stackArmor AWS Security MicroSummit

Security MicroSummit Aug 03, 2017

Agenda

PROPRIETARY AND CONFIDENTIAL INFORMATION OF STACKARMOR 2

1 8:00 – 8:30 AM Introductions and Networking

2 8.30 – 9.00 AM Building an AWS Environment for FISMA, FedRAMP,

HIPAA, FFIEC or PCI compliance

3 9:00 – 9:30 AM How to select a Next Generation Firewall Solution – Ed

Caswell , Cloud Consulting Engineer at Palo Alto Networks

4 9:30 – 10:00 AM Securing the AWS Environment with IPS & Monitoring –

Larry Kovalsky, Director, Federal Sales Engineering,

McAfee

5 10:00 – 10:30 AM Deep Packet Inspection on AWS – Shivank Dua, Director,

Security Systems Development at NIKSUN

6 10:30 – 11:00 AM How to build a SOC/NOC and gather Operational

Intelligence with Splunk ES and SplunkCloud

7 11:00 – 11:30 AM Wind-up and Networking

https://www.linkedin.com/in/larry-kovalsky-6481972/

https://www.linkedin.com/in/shivank-dua-93319a1/

About stackArmor

3PROPRIETARY AND CONFIDENTIAL INFORMATION OF STACKARMOR

1 of 10 firms globally with new AWS Security Competency

Advanced AWS Partner with Certifications in GovCloud, Public Sector and Big Data Competencies

Global public sector customer base at the Federal, State and Local Government level

Fortune 500 Commercial clients with strong focus on security and automation

We are a cloud strategy, migration services and cybersecurity & managed operations provider with certified competencies in AWS GovCloud, Public Sector and Regulated Industries.

Global Customer Base and Delivery Model

Cloud Migration | Cloud Security & Compliance | Cloud Management

AWS, Security and Compliance

4PROPRIETARY AND CONFIDENTIAL INFORMATION OF STACKARMOR

Cloud Solutions Architect and Technology Strategist• Focused on full-stack security and operations management • Cloud automation and business process acceleration• Cybersecurity Policies, Procedures and Tactics

Supported the first AWS cloud migration in 2009 for Recovery.gov and have successfully led multiple large enterprise cloud modernization programs in regulated industries, Financial Services and Healthcare.

GPCEO and Founder

www.stackArmor.com@cloudpalgp

https://www.linkedin.com/in/[email protected]

https://www.linkedin.com/in/gppal

mailto:[email protected]

Building a compliant AWS solution?

1. Select eligible services Being compliant means limiting your selection to specific services within

the scope of the compliance framework

Your best friend https://aws.amazon.com/compliance/services-in-scope/


https://aws.amazon.com/compliance/services-in-scope/


2. Architect for Compliance


• Firewall• Logging & Monitoring• Centralized Identity Management• Vulnerability Scanning and Patching• Data Protection and Encryption


3. Generate the compliance artifacts


Document Description

Basic Security Policy This document provides a basic set of high level security policies that allow client to state that they have a security policy in place that can

serve as an initial baseline.

Assessment Plan This is a checklist security assessment, basically a self-assessment with questions asked by an experienced Information Assurance Analyst to

demonstrate understanding and maturity of Cybersecurity posture.

High Level Security

Assessment Report Security Assessment Report (SAR) that summarizes the scope, approach, high level findings and recommendations. The high-level recommendations are for any security controls found to be “not in place” and include description of actions necessary to show the security control is “in place”.

Vulnerability and

Penetration Testing Automated scans with basic parameters with provided autogenerated reports. This effort could be performed by an independent third-party

and the scope of the testing can vary. A final step of remediation and re-testing is normally required.

Letter of Attestation Executive summary of assessment signed by an experienced and certified Cybersecurity Specialist. The letter will attest to the overall level of

risk (Low, Moderate, High) based on the security controls found to be “not in place” and it will include a reference to the methodology

utilized to categorize the system being assessed, selection of security controls assessed.

Hmm…


Recent AWS and Security Trends


Serverless/MicroServices ArchitecturesMajor Serverless architecture building blocks are now compliant including: API Gateway (PCI, HIPAA) AWS Cognito (PCI, HIPAA) AWS Lambda (PCI) AWS DynamoDB (PCI, HIPAA, FedRAMP) AWS EC2 Container Service (PCI, HIPAA)

AWS HIPAA Program Update – Dedicated Instances and Hosts Are No Longer Required

Top Security “Boo boos”Common poor security mistakes Comment

1 Creating unnecessary access and secret keys for IAM Users

Console users don’t need keys

2 Using developer keys instead of instance roles for accessing instance

Use IAM roles to separate access to AWS resources that provide temporary credentials

3 Wide open inbound rules in security groups Restrict entry to specific ports and IP addresses as required

4 Lack of restrictions on production instances Any user can perform actions on production instances. Provision IAM roles that allow for separation of duties.

5 Poor segmentation and zoning of application and data components through the use of public and private sub-nets

Proper zoning through sub-nets allows for segregating netflow and blackholing requests in the event of an attack

6 Lack of boundary protection IDS, IPS, VPN Consider using WAF, IPS/IDS and VPN solutions

7 Inconsistent patch management and vulnerability scanning

Create an information security policy with a patching schedule with roles, responsibilities and reporting


Special Offer for Attendees


$100$

$1,000$

$5,000$

AWS Marketplace credits for any attendee of the AWS Security MicroSummit

AWS Marketplace credits for a specific POC or Pilot

AWS credits for a specific POC or Pilot or new initiative

questions?

Gaurav “GP” Pal

Founder

www.stackArmor.com

Tel: (571) 271 4396

Email: [email protected]

12

http://www.stackarmor.com/

mailto:[email protected]