Automating Event Driven Security in the AWS Cloud : Level 200
Mick McCluney, Technical Director, Trend Micro ANZ
** Note: These are notes taken from various sessions and the keynote of the 2017 AWS Public Sector Summit held in Canberra, Australia. The information might be slightly unstructured, and the photos might be a bit raw.
Trend Micro. This session is mostly about a Trend Micro product called Deep Security, but the design goals are relevant to any security posture.
Containers as micro services, serverless as APIs
Threat sophistication:
* ransomeware
* Signature based is ineffective (0-days more common)
Challenges
Licensing/Procurement
Changes security paradigm
Cross-environment
Deep Computing/Security – over the landscape
No silver bullets, use many techniques
Use different layers; fold into a single product (this feels like a sales pitch)
Trend still supports IPS, signatures, firewalls and file integrity. Now incorporates machine learning.
Trend Smart protection network includes web/mail/DB reputation lists. Global. Known v. Unknown.
Behavior analysis is used to determine malware.
Machine learning looks at API calls, file/execution behavior (e.g encrypting files).
Utilizes ‘safe’ virtualized SOE server as sandbox (sounds like vCIS!)
Use white lists in endpoint environments. Honeypots and Honeymonkees (sims user actions).
Trend contribute large vulnerability detection. Helps write IPS rules, etc.
Applies to on-premise and cloud.
Scale is easier in the cloud (at cost)
Not sure how scale up helps detection? Volume of requests?
Security is built in to scale. Uses scripts & automation. Policy based, sensitive to appliances. Can be built into DevSecOps (into dynamically deployed containers)
Rules can be pulled down to protect against unpatched servers/etc.
Similar capabilities to TripWire. Protect or monitor system files.
Hybrid Cloud:
This is interesting. Here’s some cross cutting concerns that impact the practicality of hybrid solutions.
Automation plays a key role in cost management, and also in scaling security to meet demand.
Smart Folders – a locker of grouped compute resources, subject to requisite security posture (Dev/Test/Prod)
Running through Trend’s product capability now. Might pause taking notes; the broader functionality/interest was covered earlier.
