Providing development and engineering teams with access to cloud resources introduces challenges around deploying the proper security policies. Organizations need automated security solutions that enable their engineers to spin up their own secure environments for application development with a push of a button. Join our upcoming webinar with Palo Alto Networks, REAN Cloud, and AWS, to learn how organizations are leveraging Palo Alto Networks VM-Series and REAN Cloud to build a simple, fast, and automated solution on AWS that helps provision secure environments for developers.
2. What is Driving AWS Adoption?
Urgent Need to Respond to Business Needs for:
Increased
Agility
Flexibility
Lower Costs and
Transparency
More
Capabilities
Go Global in
Minutes
Remove Infrastructure
Dependencies
Remove IT as a “Blocker” to Innovation
3. Compelling Events on the Journey
Value
Time
Discovery
and Testing
Application-
Based Projects
Cloud-First /
Standardization
Business
Transformation
Build applications
to run on the AWS
Cloud
Dev & Test /
Startups
Production App
Migration
“Cloud-First”
Standardization /
Mass Migration
Automation /
Business Innovation
Projects
Current State
1
2
3
4
5
4. Automating logging
and monitoring
Simplifying resource
access
Making it easy
to encrypt properly
Enforcing
strong authentication
AWS Can Be More Secure than Your
Existing Environment
In a recent report which found that most customers can be more secure in
AWS than their on-premises environment. How?
6. Constantly Monitored
Network access is monitored by AWS
security managers daily
AWS CloudTrail lets you monitor
and record all API calls
Amazon Inspector automatically assesses
applications for vulnerabilities
The AWS infrastructure is protected by extensive network
and security monitoring systems:
7. Highly Available
44 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
Retain control of where your data resides
for compliance with regulatory requirements
Mitigate the risk of DDoS attacks using
services like Route 53
Dynamically grow to meet unforeseen demand
using Auto Scaling
The AWS infrastructure footprint helps protect your data
from costly downtime:
8. Integrated with Your Existing Resources
Integrate your existing Active Directory
Use dedicated connections as a secure,
low-latency extension of your data center
Provide and manage your own encryption
keys if you choose
AWS enables you to improve your security using many
of your existing tools and practices:
11. Applications and Data Are the Target
The attack life cycle applies to both physical or virtualized
networks in the cloud
Infect
User
Gain
Foothold
Move
Laterally Steal
Data
Build
Botnets
Harvest
Bitcoin
Execute Goal:
On the network
or in the Cloud
12. What We Do
Next-generation firewall on AWS
Deployed as an EC2 instance in a VPC
Identify and control apps – not ports
Prevent known and unknown threats
Centrally managed for policy consistency
Automation to keep pace with the cloud
Hourly and annual Marketplace subscriptions
and bring your own license (BYOL)
AWS Security Competency
Approved through integration with
ELB/ALB and Auto Scaling
15. Devops and Security Working Together?
DevOps
Dynamic environment
Frequent workload changes
Code security is Job 1
Security
Structured, follow change
control best practices
Protection of digital assets
is Job 1
18. Bi-Directional Integration Via an XML API
Inbound
XML changes to Bootstrap file
Block lists
3rd party policy management tools
Outbound
Amazon CloudWatch
ServiceNow
Orchestration tools
21. Who We Are
Established: 2013
Presence:
USA, India
Number of Employees: 300+
AWS Certifications: 150+ (Including 15+ Professional
Certifications)
Industry Focus:
Education, Government, Healthcare / Life Sciences,
Financial Services, and ISV
Corporate Highlights:
Migration Competency
DevOps Competency
Storage Competency
Microsoft Workloads Competency
Life Sciences Competency
Government Competency
Education Competency
Financial Services Competency
Managed Services Partner
Market Place Partner
22. REAN Cloud Service Offering
REAN Managed
Cloud Services
REAN
Implementation
Services
REAN Business
Consulting
Migration
Native AWS
Application
Development
DevOps (CI|CD)
Implementation Billing as a Service
Secure Infrastructure
Setup
Security & Risk Assessment
ROI & Business Case
Justification Cloud Adoption Strategy Cloud Architecture
CloudSecOpsDataDevOpsBizDevOps
Managed Cloud Services
DR & Business Continuity Planning
(BCP) Governance & Compliance
25. REAN Deploy - Packaged Cloud Resources
Features
Drag and Drop
Environment
Infrastructure as Code
Multi-Platform Support
Provisioner Agnostic
26. REAN Deploy - Infrastructure as Code
Cloud
Provider
Resources
Application
Packages
DEV / QA / PROD
Environment Blueprint
+
CD Pipeline
Provision/Validate
Infrastructure
Provision/Validate
Applications
Functional
Regression
Testing
Security Testing
Infrastructure
As
Code (IaC)
28. Background: Who is Gigamon
Gigamon is an ISV that offers a Visibility Platform
that helps manage, secure, and understand data
in motion
Solution levered in federal, financial services,
healthcare, and technology service providers
Used Palo Alto Network Firewall in their on-prem
development environments
Global offices across 20 different countries
29. Challenge: Efficiently & Securely Providing
Developer Environments
Needed to take their solution to support the
cloud
Did a migration to the cloud for development
and had some challenging results
Virtually unlimited developer access to cloud
resources introduced vulnerabilities
Unstructured environments hampered
developer productivity
New environments being spun up by
developers put operating budgets at risk
30. Challenge: Security Bottlenecks
Deploying third party security into VPCs was
introducing bottlenecks
Developers wanted to operate freely, and
iterate quickly
Security team concerned about new,
unsecured environments
31. Define and develop
a simple, fast, and
automated solution
Provision new Amazon
VPCs automatically
protected by VM-
Series Firewall
Develop control VPC
to accept new VPN
connections from
developer VPCs
Automate all workflows
to simplify the creation
of developer
environments
The Palo Alto Networks and
REAN Cloud Solution
32. Securing Developer VPCs
Install the VM-Series into the control VPC
Setup VPNs to VPCs and to other locations
Implement an orchestration tool to extract
instance IP addresses
Build bootstrap code out of the network
interfaces and IP addresses
Leverage the bootstrap code to spin up new
environments with VM-Series and security
policies already in place
33. Creating the right foundation….
Setting up a common
security infrastructure to
support a range of
developer needs
Control VPC supports
connections for:
Development VPCs
Separate Regions
On-Premise
High Availability
34. Automating the deployment
Provision the Control VPC
Multiple automaton
approaches; REAN Deploy,
Cloud Formation,
Teraform, etc.
Deploy in layers
36. Automating the VM-Series Firewall
Fully managed
deployment in any VPC
configuration
Bootstrap the VM-Series
Firewall
Challenge: How do you know
about the network interfaces
before you deployed the
instances
37. Automating the VM-Series Firewall
Challenge: How do you know
about the network interfaces
before you deployed the
instances
Deploy networking
infrastructure
Use an Orchestrator (i.e.
Jenkins)
Pull IP addresses of
deployed configuration
38. Automating the VM-Series Firewall
Need to create bootstrap
code
Built config manually
Exported configuration
XML output
47. Automating the VM-Series Firewall
Ready for Developer to
deploy
Automated the
deployment of a series of
configurations
48. Automating the VM-Series Firewall
5-10 minute deployment
time
Developer up and running
with access to VPC from
on-prem network
Automated teardown as-
well
49. Automating the VM-Series Firewall
Ready for Developer to
deploy
Automated the
deployment of a series of
configurations
50. Automating the VM-Series Firewall
Ready for Developer to
deploy
Automated the
deployment of a series of
configurations
53. Results and Benefits
Deploy one or more
already secured
developer VPCs with
the push of a button
New VPCs are
connected to central
VPC via IPsec to
maintain compliance
Unsecured developer
environments are no
longer a concern
Successfully extended
their portfolio to cloud
technologies while
maintaining efficiency
and security
54. Next Steps
Available in AWS Marketplace
Two bundles available as annual
or hourly subscriptions
Bring your own license (BYOL)
Pick and choose licenses,
subscriptions and support to best
suite our needs
Supported in AWS Regions and AWS
GovCloud (US)
Palo Alto Networks REAN Cloud
Consulting Services
Cloud Architecture Designs
Security Assessments
Implementation Services
Build secure Foundation (Landing Zone)
Blueprints for various
VM Series deployments