure Integration

Transform into a Cloud-First Business with SAP on AWS and Capgemini’s Cloud C...

F5 Cloud Story

Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...

[AWS Container Service] Getting Started with Cloud Map, App Mesh and Firecracker

(NET406) Deep Dive: AWS Direct Connect and VPNs

Intro to "Asgard"

Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...

Infrastructure Security: Your Minimum Security Baseline

How to Run Amazon Web Services Workloads on Your VMware vCloud®

ISTIO-Envoy-MutualTLS_v2.pptx

AWS Serverless concepts and solutions

Enterprise Service Delivery from the AWS Cloud (ARC208) | AWS re:Invent 2013

More from Gaurav "GP" Pal

stackArmor - FedRAMP and 800-171 compliant cloud solutions

Gaurav "GP" Pal

stackArmor - FedRAMP and 800-171 compliant cloud solutions

Gaurav "GP" Pal

stackArmor MicroSummit - Niksun Network Monitoring - DPI

Gaurav "GP" Pal

stackArmor Security MicroSummit Deep Packet Inspection on AWS by Niksun: Shivank Dua will talk about how Deep Packet Inspection on AWS provides critical capabilities required to detect data breaches, malware and other threat scenarios. The ability to reconstruct the packet stream and perform forensics is critical to speedy incident response protecting from emerging and dynamic threat patterns. Topics will include: Threat scenarios and the need for Deep Packet Inspection / Deep Content Inspection Limitations of flow and log-based analysis techniques Use cases for ‘knowing the unknown’ via deep packet and content inspection

Magento Hosting on AWS

Gaurav "GP" Pal

Secured hosting and maintenance of e-commerce websites has become the need of the hour. Modern day websites are highly vulnerable to threats such as hacking, phishing, pharming, denial of access etc. Magento is considered to be one of the most secured e-commerce platform that is easy to install and ready to use. The inbuilt security features of Magento and the additional benefits of AWS makes it the safest and secured platform for modern applications. Magento is an open source cloud based digital commerce platform that empowers merchants to integrate digital and physical shopping experiences. Magento enterprise edition provides an engaging shopping experience to the users by providing personalized content, fast checkout and a seamless shopper experience. However, in order to ensure the integrity of the user experience and sensitive customer data, it is important to follow security and deployment best practices. stackArmor’s cybersecurity and cloud deployment experts have developed a proven and full-stack methodology to help protect and secure applications and data. The diagram below provides an overview of the key layers and security countermeasures. AWS offers a wide variety of configuration and deployment choices requiring infrastructure, systems engineering and AWS engineering expertise. The cloud experts at stackArmor, have developed an easy to use deployment automation harness called StackBuilderTM. StackBuilderTM allows users to quickly deploy and use their Magento e-commerce website hosted on AWS. StackBuilder’s intelligent cloud deployment engine takes care of instance selection, AWS VPC configuration and software installation. The fully managed Magento service includes patching, vulnerability management, continuous monitoring, data encryption, and recovery & backup support. stackArmor StackBuilder provides a rich and easy to use consumer-grade experience for non-technical users to jumpstart their projects by answering a series of simple questions. StackBuilder’s intelligent provisioning and capacity estimation engine leverages the rich set of services provided by the AWS cloud platform including wide variety of EC2 instances, Virtual Private Cloud (VPC), Auto Scaling Groups, Clustering and Elastic Load Balancers (ELB) amongst others. The user of StackBuilderTM does not have to go through the various steps associated with configuring and setting up the AWS infrastructure as they are handled automatically. This allows the user to focus on his project without waiting for costly consultants or the need for cloud infrastructure expertise.

Rapid deployment of Sitecore on AWS

Gaurav "GP" Pal

This document discusses deploying and hosting Sitecore, an enterprise content management system, on Amazon Web Services (AWS). It provides an overview of Sitecore and its architecture, as well as recommendations for AWS resources needed for development, test, production, and disaster recovery environments. It also describes StackBuilder, a tool from stackArmor that automates the provisioning of Sitecore environments on AWS through a simple wizard interface.

Secured Hosting of PCI DSS Compliant Web Applications on AWS

Gaurav "GP" Pal

Protecting card owner information has become very important for e-commerce companies as they have become frequent targets for hackers. In order to safeguard the interests of the card owners, four industry majors, VISA, MasterCard, Discover and American Express, joined hands to create a set of policies and procedures to protect the debit, credit and cash card transactions and to safeguard the personal information of the cardholders. These policies and procedures are collectively known as the Payment Card Industry Data Security Standard (PCI DSS). In simple terms these standards alert companies that they are wholly responsible for the credit card information of their customers. The PCI directs companies to use the information diligently and to store only that information that is required for their business. This white paper provides an overview of architectural features in the AWS cloud that ensure the hosting of e-commerce web applications that are PCI DSS compliant. This stackArmor white paper provides an overview of hosting PCI DSS compliant applications in AWS.

Implementing Secure DevOps on Public Cloud Platforms

Gaurav "GP" Pal

Businesses are looking to accelerate the delivery of production quality software with fewer defects, and better security. Continuous Integration/Continuous Deployment (CI/CD) also known as DevOps is a rapidly maturing practice for reducing the time and effort it takes to test and deploy code into production. The rapid automation of the integration and deployment activities is common especially on cloud-based platforms. Adding security testing into the DevOps pipeline can help address the needs of regulated, compliance and public sector focused organizations. This white paper describes the use of open source technologies and commercial packages to design and deploy a Secure DevOps pipeline. Tools such as Yasca, SonarQube, and OpenSCAP amongst others when integrated with vulnerability scanners such as Tenable Nessus, HP Fortify and others provide a robust SecDevOps implementation. This white paper by stackArmor provides an overview on how an organization can implement a Secure DevOps pipeline and its key elements.

FGMC - Managed Data Platform - CloudDC Meetup

Gaurav "GP" Pal

First Guaranty Mortgage Corporation (FGMC) is a full service national lender offering mortgage solutions to clients. The Enterprise Data team is focused on leveraging Enterprise Data as a differentiator. By embracing data science, analytics and cloud technologies, new and innovative solutions are delivered to support the business mission. The rapid evaluation and deployment of a flexible, scalable, and secure cloud-based data platform was critical to jumpstarting enterprise data initiatives. FGMC leveraged Amazon Web Services (AWS) and conducted a agile and iterative transformation process that included a pilot using stackArmor's StackBuilder solution for rapidly deploying services.

stackArmor presentation for DevOpsDC ver 4

Gaurav "GP" Pal

The document discusses stackArmor's presentation on using MongoDB and Solr on AWS for a customer's ETL processing needs. The customer receives large amounts of data monthly and needed to process it faster at lower cost. StackArmor designed a solution using MongoDB shards, SolrCloud, and Chef automation to meet the customer's goals of processing 5 million records per hour within budget and compliance requirements. Through tuning the design over time, they were able to improve throughput to over 3 million records per hour sustained.

AWS Frederick Meetup 07192016

Gaurav "GP" Pal

The document discusses AWS security best practices and common mistakes made when using AWS. It provides examples of real security incidents that occurred due to misconfigurations or lack of security controls. The presentation covers topics like identity and access management, network access control, logging and monitoring, compliance frameworks, and security tools that can be used to harden AWS environments. It also describes advanced VPC networking techniques and the DoD security technical implementation guide (STIG) compliance process.

DevOps for ETL processing at scale with MongoDB, Solr, AWS and Chef

Gaurav "GP" Pal

Large scale data processing for Extract Transform and Loading (ETL) jobs is a very common practice. The stackArmor DevOps team developed a Chef based automation solution to automate the AWS environment provisioning, code deployment and data ingestion processing to ingest and process over 2 TB of Data. This presentation covers the technologies used, the planning phase, AWS instance selection and optimizing the ETL processing for not only performance but also cost. The target was to process 500 million rows within 72 hours with a processing rate of 5 million transactions per hour. The presentation also provides pitfalls and automation optimizations performed to accomplish the targeted processing rates. The presentation was delivered at the DevOpsDC Meetup on May 17, 2016

Hosting Tableau on AWS

Gaurav "GP" Pal

Gaurav Pal gave a presentation on enabling better decision making and data transparency with Tableau dashboards hosted on AWS. The presentation covered how to jumpstart dashboard and visualization initiatives using Tableau and AWS, licensing and hosting options for Tableau on AWS, and demoed StackBuilder which can help users quickly select and estimate costs for hosting Tableau on AWS. The presentation provided an overview of using Tableau for data visualization, licensing models, hosting on AWS Marketplace or using StackBuilder for an automated deployment, and concluded with a demo and contact information.

AWS Security Best Practices, SaaS and Compliance

Gaurav "GP" Pal

Big Data - Accountability Solutions for Public Sector Programs

Gaurav "GP" Pal

2013 11-06 adopting aws at scale - lessons from the trenches

Gaurav "GP" Pal

Enterprise adoption of elastic cloud computing platforms such as AWS require new management and operations processes. Highlights: --“Pay-as-you-go” is an asset only if strong governance is in place --Who should be performing this optimization? Developers? Ops? PM’s? What should be the frequency? --What is the playbook? ----Resizing instances based on demand ----Reviewing storage consumption ----Standard/Reserved Instances --Shut-down instances when not needed

DevOps in the Amazon Cloud – Learn from the pioneersNetflix suro

Gaurav "GP" Pal

DevOps helps accelerate the delivery of software applications through automation and by removing Development & Operations silos. The Netflix Platform Engineering team has developed a robust data pipeline solution called SURO that has been open sourced. Come learn from the experiences of pioneers like Netflix how they are leveraging the data pipeline for new and innovative use cases. This is the presentation by Danny Yuan, Netflix Platform Engineering Team on operational and monitoring aspects of applications on cloud platforms.

Enterprise transformation with cloud computing Jan 2014

Gaurav "GP" Pal

We concluded on Jan 31, 2014 another fabulous edition of the Digital Innovation Breakfast. Over 60 people registered and listened to the keynote address by Mr. Bernie Mazer, CIO, US Department of the Interior. This was followed by a lively panel discussion that included US Department of the Interior, US Department of the Treasury, Accenture, Microsoft and Gartner. We are now set to execute on the third edition of the event scheduled for late April 2014/early May 2014 titled “Big Data in Financial Services”.

More from Gaurav "GP" Pal (17)

stackArmor - FedRAMP and 800-171 compliant cloud solutions

stackArmor MicroSummit - Niksun Network Monitoring - DPI

Magento Hosting on AWS

Rapid deployment of Sitecore on AWS

Secured Hosting of PCI DSS Compliant Web Applications on AWS

Implementing Secure DevOps on Public Cloud Platforms

FGMC - Managed Data Platform - CloudDC Meetup

stackArmor presentation for DevOpsDC ver 4

AWS Frederick Meetup 07192016

DevOps for ETL processing at scale with MongoDB, Solr, AWS and Chef

Hosting Tableau on AWS

AWS Security Best Practices, SaaS and Compliance

Big Data - Accountability Solutions for Public Sector Programs

2013 11-06 adopting aws at scale - lessons from the trenches

DevOps in the Amazon Cloud – Learn from the pioneersNetflix suro

Enterprise transformation with cloud computing Jan 2014

Recently uploaded

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Choosing The Best AWS Service For Your Website + API.pptx

Brandon Minnick, MBA

Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API? Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose? Which one is cheapest? Which one is fastest? Which one will scale to meet our needs? Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!

Mariano G Tinti - Decoding SpaceX

Mariano Tinti

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

shyamraj55

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

saastr

5th LF Energy Power Grid Model Meet-up Slides

DanBrown980551

5th Power Grid Model Meet-up It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology. Power Grid Model The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services. Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability. Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization. What to expect For the upcoming meetup we are organizing, we have an exciting lineup of activities planned: -Insightful presentations covering two practical applications of the Power Grid Model. -An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024. -An interactive brainstorming session to discuss and propose new feature requests. -An opportunity to connect with fellow Power Grid Model enthusiasts and users.

UI5 Controls simplified - UI5con2024 presentation

Wouter Lemaire

HCL Notes and Domino License Cost Reduction in the World of DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/ The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this! We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model. Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward. These topics will be covered - Reducing license cost by finding and fixing misconfigurations and superfluous accounts - How do CCB and CCX licenses really work? - Understanding the DLAU tool and how to best utilize it - Tips for common problem areas, like team mailboxes, functional/test users, etc - Practical examples and best practices to implement right away

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on integration of Salesforce with Bonterra Impact Management. Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx

SitimaJohn

Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.

Project Management Semester Long Project - Acuity

jpupo2018

Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.

Introduction of Cybersecurity with OSS at Code Europe 2024

Hiroshi SHIBATA

I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems. The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS. Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application. I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.

Taking AI to the Next Level in Manufacturing.pdf

ssuserfac0301

Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as: 1. How quickly AI is being implemented in manufacturing. 2. Which barriers stand in the way of AI adoption. 3. How data quality and governance form the backbone of AI. 4. Organizational processes and structures that may inhibit effective AI adoption. 6. Ideas and approaches to help build your organization's AI strategy.

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

Speck&Tech

ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune. Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile. BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).

Building Production Ready Search Pipelines with Spark and Milvus

Zilliz

Main news related to the CCS TSI 2023 (2023/1695)

Jakub Marek

An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers. The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 . The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Presentation of the OECD Artificial Intelligence Review of Germany

innovationoecd

Recently uploaded (20)

20240609 QFM020 Irresponsible AI Reading List May 2024

Choosing The Best AWS Service For Your Website + API.pptx

Mariano G Tinti - Decoding SpaceX

How to Get CNIC Information System with Paksim Ga.pptx

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

5th LF Energy Power Grid Model Meet-up Slides

UI5 Controls simplified - UI5con2024 presentation

HCL Notes and Domino License Cost Reduction in the World of DLAU

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx

Project Management Semester Long Project - Acuity

Introduction of Cybersecurity with OSS at Code Europe 2024

Taking AI to the Next Level in Manufacturing.pdf

Skybuffer SAM4U tool for SAP license adoption

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

Building Production Ready Search Pipelines with Spark and Milvus

Main news related to the CCS TSI 2023 (2023/1695)

National Security Agency - NSA mobile device best practices

Presentation of the OECD Artificial Intelligence Review of Germany

stackArmor Security MicroSummit - Next Generation Firewalls for AWS

1. Ed Caswell Consulting Engineer Palo Alto Networks Securing the Public Cloud AWS Deployment Scenarios

2. in

3. ELB Interoperability

5. CloudFormation Template: Automates full use case deployments S3: AWS service where bootstrapping files are stored CloudWatch: Consumes metrics and makes intelligent scale in/out decisions Lambda: Code as a service pushes custom metrics to CloudWatch via XML API Auto Scale Groups (ASG): The firewalls are members of an ASG that scales in/out based on custom metrics PAN-OS Bootstrapping: Automates creation of fully configured firewall PAN-OS API: enables delivery of custom metric to CloudWacth Panorama: Optional but highly recommended to simplify VM-Series management Native AWS and PAN-OS/VM-Series Services Used 5 | © 2015, Palo Alto Networks. Confidential and Proprietary. AWS Services PAN-OS/VM-Series Services

6. Region 1 AZ1 External ELB AZ2 Internal ELB Web ASG 1 CFT deploys base topology ASG1 2 Initial firewalls are bootstrapped from S3 ASG2 Bootstrapping adds VM-Series firewalls to Panorama Auto Scaling the VM-Series on AWS 6 | © 2016, Palo Alto Networks. Confidential and Proprietary.

7. Region 1 AZ1 External ELB AZ2 Internal ELB Web ASG ASG1 3 Standard metrics sent to CloudWatch 4 Alarm triggers ASG scale out ASG2 Auto Scaling the VM-Series on AWS 7 | © 2016, Palo Alto Networks. Confidential and Proprietary.

8. Region 1 AZ1 External ELB AZ2 Internal ELB Web ASG ASG1 5 l function collects PAN-OS metrics via API Custom metrics sent to CloudWatch 6 7 Alarm triggers FW ASG scale events ASG2 Bootstrapping continues to add FWs to Panorama l Function removes FWs from Panorama Auto Scaling the VM-Series on AWS 8 | © 2016, Palo Alto Networks. Confidential and Proprietary.

9. Region 1 AZ1 IELB VIP 1 IELB VIP 2 AZ2 Web ASG ASG1 ASG2 8 l function monitors for ELB VIP changes IELB VIP 3 9 l function deploys new ASG with NAT rule for new VIP ASG3 IELB VIP 4 ASG4 External ELB Internal ELB Auto Scaling the VM-Series on AWS 9 | © 2016, Palo Alto Networks. Confidential and Proprietary.

10. InterVPC

11. Securing one VPC IPSec VPN DC-FW1 DC-FW2 AZ1b Web1-01 Web1-02

12. AZ1c Securing one VPC AZ1b IPSec VPN DC-FW1 DC-FW2 Web1-01 Web1-02 Web2-01 Web2-02 IPSec VPNs

13. Securing lots of VPCs DC-FW1 DC-FW2 Marketing App HR App QA Environment Dev Environment

14. Region Services VPC Subnet 1 Availability Zone 2 Availability Zone 1 Subnet 2 Region Subscribing VPC Subnet 1 Availability Zone 2 Availability Zone 1 Subnet 2

15. Region Services VPC Subnet 1 Availability Zone 2 Availability Zone 1 Subnet 2

16. DC-FW1 DC-FW2 Services VPC + Hybrid + Internet Gateway

17. DC-FW1 DC-FW2 Routing Default route learned via DHCP from IGW on E1/1 Static route defined for enterprise network Redistribution profile shares static routes with BGP peers BGP routes propagated into local route table SNAT on gateway firewall ensure symmetric return

18. DC-FW1 DC-FW2 More scale

19. DC-FW1 DC-FW2 LOTS more scale Direct Connect Location Service Provider Links

Editor's Notes

Too many firewalls to purchase, manage, monitor Too many enforcements points Who’s job to add the FWs to the VPCs?
Routing: VM-Series learns default route via DHCP VM-Series redistributes default route into BGP VM-Series shares default route with each VGW via BGP peering Each VGW propagates the default route it learned via BGP into the local route table EC2 instances require no special configuration for routing – just the default GW they learned via DHCP

stackArmor Security MicroSummit - Next Generation Firewalls for AWS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to stackArmor Security MicroSummit - Next Generation Firewalls for AWS

Similar to stackArmor Security MicroSummit - Next Generation Firewalls for AWS (20)

More from Gaurav "GP" Pal

More from Gaurav "GP" Pal (17)

Recently uploaded

Recently uploaded (20)

stackArmor Security MicroSummit - Next Generation Firewalls for AWS

Editor's Notes