S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open,...
Transcript of S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open,...
![Page 1: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/1.jpg)
![Page 2: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/2.jpg)
S3
![Page 3: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/3.jpg)
Cloud Native Apps -- 10,000’s of interconnected, ephemeral resources, configured and exposed by more people
![Page 4: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/4.jpg)
Growing Need for Cloud Policy
© 2017 CloudCoreo 4
Cloud services is a never ending struggle that is hard to operationalize. We have no good ways to ensure that standardized configurations are universally enabled. —FASTLY SECURITY ENGINEERING TEAM
![Page 5: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/5.jpg)
![Page 6: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/6.jpg)
![Page 7: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/7.jpg)
• On-Demand Compliance AWS Best Practices, CIS, NIST, SOX, HIPPA
• Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails
•
VISIBILITY + CONTROL
![Page 8: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/8.jpg)
![Page 9: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/9.jpg)
Community - Marketplace - Insights
1
Disrup)ngtheContentCrea)onParadigm
![Page 10: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/10.jpg)
ContentReachvia100’sof
millionsofnewdisplays
NewContentTypes:VR,4K,
AR
AudienceSegmentGrowth
withGranularTarge)ng
MoreContent
M&E,Adver)sing,Gaming,
Architecture,LifeSciences,
Manufacturing,…
New
ContentDistributors
$20BIndustryandGrowing…inM&EAlone
![Page 11: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/11.jpg)
Infrastructure
Processors
Worksta?ons
Collabora?on
Contracts
LargeFiletransport
Security
ITservicesDesign&
renderapps
Clouds
Storage
Freelance / Workforce
Producers
Storage
Processors
Worksta)on
TransportSecurity
Contracts
Clouds
Marketplace
Community Insights
![Page 12: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/12.jpg)
Marketplace
CommunityInsights
Provisioningclouds,crea)vetools,adjacentservices
Fosteringcollabora)on&connec)ons
Drivingresource&assetmanagement
Geographicfreedom.CAPEXlibera)on.Fluidscalability.Connectedpointsolu)ons.Boostedsecurity.
![Page 13: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/13.jpg)
5
Clouds • Choose your public or private cloud
Tools/Services • Unified owned & 3rd party tools & services
• APIs
Talent & Jobs • Talent and project directories
• Auto-provisioning of resources • Price throttling & cloud cost
optimization
• Digital Escrow • 2D/3D Virtual Workstations • Multi-Tier Storage • Rendering • Collaboration Tools • Resource Management • High Speed Data Transfer
• Usage tracked to build verifiable portfolio
Marketplace
Marketplace
..
Digital Assets • Asset discovery & monetization
![Page 14: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/14.jpg)
Connect&Collaborate
Ar)sts
Studios
Producers
Unions,Guilds,
Associa)ons
Educators
Recruiters
• Collaboration • Connection • Peer Support • Feedback
6
.
Community.
![Page 15: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/15.jpg)
7
.
.Analy)cs
• Tools&servicesusage• Budgetinsights• Assetversioncontrol&historicalrecord
• Security/abuseinsights• Compliance
Customers
• Granularproductusagedetails
• Machineperformancerela)vetotool
Partners
• Networkusageup)me• Granularproductusageandrevenueshare
Facili)es
![Page 16: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/16.jpg)
![Page 17: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/17.jpg)
9
![Page 18: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/18.jpg)
DevOps for the IoT(sorry)
![Page 19: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/19.jpg)
SOFTWARE MATTERS...
![Page 20: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/20.jpg)
...EVERYWHERE
![Page 21: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/21.jpg)
BUT WE’RE OUT OF EMBEDDED DEVS
600k Embedded
8m Web
9m Mobilesource: ARM estimates
![Page 22: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/22.jpg)
$ git push resin
![Page 23: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/23.jpg)
RESIN.IO DELIVERY PIPELINE
![Page 24: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/24.jpg)
ON-DEVICE S/W ARCHITECTURE
add-on functionality containers
EXTENSION CONTAINER(S)RESIN.IO CONTAINER
Resin.io Agent
Language Packages
Language Runtime
OS Packages
Base Image
APPLICATION CONTAINER
User Application
Language Packages
Language Runtime
OS Packages
Base Image
![Page 25: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/25.jpg)
70+ production customers across consumer, commercial
and industrial use cases
CUSTOMERS PARTNERS INVESTORS
RESIN.IO COMMUNITY
![Page 26: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/26.jpg)
DEVELOPERS LOVE RESIN.IO
![Page 27: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/27.jpg)
SIGN UP!
![Page 29: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/29.jpg)
EVOLUTION OF AN IOT PROJECT
DEVICES
DATA & ANALYTICS
1 2 3 4
CONNECTIVITY
2
1
3
![Page 30: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/30.jpg)
Security vulnerabilities go unpatched
Features (or lack thereof) are locked in
Software misconfigurations risk downtime or bricked
devices
WITHOUT A MODERN SOFTWARE DEPLOYMENT STRATEGY...
DEVICES
DATA & ANALYTICS
1 2 3 4
CONNECTIVITY
2
1
3
EVOLUTION OF AN IOT PROJECT
![Page 31: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/31.jpg)
DEVICESDEVICES
DATA & ANALYTICS
1 2 3 4
CONNECTIVITY
2
1
3
RESIN.IO + SAFE, ITERATIVE IOT SOFTWARE CODE
4
EVOLUTION OF AN IOT PROJECT
![Page 32: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/32.jpg)
Design and evolve your network like software
Ratul MahajanCofounder and CEO
![Page 33: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/33.jpg)
Network engineering today
Deviceconfigura.ons
Many policy concerns Many protocols Many vendors
Low-level directives
Policyintent
![Page 34: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/34.jpg)
Network complexity results in …
Outages
![Page 35: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/35.jpg)
Network complexity results in …
Outages
Securitybreaches
![Page 36: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/36.jpg)
Network complexity results in …
Outages
Securitybreaches
Lackofagility
It can take a few weeks for even minor changes
![Page 37: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/37.jpg)
SW2
Things will get worseSW
HW HW
SW1
Disaggregation of HW and SW Deployment speed, automation
Transition to hybrid cloud Scale (devices / engineer)
![Page 38: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/38.jpg)
SW2
Things will get worseSW
HW HW
SW1
Disaggregation of HW and SW Deployment speed, automation
Transition to hybrid cloud Scale (devices / engineer)
Network complexity
Ability to handle complexity
Time à
Outages and breaches reside in this gap
![Page 39: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/39.jpg)
Inten:onet mission Transformnetworkengineeringbyintroducing
cu:ng-edgeHWandSWengineeringapproaches
Continuous integration Unit testing
Formal methods “What if” analysis
High-level specification ……
![Page 40: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/40.jpg)
Inten.onetanalysisengine
Inten:onet pla;orm
Viola.ons,erroneousconfigura.onlines
Desiredstate&correctnesscriteria(rou.ng,security,fault-tolerance,...)
Configura.on&state
![Page 41: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/41.jpg)
Inten:onet pla;orm
Plannedconfigura.on
Correctnesscriteria
Inten.onetanalysisengine
Continuous integration for the network
![Page 43: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/43.jpg)
Backup
![Page 44: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/44.jpg)
Things will get worse Disaggregated HW/SW
Hybrid cloud More automation
Finer-grained policies More frequent changes
Higher complexity Higher risk of catastrophic events Manual reasoning cannot scale
Ineffectiveness of superficial analysis
![Page 45: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/45.jpg)
Inten:onet mission Transform network engineering by introducing
cutting-edge HW and SW engineering approaches
Core technologies Formal models of network behavior
Analysis using constraint solvers High-level languages Automatic synthesis
Practices Continuous integration
Unit and functional testing Change and predictive analysis High-level design specification
![Page 46: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/46.jpg)
How To Avoid Network Outages
“While there's a lot of hype about hacking and DDoS ….. more than 50% of outages will be caused by change/configuration/release integration.”
Whatcausesthemajorityoffirewallbreaches?It’stemp.ngtoassumethathacking…..99%offirewallbreacheswillbecausedbysimplefirewallmisconfiguraBons.
hJp://www.networkcompu.ng.com/networking/how-avoid-network-outages-go-back-basics/257686406
hJp://www.infosecurity-magazine.com/opinions/to-err-is-human-to-automate-divine/
![Page 47: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/47.jpg)
How To Avoid Network Outages
“While there's a lot of hype about hacking and DDoS ….. more than 50% of outages will be caused by change/configuration/release integration.”
Whatcausesthemajorityoffirewallbreaches?It’stemp.ngtoassumethathacking…..99%offirewallbreacheswillbecausedbysimplefirewallmisconfiguraBons.
hJp://www.networkcompu.ng.com/networking/how-avoid-network-outages-go-back-basics/257686406
hJp://www.infosecurity-magazine.com/opinions/to-err-is-human-to-automate-divine/
JuniperResearch
![Page 48: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/48.jpg)
Why configura:on is hard
Large,complexinfrastructureSophis.catedSLOs
Richpolicies
Low-leveldesignlanguagesCrudeanalysistools
Diverseprotocols,vendors
![Page 49: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/49.jpg)
Networks are complex and fragile
Outages
Securitybreaches
ComplianceviolaBons
![Page 50: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/50.jpg)
Networks are complex and fragile
Securitybreaches
ComplianceviolaBons
Nopeaceofmind
Outages
![Page 51: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/51.jpg)
Comprehensive analysis
Compliance and best prac:ces Data flow
Change analysis Fault tolerance
![Page 52: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/52.jpg)
Unique capabili:es compared to monitoring
Proactive protection • Erroneous configuration never reaches the network
Guaranteed correctness
• Strong, formal guarantees on data flow and compliance Agility
• Rapid evolution without fear of outages and breaches
![Page 53: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/53.jpg)
Use case (1/3)
Inten.onetservice
Plannedconfigura.on
Correctnesscriteria
Deploy
Pre-deploymentcorrectnesscerBficaBonConBnuousintegraBon
![Page 54: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/54.jpg)
Use case (2/3)
Inten.onetservice
Plannedconfigura.on
Currentconfigura.on
Func.onaldifferences
PreventcollateraldamagePredicBveanalysis
![Page 55: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/55.jpg)
Use case (3/3)
SpeednetworkdesignSafemigraBontonewdesigns
Inten.onetservice
Newnetworkdesign Answers
Queriesontrafficflow
![Page 56: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/56.jpg)
Example issues in customer networks
Sensitive, internal resources were accessible from outside
[bad firewall rules]
Neighboring networks could hijack internal IP address
space [bad routing filters]
IPSec tunnels were not being established
[bad VPN keys]
Non-compliant AAA settings [bad AAA configuration]
![Page 57: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/57.jpg)
In the words of our customers
“The Intentionet report was mind blowing.”
“You guys have a tiger by the tail here. Very excited
for your startup.”
“This is incredible data and I can't wait to broaden to the rest of our network.”
“One of my NOC guys stopped by today to ask
what voodoo I was using to find such things :)”
![Page 58: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/58.jpg)
Demo
![Page 59: S3 · AWS Best Practices, CIS, NIST, SOX, HIPPA • Continuous Auditing and Governance Open, customizable rules to provide deployment guardrails • ... Practices Continuous integration](https://reader034.fdocuments.in/reader034/viewer/2022042310/5ed7a2c621f2f81ba73da235/html5/thumbnails/59.jpg)
Inten:onet design engine
High-levelspecifica.on(e.g.,thisishowpacketsshouldflows)Generateslow-levelconfigura.on(e.g.,Cisco,Juniper,…)Provablycorrectandevolu.on-friendlyWell-receivedpapersattopresearchvenues(SIGCOMM,PLDI)