SlideShare a Scribd company logo

Shared Security Responsibility in the AWS Public Cloud

Download as PPTX, PDF
Alert Logic
Alert Logic

In the Amazon Web Services Public Cloud, security is shared

Technology
1 of 19
SHARED SECURITY RESPONSIBILITY IN THE AWS PUBLIC CLOUD APRIL 2014 Johnathan Norman, Cloud Solutions Architect and Diane Garey, Product Marketing
Alert Logic Secures Datacenters in Any Environment 2 PUBLIC CLOUD MANAGED HOSTING ON-PREM DATA CENTER
In AWS Public Cloud, Security is Shared 3 Customer Primary Responsibility
Alert Logic Solutions are Engineered for AWS 4 Engineered for AWS  Supports Auto Scaling & role aware  Automatable with APIs and scripts  Available across multiple regions  Manageable at scale  IP address & topology independant  Usage based utility pricing  Marketplace transactable  AMI and agent deployment options  Network and system visibility  Proven reference architectures Runs on AWS
Available via the AWS Marketplace 5
Alert Logic Solutions 6 APPLICATIONS SYSTEMS NETWORKS PRODUCTS CONTENT BIG DATA ANALYTICS PEOPLE & PROCESS WEB SECURITY MANAGER Key Capabilities » Positive & negative security models » Adaptive learning engine » Broad compliance coverage (PCI, OWASP) Product Categories » Web Application Firewall LOG MANAGER Key Capabilities » Powerful analysis for security logs » Simple, intuitive search interface » All your data accessible online, all the time Product Categories » Log Management » SIEM THREAT MANAGER Key Capabilities » Context aware threat identification » Integrated vulnerability scanning » PCI Approved Scanning Vendor certified Product Categories » IDS / IPS » Vulnerability assessment Managed Service » ActiveWatch Managed Service » LogReview Managed Service » ActiveWatch
Inline protection of web applications from dangerous cyber threats Secure Web Applications 7
Alert Logic Web Security Manager WAF Page 8 Active Protection for Web Applications, Management Included Positive & Negative Security Active protection using signatures and leading learning engine Key Compliance Coverage Supports PCI 6.6 and OWASP Top 10 risks Management Included 24x7 management by experienced security analysts AWS Auto Scaling Protection scales dynamically with your web apps Security Where You Need It Works wherever you have your datacenter
replicatio n AWS Infrastructure Web Traffic Web Server Web Server Web Server Web Server Web Server Web Server Web Server Web Server Database Read Replica Database Read Replica Database Master replica tion VPC A B Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
replicatio n AWS Infrastructure + Web Security Manager Amazon S3 Configuration CloudTrail Master Auto Recover Elastic Load Balancer Web Traffic Alert Logic Managemen t Web Server Web Server Web Server Web Server Web Server Web Server Web Server Web Server Database Read Replica Database Read Replica Database Master replica tion VPC A B Worker Worker Worker Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
Security monitoring of log data Manage Log Data 11
Capture & Manage AWS CloudTrail Messages Include activity log data with other application, system and event logs 12
Alert Logic Log Manager for AWS 13 Cloud-Based Security Log Analysis All Log Data, All Together Collect, archive and analyze log data in real-time all data sources Quick access to log data Dozens of reports, fast and intuitive search function Compliance friendly Supports numerous standards such as PCI, HIPAA, FFIEC, SOX Available as a service Auditable daily log review with integrated case management by dedicated GIAC-certified System Security Analysts AWS Friendly Designed for AWS workloads and reference architectures
Intrusion Detection System built for AWS Monitor for Network Threats 24x7 14
Alert Logic Threat Manager 15 Context-Aware Network Threat Detection & Response Intrusion Monitoring w/o False Positives Multi-factor analysis enables more accurate detection Integrated Vulnerability Assessment Delivers context-aware threat detection and mitigation Automated Security Analysis Out of the box alerts and reports for key use cases Key Compliance Coverage Supports numerous control objectives including PCI Approved Scanning Vendor (ASV) requirement 24x7 Security Monitoring Security Operations Center staffed by GIAC-certified analysts
replicatio n AWS Infrastructure + Web Security Manager Amazon S3 Configuration CloudTrail Master Auto Recover Elastic Load Balancer Web Traffic Alert Logic Managemen t Web Server Web Server Web Server Web Server Web Server Web Server Web Server Web Server Database Read Replica Database Read Replica Database Master replica tion VPC A B Worker Worker Worker Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
replicatio n AWS Infrastructure + Web Security Manager + Threat Manager Amazon S3 Configuration CloudTrail Master Auto Recover Elastic Load Balancer Web Traffic Alert Logic Managemen t Web Server Web Server Web Server Web Server Auto-scaling ThreatManag er Appliance Auto-scaling ThreatManag er Appliance Web Server Web Server Web Server Web Server Database Read Replica Database Read Replica Database Master replica tion VPC A B Worker Worker Worker Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
Next Steps • More information: https://www.alertlogic.com/products-services/public-cloud- security/cloud-security-for-aws/ • Alert Logic Cloud Defender https://www.alertlogic.com/products-services/alert-logic-cloud-defender/ • Additional product videos: https://www.youtube.com/user/AlertLogicTV 18
Thank you.

Recommended

Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
Alert Logic
 
Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016
Alert Logic
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
Alert Logic
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud
Alert Logic
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
Alert Logic
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
Alert Logic
 

Recommended

Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
Alert Logic
 
Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016
Alert Logic
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
Alert Logic
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud
Alert Logic
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
Alert Logic
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
Alert Logic
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Skybox Security
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nube
Cristian Garcia G.
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
Skybox Security
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Alert Logic
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
Skybox Security
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Skycure
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security
Outpost24
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
Outpost24
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
Skybox Security
 
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_alCss sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Alert Logic
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
Alert Logic
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
Skybox Security
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
Skybox Security
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
CloudPassage
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
ISSA LA
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAA
Alert Logic
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
Amazon Web Services
 
Silver Lining: An Everyman's Journey to Cloud Security - Sven Skoog, Monotype
Silver Lining: An Everyman's Journey to Cloud Security - Sven Skoog, MonotypeSilver Lining: An Everyman's Journey to Cloud Security - Sven Skoog, Monotype
Silver Lining: An Everyman's Journey to Cloud Security - Sven Skoog, Monotype
Alert Logic
 

More Related Content

What's hot

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Skybox Security
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
ISSA LA
 

What's hot (20)

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nube
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk score
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
 
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_alCss sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
Outpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24 webinar - Implications when migrating to a Zero Trust model
Outpost24 webinar - Implications when migrating to a Zero Trust model
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAA
 

Viewers also liked

AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
Amazon Web Services
 

Viewers also liked (11)

AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
 
Silver Lining: An Everyman's Journey to Cloud Security - Sven Skoog, Monotype
Silver Lining: An Everyman's Journey to Cloud Security - Sven Skoog, MonotypeSilver Lining: An Everyman's Journey to Cloud Security - Sven Skoog, Monotype
Silver Lining: An Everyman's Journey to Cloud Security - Sven Skoog, Monotype
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
 
Cloud Security Summit (Boston) - Live Hack Demo
Cloud Security Summit (Boston) - Live Hack Demo Cloud Security Summit (Boston) - Live Hack Demo
Cloud Security Summit (Boston) - Live Hack Demo
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
 
The AWS Shared Responsibility Model in Practice - Nirav Kothari, AWS
The AWS Shared Responsibility Model in Practice - Nirav Kothari, AWSThe AWS Shared Responsibility Model in Practice - Nirav Kothari, AWS
The AWS Shared Responsibility Model in Practice - Nirav Kothari, AWS
 
The AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web ServicesThe AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web Services
 
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert LogicIntroduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud Security
 
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
 
Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar...
Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar... Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar...
Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar...
 

Similar to Shared Security Responsibility in the AWS Public Cloud

(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
Amazon Web Services
 
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Amazon Web Services
 
Secure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the CloudSecure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the Cloud
CA API Management
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
Amazon Web Services
 
Next-Generation Security Operations with AWS
Next-Generation Security Operations with AWSNext-Generation Security Operations with AWS
Next-Generation Security Operations with AWS
Amazon Web Services
 

Similar to Shared Security Responsibility in the AWS Public Cloud (20)

Activate CTO Day
Activate CTO DayActivate CTO Day
Activate CTO Day
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best Practices
 
在雲端開發架構支援大規模流量的行動/網頁應用程式
在雲端開發架構支援大規模流量的行動/網頁應用程式在雲端開發架構支援大規模流量的行動/網頁應用程式
在雲端開發架構支援大規模流量的行動/網頁應用程式
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Summit - Atlanta
AWS Summit - Atlanta AWS Summit - Atlanta
AWS Summit - Atlanta
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Secure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the CloudSecure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the Cloud
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
AWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology UpdateAWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology Update
 
AWS Startup Day Bangalore: Being Well-Architected in the Cloud
AWS Startup Day Bangalore: Being Well-Architected in the CloudAWS Startup Day Bangalore: Being Well-Architected in the Cloud
AWS Startup Day Bangalore: Being Well-Architected in the Cloud
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
re:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF Loftre:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF Loft
 
Next-Generation Security Operations with AWS
Next-Generation Security Operations with AWSNext-Generation Security Operations with AWS
Next-Generation Security Operations with AWS
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 

More from Alert Logic

More from Alert Logic (20)

Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Shared Security Responsibility in the AWS Public Cloud

  • 1. SHARED SECURITY RESPONSIBILITY IN THE AWS PUBLIC CLOUD APRIL 2014 Johnathan Norman, Cloud Solutions Architect and Diane Garey, Product Marketing
  • 2. Alert Logic Secures Datacenters in Any Environment 2 PUBLIC CLOUD MANAGED HOSTING ON-PREM DATA CENTER
  • 3. In AWS Public Cloud, Security is Shared 3 Customer Primary Responsibility
  • 4. Alert Logic Solutions are Engineered for AWS 4 Engineered for AWS  Supports Auto Scaling & role aware  Automatable with APIs and scripts  Available across multiple regions  Manageable at scale  IP address & topology independant  Usage based utility pricing  Marketplace transactable  AMI and agent deployment options  Network and system visibility  Proven reference architectures Runs on AWS
  • 5. Available via the AWS Marketplace 5
  • 6. Alert Logic Solutions 6 APPLICATIONS SYSTEMS NETWORKS PRODUCTS CONTENT BIG DATA ANALYTICS PEOPLE & PROCESS WEB SECURITY MANAGER Key Capabilities » Positive & negative security models » Adaptive learning engine » Broad compliance coverage (PCI, OWASP) Product Categories » Web Application Firewall LOG MANAGER Key Capabilities » Powerful analysis for security logs » Simple, intuitive search interface » All your data accessible online, all the time Product Categories » Log Management » SIEM THREAT MANAGER Key Capabilities » Context aware threat identification » Integrated vulnerability scanning » PCI Approved Scanning Vendor certified Product Categories » IDS / IPS » Vulnerability assessment Managed Service » ActiveWatch Managed Service » LogReview Managed Service » ActiveWatch
  • 7. Inline protection of web applications from dangerous cyber threats Secure Web Applications 7
  • 8. Alert Logic Web Security Manager WAF Page 8 Active Protection for Web Applications, Management Included Positive & Negative Security Active protection using signatures and leading learning engine Key Compliance Coverage Supports PCI 6.6 and OWASP Top 10 risks Management Included 24x7 management by experienced security analysts AWS Auto Scaling Protection scales dynamically with your web apps Security Where You Need It Works wherever you have your datacenter
  • 9. replicatio n AWS Infrastructure Web Traffic Web Server Web Server Web Server Web Server Web Server Web Server Web Server Web Server Database Read Replica Database Read Replica Database Master replica tion VPC A B Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
  • 10. replicatio n AWS Infrastructure + Web Security Manager Amazon S3 Configuration CloudTrail Master Auto Recover Elastic Load Balancer Web Traffic Alert Logic Managemen t Web Server Web Server Web Server Web Server Web Server Web Server Web Server Web Server Database Read Replica Database Read Replica Database Master replica tion VPC A B Worker Worker Worker Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
  • 11. Security monitoring of log data Manage Log Data 11
  • 12. Capture & Manage AWS CloudTrail Messages Include activity log data with other application, system and event logs 12
  • 13. Alert Logic Log Manager for AWS 13 Cloud-Based Security Log Analysis All Log Data, All Together Collect, archive and analyze log data in real-time all data sources Quick access to log data Dozens of reports, fast and intuitive search function Compliance friendly Supports numerous standards such as PCI, HIPAA, FFIEC, SOX Available as a service Auditable daily log review with integrated case management by dedicated GIAC-certified System Security Analysts AWS Friendly Designed for AWS workloads and reference architectures
  • 14. Intrusion Detection System built for AWS Monitor for Network Threats 24x7 14
  • 15. Alert Logic Threat Manager 15 Context-Aware Network Threat Detection & Response Intrusion Monitoring w/o False Positives Multi-factor analysis enables more accurate detection Integrated Vulnerability Assessment Delivers context-aware threat detection and mitigation Automated Security Analysis Out of the box alerts and reports for key use cases Key Compliance Coverage Supports numerous control objectives including PCI Approved Scanning Vendor (ASV) requirement 24x7 Security Monitoring Security Operations Center staffed by GIAC-certified analysts
  • 16. replicatio n AWS Infrastructure + Web Security Manager Amazon S3 Configuration CloudTrail Master Auto Recover Elastic Load Balancer Web Traffic Alert Logic Managemen t Web Server Web Server Web Server Web Server Web Server Web Server Web Server Web Server Database Read Replica Database Read Replica Database Master replica tion VPC A B Worker Worker Worker Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
  • 17. replicatio n AWS Infrastructure + Web Security Manager + Threat Manager Amazon S3 Configuration CloudTrail Master Auto Recover Elastic Load Balancer Web Traffic Alert Logic Managemen t Web Server Web Server Web Server Web Server Auto-scaling ThreatManag er Appliance Auto-scaling ThreatManag er Appliance Web Server Web Server Web Server Web Server Database Read Replica Database Read Replica Database Master replica tion VPC A B Worker Worker Worker Elastic Load Balancer Elastic Load Balancer Elastic Load Balancer
  • 18. Next Steps • More information: https://www.alertlogic.com/products-services/public-cloud- security/cloud-security-for-aws/ • Alert Logic Cloud Defender https://www.alertlogic.com/products-services/alert-logic-cloud-defender/ • Additional product videos: https://www.youtube.com/user/AlertLogicTV 18