ENHANCED SECURITY & COMPLIANCE FOR AMAZON WEB SERVICES · servers and workloads are secure and that...
Transcript of ENHANCED SECURITY & COMPLIANCE FOR AMAZON WEB SERVICES · servers and workloads are secure and that...
www.cloudpassage.com | 800-215-7404
THE PROBLEMAs enterprises move applications from traditional data centers to a public or hybrid cloud environment, the security model needs to change. For example, in the Amazon Web Services (AWS) environment, AWS is responsible for securing the data center infrastructure and network, while you maintain responsibility for the security of your application workloads. AWS refers to this concept as the “Shared Responsibility Model.” You need to ensure that your servers and workloads are secure and that they meet the compliance requirements of regulations such as PCI DSS, SOC2, HIPAA/HiTECH, and FISMA.
THE SOLUTION: CLOUDPASSAGE HALO ENHANCED SECURITY CONTROLS FOR AWSAWS and APN Advanced Technology Partner CloudPassage have created a set of security controls that allow you to fulfill your responsibilities under the AWS Shared Responsibility Model. CloudPassage® Halo® gives you instant visibility into and continuous protection for your workloads across the AWS Cloud, virtual private clouds, and hybrid cloud environments. Delivered as a metered service, Halo deploys in minutes, scales on-demand, and eliminates costly, error-prone manual processes by baking security directly into your workloads. Its library of ready-to-use security policies gives you a head start on meeting your security objectives and compliance requirements. The Halo REST API makes it easy to integrate with your existing security tools and extends your security investments.
THE POWER OF HALO FOR AWS4 Instant visibility and continuous protection for AWS workloads
4 Automated provisioning of security for faster deployment
4 Automatic scalability
4 Faster time to value and reduced operational overhead
4 REST API for easy integration with AWS and existing tools
ENHANCED SECURITY & COMPLIANCE FOR AMAZON WEB SERVICES
ON-DEMAND SECURITY AND COMPLIANCE FOR ANY MIX OF AWS PUBLIC, PRIVATE, OR HYBRID INFRASTRUCTURE
SOLUTION BRIEF
www.cloudpassage.com | 800-215-7404
Halo works across any c loud or v ir tual infrastructure: publ ic , pr ivate , hybr id , mult i -c loud or
v ir tual ized data center — including bare metal .
Get instant visibility
Workloads are tracked and reported on instantly
and automatically.
Reduce costs & improve efficiency
Eliminate manual processes — streamline and
automate workflows.
Verify system & data integrity Apply and verify
all required controls are in place.
Automate compliance workflows
Integrate with your existing tools and
processes seamlessly.
Generate & track audit logs
Ensure all critical activities are archived and readily available.
Scale on demand Non-intrusive, agent-
based model scales without breaking a sweat.
Stay flexibleDeploy seamlessly across any cloud or
virtual infrastructure.
THE POWER OF HALO
INFRASTRUCTUREORCHESTRATION
PUBLIC CLOUDS
PORTAL REST API SOC & GRC SYSTEMSSECURITY ORCHESTRATION ENGINE
SERVERS
DATA CENTERS & PRIVATE CLOUDS
CONTAINERS SERVERS CONTAINERS
www.cloudpassage.com | 800-215-7404
HOW IT IS DIFFERENT
54321
Halo is fast. Installation of agents can be
totally automated.
Halo is portable. It works in any
environment—data centers, private
clouds and public clouds.
Halo agents are extremely
lightweight. All security analytics are conducted on
CloudPassage’s servers, instead of your servers and cloud workloads.
Halo is comprehensive. It includes a broad range of security controls at both the host and the network levels.
Halo is scalable. Our customers routinely deploy
Halo to over 10,000 workloads in just a
few days.
ABOUT CLOUDPASSAGECloudPassage® Halo® is the world’s leading agile security platform that empowers our customers to take full advantage of cloud infrastructure with the confidence that their critical business assets are protected. Halo delivers a comprehensive set of continuous security and compliance functions right where it counts—at the workload. Our platform orchestrates security on-demand, at any scale and works in any cloud or virtual infrastructure (private, public, hybrid or virtual data center). Leading enterprises like Citrix, Salesforce.com and Adobe use CloudPassage today to enhance their security and compliance posture, while at the same time enabling business agility.
ABOUT AWSFor 10 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 70 fully featured services for compute, storage, databases, analytics, mobile, Internet of Things (IoT) and enterprise applications from 33 Availability Zones (AZs) across 12 geographic regions in the U.S., Australia, Brazil, China, Germany, Ireland, Japan, Korea, and Singapore. AWS services are trusted by more than a million active customers around the world—including the fastest growing startups, largest enterprises, and leading government agencies—to power their infrastructure, make them more agile, and lower costs. To learn more about AWS, visit http://aws.amazon.com.
© 2016 CloudPassage. All rights reserved. CloudPassage® and Halo® are registered trademarks of CloudPassage, Inc. CP_SB_ AWS_081116© 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HOW IT WORKS AUTOMATED AGENT DEPLOYMENTHalo uses an ultra-lightweight agent that can be deployed automatically via automated scripts or via popular orchestration tools that you are probably already using, such as Chef, Puppet, Ansible, Salt, Jenkins, BOSH, etc.
AUTOMATED VISIBILITYHalo agent automatically connects to the Halo Orchestration Engine every 60 seconds, giving you visibility to systems that are newly created or auto-scaled.
INSTANT SCALABILITYHalo is delivered as a service so it can scale as rapidly as your IT automation systems can provision new workloads.
AUTOMATED POLICY ASSIGNMENTHalo applies the appropriate policy to each system based on tags that define the application and operating system. These policies follow the workload no matter where the workload physically resides—data center, public cloud, private cloud.
BROAD RANGE OF COMPLIANCE CONTROLSHalo controls are directly applicable to many of the data privacy regulations included in PCI, HIPAA, SOC2, SOX. Controls span server access, workload configuration, software vulnerability assessment, file integrity management, and host-based log storage and analysis.
FULL APIThe CloudPassage Halo platform supports an open, RESTful API that makes it easy to integrate with a range of security and operational solutions.