Upload
alertlogic
View
793
Download
2
Embed Size (px)
DESCRIPTION
Citation preview
> www.alertlogic.com
December 17, 2013
Intrusion Detection for the AWS Cloud
Justin CriswellCloud Solutions Architect
Diane GareyProduct Marketing
> www.alertlogic.com 2
Alert Logic Secures Datacenters in any Environment
PUBLIC CLOUD
MANAGED HOSTING
ON-PREM DATA CENTER
> www.alertlogic.com
Brute Force
Web Application Attacks
ReconnaissanceVulnerability Scans
In AWS, Security Responsibility is Shared
3
Customer
Primary Responsibility
> www.alertlogic.com 4
Alert Logic Threat Manager
Context-Aware Network Threat Detection & ResponseIntrusion Monitoring w/o False Positives Multi-factor analysis enables more accurate detection
Integrated Vulnerability Assessment Delivers context-aware threat detection and mitigation
Automated Security Analysis Out of the box alerts and reports for key use cases
Key Compliance Coverage Supports numerous control objectives including PCI Approved Scanning Vendor (ASV) requirement
24x7 Security Monitoring Security Operations Center staffed by GIAC-certified analysts
> www.alertlogic.com
Threat Manager Architecture
> www.alertlogic.com 6
Threat Manager AgentsDesigned for Auto Scaling Environments
32-bit and 64-bit versions:Debian (.deb)
5.0 (lenny)6.0 (squeeze)
Ubuntu (.deb)7.x8.x9.x10.x11.x12.x
CentOS (.rpm)5.x6.x
Red Hat Enterprise Linux (.rpm)
5.x6.x
32-bit and 64-bit versions:Windows Server 2003Windows Server 2008Windows Server 2012Windows VistaWindows XPWindows 7Windows 8
Note Provisioning as a role serves to establish the role identity, while registration (which can occur many times for a single role identity) establishes the identity of a single instance within a role.
The certificate files and role instance ID (obtained at registration) comprise its unique identity. Provisioning in role mode is useful when preparing to clone an OS image on to multiple hosts or start as multiple instances.
> www.alertlogic.com 7
Threat Manager Virtual Appliance
Threat Manager tier Recommended AWS instance type AWS instance name
Alert Logic TM (AWS EC2) - 10 Mbps Standard Small M1.Small
Alert Logic TM (AWS EC2) - 35 Mbps Standard Medium M1.Medium
Alert Logic TM (AWS EC2) - 60 Mbps Standard Medium M1.Medium
Alert Logic TM (AWS EC2) - 85 Mbps Standard Large M1.Large
Alert Logic TM (AWS EC2) - 120 Mbps Standard Large M1.Large
Alert Logic TM (AWS EC2) - 250 Mbps High Memory Quadruple Extra Large M2.4XLarge
Alert Logic TM (AWS EC2) - 500 Mbps High CPU Extra Large C1.Xlarge
Alert Logic TM (AWS EC2) - 1000 Mbps High CPU Extra Large C1.Xlarge
> www.alertlogic.com 8
Policy Driven AssignmentsSolves large scale asset management issues in a dynamic environment
Assists in robust devops automation support
Threat Manager APIs
> www.alertlogic.com
Demo
10