AWS Summit 2017 – Automating Event Driven Security in the AWS Cloud


Automating Event Driven Security in the AWS Cloud : Level 200

Mick McCluney, Technical Director, Trend Micro ANZ

** Note: These are notes taken from various sessions and the keynote of the 2017 AWS Public Sector Summit held in Canberra, Australia.  The information might be slightly unstructured, and the photos might be a bit raw.

Trend Micro.  This session is mostly about a Trend Micro product called Deep Security, but the design goals are relevant to any security posture.

Containers as micro services, serverless as APIs

Security - Event Driven (11am session)
Threat sophistication:
  *   ransomeware
  *   Signature based is ineffective (0-days more common)

Challenges

Licensing/Procurement
Changes security paradigm
Cross-environment
Deep Computing/Security – over the landscape

Security - Event Driven (11am session)_1
No silver bullets, use many techniques

Use different layers; fold into a single product (this feels like a sales pitch)

Trend still supports IPS, signatures, firewalls and file integrity.  Now incorporates machine learning.
Trend Smart protection network includes web/mail/DB reputation lists.  Global.  Known v. Unknown.
Behavior analysis is used to determine malware.

Security - Event Driven (11am session)_2
Machine learning looks at API calls, file/execution behavior (e.g encrypting files).
Utilizes ‘safe’ virtualized SOE server as sandbox (sounds like vCIS!)
Use white lists in endpoint environments.  Honeypots and Honeymonkees (sims user actions).

Security - Event Driven (11am session)_3
Trend contribute large vulnerability detection. Helps write IPS rules, etc.

Security - Event Driven (11am session)_4
Applies to on-premise and cloud.
Scale is easier in the cloud (at cost)
Not sure how scale up helps detection?  Volume of requests?
Security is built in to scale.  Uses scripts & automation.  Policy based, sensitive to appliances.  Can be built into DevSecOps (into dynamically deployed containers)
Rules can be pulled down to protect against unpatched servers/etc.
Similar capabilities to TripWire.  Protect or monitor system files.

Security - Event Driven (11am session)_5
Hybrid Cloud:

Security - Event Driven (11am session)_6
This is interesting.  Here’s some cross cutting concerns that impact the practicality of hybrid solutions.
Automation plays a key role in cost management, and also in scaling security to meet demand.
Smart Folders – a locker of grouped compute resources, subject to requisite security posture (Dev/Test/Prod)

Running through Trend’s product capability now.  Might pause taking notes; the broader functionality/interest was covered earlier.


About Rob Sanders

IT Professional and TOGAF 9 certified architect with nearly two decades of industry experience, 18 years in commercial software development and 11 years in IT consulting. Check out the "About Rob" page for more information.

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>