Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Spider & F5 Round Table - Secure the Cloud Data Center with eMind

426 views

Published on

Published in: Technology
  • Be the first to comment

Spider & F5 Round Table - Secure the Cloud Data Center with eMind

  1. 1. Ultra Secure Data Center on Amazon Cloud Lahav Savir, Architect & CEO Emind systems Ltd. lahavs@emind.co
  2. 2. Emind Systems • Cloud expert system integrator • Dedicated Cloud Architects • Dedicated DevOps teams • 24x7 SLA powered by DevOps Specialists • ~100 AWS customers • Partnerships with leading cloud vendors
  3. 3. Advanced Consulting Partner https://aws.amazon.com/solution-providers/si/emind-systems-ltd
  4. 4. Overview of Amazon Web Services 2:46 Minutes video
  5. 5. AWS Intro
  6. 6. Architected for Enterprise Security Requirements “The Amazon Virtual Private Cloud [Amazon VPC] was a unique option that offered an additional level of security and an ability to integrate with other aspects of our infrastructure.” Dr. Michael Miller, Head of HPC for R&D
  7. 7. Shared Responsibility for Security & Compliance Facilities Physical Security Compute Infrastructure Storage Infrastructure Network Infrastructure Virtualization Layer Operating System Applications Security Groups Firewalls Network Configuration Account Management + = Customer
  8. 8. What is secure data center ? • Isolated • Controlled • Firewalled • Secure access – VPN – SSL • IDS & IPS • Antivirus • Audited • User management – One time password • Data encryption • Frequent updates • Configuration analysis • Regulatory compliance • One spot for monitoring – Centralized alerts
  9. 9. Emind’s best practices
  10. 10. Access Management • Control the data flow – AWS VPC – ACL – Routing – Handle all in/out traffic • Firewall – F5 Firewall – VPC Security groups • Identity access management – One-time-password – AWS IAM with MFA – F5 Access Policy Management
  11. 11. ACL & Routing in the VPC
  12. 12. F5 APM
  13. 13. Emind’s best practices
  14. 14. Traffic Control • Web Applications Security • Log in / out traffic • Terminate encrypted connection • Sanitize in / out packets – Real-time decisions – Accept / reject connections – Rate limiting
  15. 15. Emind’s best practices
  16. 16. Anomalies detection • Host-based IDS – Detect configuration changes – Track running processes – Track file integrity & access – Resource access – Detect abnormal behaviors • OS hardening • App cleanup
  17. 17. Emind’s best practices
  18. 18. Data Protection • In-flight – SSL encryption – IPSec • In-rest – Storage level encryption – Data base encryption
  19. 19. Emind’s best practices
  20. 20. Central log • Need to aggregate – VPN access logs – Traffic audit logs – Network IDS logs – Host IDS logs – Anti virus logs • Detect patterns
  21. 21. Security lifecycle management • Ongoing discovery & analysis – Access – Traffic – IDS – Anti virus – Encryption keys • Act on analysis results • Reveal and solve settings • Make them all orchestrate together !
  22. 22. Emind’s best practices
  23. 23. Contact me lahavs@emind.co @lahavsavir 054-4321688

×