This document discusses LifeLock's migration of workloads to AWS and their use of Symantec Cloud Workload Protection (CWP) for security. It provides an overview of CWP and how it provides visibility and protection for AWS and hybrid cloud workloads from a single console. It also summarizes LifeLock's experience using CWP for real-time file integrity monitoring during their migration, which provided seamless transition and improved compliance monitoring. Finally, it outlines additional CWP capabilities for container protection and how CWP can provide continuous improvement for cloud and container security.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Patrick McDowell, Solutions Architect, AWS
Kevin Stultz, Director of Product Management, Symantec
Tom Castellano, Cybersecurity Engineering Lead, LifeLock
LifeLock Migration to AWS –
Automated Cloud Security
with Symantec Cloud
Workload Protection (CWP)

2. Protect your Cloud Environment
with AWS
Patrick McDowell, Solutions Architect, AWS

3. What is Driving AWS Adoption?
Urgent Need to Respond to Business Needs for:
Increased
Agility
Flexibility
Lower Costs and
Transparency
More
Capabilities
Go Global in
Minutes
Remove Infrastructure
Dependencies
Remove IT as a “Blocker” to Innovation

4. Compelling Events on the Journey
Value
Time
Discovery
and Testing
Application-
Based Projects
Cloud-First /
Standardization
Business
Transformation
Build applications
to run in AWS cloud
Dev & Test /
Startups
Production App
Migration
“Cloud-First”
Standardization /
Mass Migration
Automation /
Business Innovation
Projects
Current State
1
2
3
4
5

5. $6.53M
https://www.csid.com/resources/stats/data-breaches/
Average cost of
a data breach
Your Data and IP Are Your Most
Valuable Assets
56%
Increase in theft of hard
intellectual property
http://www.pwc.com/gx/en/issues/cyber-security/
information-security-survey.html
70%
Of consumers indicated
they’d avoid businesses
following a security breach
https://www.csid.com/resources/stats/data-breaches/

6. Automating logging
and monitoring
Simplifying resource
access
Making it easy
to encrypt properly
Enforcing
strong authentication
AWS Can Be More Secure than Your
Existing Environment
In a recent IDC report which found that most customers can be more secure
in AWS than their on-premises environment. How?

7. AWS and You Share Responsibility
for Security

8. Constantly Monitored
 Network access is monitored by AWS
security managers daily
 AWS CloudTrail lets you monitor
and record all API calls
 Amazon Inspector automatically assesses
applications for vulnerabilities
The AWS infrastructure is protected by extensive network
and security monitoring systems:

9. Highly Available
 44 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
 Retain control of where your data resides
for compliance with regulatory requirements
 Mitigate the risk of DDoS attacks using
services like Route 53
 Dynamically grow to meet unforeseen demand
using Auto Scaling
The AWS infrastructure footprint helps protect your data
from costly downtime:

10. Integrated with Your Existing Resources
 Integrate your existing Active Directory
 Use dedicated connections as a secure,
low-latency extension of your data center
 Provide and manage your own encryption
keys if you choose
AWS enables you to improve your security using
many of your existing tools and practices:

11. Key AWS Certifications and
Assurance Programs

12. Symantec Cloud Workload
Protection
Kevin Stultz, Director of Product Management, Symantec

13. v
Hybrid Cloud Data Center Evolution
Modern (Off-Premises)Traditional (On-Premises)
Physical Private Cloud (SDDC) Managed Private Cloud AWS Cloud
More Agility - Lower Cost - More Workloads per Server

14. v
Symantec Cloud Workload Protection
Protect AWS and Hybrid Cloud Workloads From a Single Console
Benefits:
 Protect all workloads from a single
cloud-based console
 Automatic discovery and visibility of public
cloud workloads
 Elastic, cloud-native protection scales easily
Symantec Cloud
Workload Protection
Cloud Workload Protection
DevOps /
Security Admin
Physical Data
Center
Private Cloud

15. v
How do I Know if Our Workloads Are Secure?
CISO, Cloud Security Architect
I need to know what
workloads are running across
my hybrid cloud, where they
are, and if they’re protected.Mobile &
Remote
HQBranch DevOps/Test
AWS Regions
Unauthorized
User
Private Cloud

16. v
 Continuous visibility of AWS and hybrid
cloud workloads from a single console
 Automatic discovery of software services
on AWS workloads
 Automatic identification of workload
security postures
 Real-time visibility into AWS infrastructure
changes
Agent Not
Installed
Policy Not
Applied
Protected
Symantec CWP Provides:
Visibility and Security for AWS and Hybrid
Cloud Workloads from a Single Console
Discover and view
security postures of
workloads wherever they
are
Shut down rogue
instances to reduce
attack surface

17. v
Shared Responsibility for Security
Security Analyst/Admin
I need to ensure
security of our assets
“IN” the cloud.

18. v
Controls
Anti-Malware
RT-FIM
App Control
Anti-Malware OS Hardening
Single Agent
Single Console
Traditional Workloads
General Purpose Computing
Long Lifespan
IT Managed
App Isolation App Control RT-FIM
Controls
OS Hardening
App Control
RT-FIM
App Isolation
Cloud Workloads
Scalable Business Apps
Short Lifespan
Developer Managed
Comprehensive Protection for All Types of AWS Workloads
Symantec CWP Provides:

19. v
Symantec CWP Provides:
Virtual Patching, Real-time Monitoring and Vulnerability Protection for AWS Workloads
Identify potential threats and
apply security policies
in the same view
Benefits:
 Block advanced threats that target
vulnerabilities (virtual patching)
 Stop zero-day attacks
 Prevent unauthorized changes
 Identify suspicious behaviors
 Block application-centric malware

20. v
Why “Lift and Shift” Approach to Security Fails
Traditional security solutions can’t keep up.
Velocity of Deployment
ScaleofDeployment
Physical and Private
Cloud Data Centers
AWS Cloud
 Public cloud infrastructure is built and
deployed as code
 DevOps practitioners use continuous
deployment workflows, increasing velocity
– especially in container environments
 Security controls must integrate into DevOps
processes to support cloud elasticity
I need security that integrates
with our DevOps workflows
and scales automatically.
DevOps, SecDevOps
Disruptive Increase in Velocity and Scale of Workload Deployments

21. v
Symantec CWP Provides:
 Security scales automatically with dynamic
AWS infrastructure
 Integration with AWS enables DevOps to
build security directly into service
deployment workflows
 Flexible pay-for-use and annual
subscription pricing models support agile
business planning
Cloud-native Security that Integrates with AWS Infrastructure and DevOps Service
Workflows for Rapid Deployment and Scalability
Instances in auto-scaling
group with policies
applied
Complete instance
mapping with
real-time
protection status
Automatic policy
recommendations

22. v
Need to Secure Containers
Why are containers vulnerable?
 High rate of change in container environments
makes standard security best practices impossible
 Varied images provide more points of entry
 Direct access to the OS kernel creates a larger
attack surface area
How are they attacked?
 Real-world attacks use containers to get to the
management framework or container host
Source: https://www.rsaconference.com/videos/orchestration-ownage-exploiting-container-centric-data-center-platforms
Frameworks
Supporting
Apps
Attack RCE
Kernel

23. v
Visibility
Know security posture and
suspicious activity
 What container was online and
what it was doing
 Full monitoring of container
activity including file integrity
Symantec CWP Provides:
Frictionless Security
Complete protection with
no footprint in container
 Enforce security controls
without impacting agility
 Containers and their
applications cannot be
used to take control of
the Infrastructure
Built for DevOps
Fully Instrumented for DevOps
 ALL UI features have
corresponding RESTAPI
 Full Control of security
controls applied
Security for Amazon EC2 Container Services

24. v
Superior Protection
Stop unknown threats with
multi-layered protection
 Advanced machine learning
 Memory exploit mitigation
 Intelligent threat cloud
and more
Symantec CWP Provides:
Seamless Scalability
Autoscaling security
infrastructure of scanners
required to protect storage
based on load
Clean Pipes for Applications
Enable clean S3 storage
 Near real-time S3
anti-malware scanning
 Container adoption
 Serverless solutions
(AWS Lambda)
CWP for Storage - Anti-malware for AWS S3 Storage (Coming Soon)

25. v
Symantec Cloud Workload Protection
Protect AWS and Hybrid Cloud Workloads From a Single Console
Benefits:
 Protect all workloads from a single cloud-
based console
 Automatic discovery and visibility of public
cloud workloads
 Elastic, cloud-native protection scales
easily
Symantec Cloud
Workload Protection
Cloud Workload Protection
DevOps /
Security Admin
Physical Data
Center
Private Cloud

26. v
LifeLock Customer Story
Tom Castellano, Cybersecurity Engineering Lead, LifeLock

27. v v
Background
 Datacenter move to AWS – Full Workload that
included LOB services, internal workloads,
consumer facing, and enterprise security solutions
 Required no gaps of visibility and compliance
controls – PCI compliance top priority
 Support for Amazon Linux, RHEL, and Windows
Usage of CWP:
Real-Time File Integrity Monitoring (FIM)

28. v v
Solution
 Symantec CWP offering with CWP
Agents on AWS workloads & on-premises
legacy infrastructure
 Single CWP console to monitor and control
hybrid workloads during the migration
 Conduct Proof of Value (PoV) with CWP File
Integrity Monitoring (FIM) capabilities and
reporting
Usage of CWP: Cont.
Real-Time File Integrity Monitoring (FIM)
Results
 Seamless transition from PoV to production
environment with no downtime
 Improved monitoring and compliance
efficiency and performance of FIM in CWP

29. v v
CWP Usage:
Real-Time File Integrity Monitoring (RT-FIM)
LifeLock Hybrid Architecture Provides
Visibility and Control
 Seamless migration from Data Center to AWS
 FIM Policy Enforcement- Provide visibility and
compliance reporting of FIM activities
 Agents support for Amazon Linux, RHEL,
Windows, and Centos
 Protect application vulnerabilities that could
be exploited to attack infrastructure
 Alerting and Notifications
Symantec Cloud
Workload Protection
Cloud Workload Protection
CloudOps /
Security Admin
Physical Data
Center

30. v v
Proof of Value Results
 Automated installation and easy to
deploy CWP Agents across the
enterprise – required to support
Amazon Linux workloads
 No loss of coverage when migrating
hosts to AWS
 CWP provides pre-built policies to build
or custom based on requirements
Summary - Results and Benefits
 Automated protection profiling
based on workload – CWP
recommends profiles to apply
 Continuous visibility, discovery, and
monitoring
 Continuous visibility into threat
and vulnerability scores for public
cloud deployments

31. v v
Continuous Improvement for
Cloud & Container Protection
 Container protection and discovery
with Docker workloads
 Enhanced policy enforcement and
prevention through Real-time File Integrity
Monitoring (FIM) to ensure compliance and
auditing
 AV included to scan Linux hosts in CWP
 Micro-segmentation capabilities to enforce
security policies and protect workloads
Summary - Results and Benefits

32. v v© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Q & A
Patrick McDowell, Solutions Architect, AWS
Kevin Stultz, Director of Product Management, Symantec
Tom Castellano, Cybersecurity Engineering Lead, LifeLock

33. Cloud Workload Protection on AWS:
go.Symantec.com/aws-cwp
Learn more about CWP:
go.Symantec.com/cwp
More Symantec on AWS:
aws.amazon.com/featured-partners/Symantec
Find Out More
Additional Resources:
Buy CWP on Marketplace
Free Trial through Symantec
CWP Help and Resources
What’s New in CWP
CWP Security Competency on AWS
Find out more on
LifeLock:
www.lifelock.com

34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank You!