AWS CloudTrail & Alert Logic Log Manager
-
Upload
alertlogic -
Category
Technology
-
view
715 -
download
3
description
Transcript of AWS CloudTrail & Alert Logic Log Manager
> www.alertlogic.com
December 10, 2013
AWS CloudTrail & Alert Logic Log Manager
Justin CriswellCloud Solutions Architect
Diane GareyProduct Marketing
> www.alertlogic.com
Brute Force
Web Application Attacks
ReconnaissanceVulnerability Scans
2
• Access management• Patch management• Configuration hardening• Security monitoring• Log analysis
• Network threat detection
• Security monitoring
• Secure coding and best practices• Software and virtual patching• Configuration management
• Access management• Application level attack monitoring
AWS GlobalInfrastructure
Multiple Availability
Zones
Globally Distributed
Regions
FoundationServices
Compute Storage DB Network
VPC Networks
• VPC provides Logically isolated environments• Security groups filter inbound/outbound • External DDoS, spoofing and scanning
prevented
Hosts
• Hardened hypervisor• Promiscuous mode prevented• Deny-all default in security group• Root access provided to customer
Apps
The Shared Security Model for AWS
2
Customer
Primary Responsibility
> www.alertlogic.com 3
AWS CloudTrailhttp://aws.amazon.com/cloudtrail
Who took this action?
When did the action take place?
What action was taken?
Where was this action performed?
How was this action performed?
> www.alertlogic.com 4
Currently Supported AWS Services
• Amazon Elastic Compute Cloud (Amazon EC2)• Amazon Elastic Block Store (Amazon EBS) • Amazon Redshift • Amazon Relational Database Service (Amazon RDS) • Amazon Virtual Private Cloud (Amazon VPC) • AWS CloudTrail • AWS Identity and Access Management (AWS IAM) • AWS Security Token Service (AWS STS)
Amazon EC2 Amazon EBS Amazon RedshiftAmazon RDS Amazon VPC IAM STS
Alert Logic Log Manager for AWS
Cloud-Based Security Log AnalysisAll Log Data, All Together Collect, archive and analyze log data in real-time all data sources
Quick access to log data Dozens of reports, fast and intuitive search function
Compliance friendly Supports numerous standards such as PCI, HIPAA, FFIEC, SOX
Available as a service Auditable daily log review with integrated case management by dedicated GIAC-certified System Security Analysts
AWS Friendly Designed for AWS workloads and reference architectures
> www.alertlogic.com 6
Create a CloudTrail Trail
1. Use the console or CLI to create a trail2. Enable CloudTrail logging3. Create SQS queue 4. Create IAM group and user
> www.alertlogic.com 7
Set up a CloudTrail Source in Log Manager
> www.alertlogic.com
Collecting Additional AWS Log Data
> www.alertlogic.com
Demo
9
> www.alertlogic.com
Try Alert Logic Log Manager with CloudTrail
• Contact Alert Logic:– www.alertlogic.com– [email protected]– cloud.docs.alertlogic.com
• Installation steps:– Enable CloudTrail in your AWS account– In Log Manager, create a new CloudTrail data source
Page 10