SlideShare una empresa de Scribd logo

Barracuda, AWS & Securosis: Application Security for the Cloud

Descargar como PPTX, PDF
Amazon Web Services
Amazon Web Services

Ready to innovate on AWS, but want security that’s just as agile? In this webinar AWS, Barracuda Networks, and Securosis will show you leading-edge application security techniques for creating secure application environments, embedding security into continuous deployment, and scaling security to perfectly fit your operations. You will see the power of automating security on AWS with practical, hands-on examples. Harness the power of cloud and DevOps for security that leaves traditional infrastructures behind.

Tecnología
1 de 56
Barracuda, AWS & Securosis: Application Security for the Cloud Nick Matthews, Solutions Architect, AWS Rich Mogull, Securosis, Analyst & CEO Tushar Richabadas, Product Manager, Barracuda
Nick Matthews, Solutions Architect, AWS Rich Mogull, Securosis, Analyst & CEO Tushar Richabadas, Product Manager, Barracuda Today’s Presenters
Today’s Agenda • Security on AWS • Web Application Security for the Cloud Age • Barracuda WAF on AWS product overview & demo • Q&A/Discussion
Learning Objectives • Challenges of app security when moving to the cloud • Methods for securing web, mobile, and API-based applications • Live demo of the Barracuda WAF securing an AWS app
Security on AWS
Familiar Security Model Validated and driven by customers’ security experts Benefits all customers PEOPLE & PROCESS SYSTEM NETWORK PHYSICAL Security is Job Zero
AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption AWS and you share responsibility for security
The challenge: How to integrate security into DevOps workloads so that developers can focus on application development without worrying about online attacks. Moving from DevOps to DevSecOps DevOps + Security = DevSecOps
Web Application Security for the Cloud Age Rich Mogull @rmogull
• Cloud can be more secure than traditional datacenters. • The economics are in your favor. • Cloud architectures can wipe out some traditional security headaches. • This isn’t theory, it’s being done today. • But only if you understand how to leverage the cloud. • We can use this to dramatically improve web application security. Little. Cloudy. Different.
• For clients to use a cloud provider, they must trust the provider. • This is especially true for anything with a sensitive data or process. • Thus security has to be a top priority for a provider or you won’t use them. • A major breach for a provider that affects multiple customers is an existential event. You get one chance
• Security tools and testing are typically added after the fact • And, often, manually • Dev and Ops just hate it when security tool changes or updates break “functionality” • Even when said functionality is a security issue • DevOps + Cloud = Immutable = Security Automation and Integration Automating Security
Controlling Blast Radius
• Segregating networks in a data center is hard, expensive, and often unwieldy. • It’s hard to isolate application services on physical machines. • Even using virtual machines has a lot of management overhead. • Attackers drop in and move North/South in application stacks, and East/West on networks (or both). Segregation is critical but hard
Limiting blast radius Account Security Group Virtual Network Subnet Virtual Network Subnet Security Group
To a host or network… Account Virtual Network Subnet Virtual Network Subnet Security Group Boom Security Group
To a host or network… Account Virtual Network Subnet Virtual Network Subnet Security Group Boom Security Group
Or an entire “data center” Account Virtual Network Subnet Virtual Network Subnet Security Group Account Virtual Network Subnet Virtual Network Subnet Security Group Account Virtual Network Subnet Virtual Network Subnet Security Group Security Group Security Group Security Group
Or an entire “data center” Account Virtual Network Subnet Virtual Network Subnet Security Group Account Virtual Network Subnet Virtual Network Subnet Security Group Account Virtual Network Subnet Virtual Network Subnet Security Group Boom Security Group Security Group Security Group
But This Works Best with Infrastructure as Code
• Instead of updating, you completely replace infrastructure through automation. • Can apply to a single server, up to an entire application stack. • Incredibly resilient and secure. Think “servers without logins.” The Power of Immutable Image from: http://tourismplacesworld.blogspot.com/2012/07/uluru.html
Source Code GitCloudformation Templates Jenkins Functional Tests Chef Recipes Chef Server NonFunctional Tests Security Tests Test Prod CI for Web Application Security Automation
Immutable Infrastructure Internet Template A:
Immutable Infrastructure Template A: Template B: Internet
Immutable Infrastructure Template A: Template B: Internet
Immutable Infrastructure Template A: Template B: Internet
Immutable Infrastructure Template B: Internet
Immutable Infrastructure Template B: Internet
Embedding and Automating Security with Immutable
How immutable servers work: Auto scaling Load Balancer a b c Auto Scale Group
Load Balancer a b c Auto Scale Group How immutable works: Auto scaling
Load Balancer a b c Auto Scale Group How immutable works: Auto scaling
Load Balancer Auto Scale Group a b c Vulnerable Patched How immutable works: Auto scaling
Load Balancer Auto Scale Group a b c Vulnerable Patched How immutable works: Auto scaling
Load Balancer Auto Scale Group a b c Vulnerable Patched How immutable works: Auto scaling
How immutable works: Auto scaling Load Balancer Auto Scale Group a b c Vulnerable Patched
• Easier to deploy smaller services since you can right-fit both networks and hosts/containers • Easier to isolate • Can integrate PaaS for “network air gaps” Application Hardening Through Architecture and Automation
DEMO!!!
Our Deployment Pipeline +
• Cloud providers have massive economic incentives to be better at security than anyone else. • In reality, we see this mostly in IaaS…SaaS can still be pretty messy. • Cloud is not merely “virtual machines.” • To get the security benefits you need to rethink how you do things and retool operations to be specific for not only cloud, but your cloud providers of preference. • Architecture and automation are the keys! • There are incredible opportunities to leverage the inherent characteristics of cloud platforms to improve security. • From managing blast radius to eliminating unapproved infrastructure changes. Web Application Security for the Cloud
Web Application Security for the Cloud Age Rich Mogull @rmogull
Tushar Richabadas Product Manager, Barracuda
Bridge app security and delivery gaps
Barracuda WAF Demo Barracuda Web Application Firewall for AWS
Real-World Use Case Large Financial Institution
Challenges • Central InfoSec Team • LOB-Specific Toolchains • Need Fully Automated Deployments
Solving Customer Challenges • Automation and Ease of Deployment • Security • Cost Control
Architecture Dev/QA/Prod Promotion: • Scrub kickstart config for env • Pull latest AMI into CFT • Add to the App’s AWS Acct • Grab configuration • Audit vs. Central • Validate exceptions Promotion Process Amazon S3 Central Bucket Ready for QA, modified config Rest API Call sends config Amazon S3 Dev Bucket Amazon S3 QA Bucket Central Config Backups Dev Config Dev CFT QA Config QA CFT Developer QA Central Security Team
Engineered for AWS deployments Elastic Load Balancer Auto-Scaling Group Barracuda WAF Cluster AUTO-SCALING Virtual Private Cloud Server 1 Server NElastic Load Balancer
All-in-One Application Security Platform Session Persistence Security & DDoS Protection Logging & Reporting Authentication & Access Control Load Balancing & Server Health Monitoring SSL & Performance Acceleration
Licensing
Cloud Ready, Set, Go! • Get tutorials and videos: • https://www.barracuda.com/programs/aws • Hands-on lab of the Barracuda WAF on AWS: • https://campus.barracuda.com/product/webapplic ationfirewall/article/display/BWAFv76/70586316/ • Launch a 90-day free trial of Barracuda WAF: • https://aws.amazon.com/marketplace/pp/B014G EC526
Q&A Nick Matthews, Solutions Architect, AWS Rich Mogull, Securosis, Analyst & CEO Tushar Richabadas, Product Manager, Barracuda
Thank you! Recording & Slides Will Be Available in 2 to 3 Business Days

Recomendados

Best practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSBest practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWS
Amazon Web Services
 
Moving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWSMoving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWS
Amazon Web Services
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
Amazon Web Services Korea
 
Best Practices for Bringing Microsoft License and Applications to AWS
Best Practices for Bringing Microsoft License and Applications to AWS Best Practices for Bringing Microsoft License and Applications to AWS
Best Practices for Bringing Microsoft License and Applications to AWS
Amazon Web Services
 
AWS June Webinar Series - Deep dive: Hybrid Architectures
AWS June Webinar Series - Deep dive: Hybrid ArchitecturesAWS June Webinar Series - Deep dive: Hybrid Architectures
AWS June Webinar Series - Deep dive: Hybrid Architectures
Amazon Web Services
 
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
AWS Summit Barcelona - Hybrid & Enterprise Apps
AWS Summit Barcelona - Hybrid & Enterprise AppsAWS Summit Barcelona - Hybrid & Enterprise Apps
AWS Summit Barcelona - Hybrid & Enterprise Apps
Amazon Web Services
 

Recomendados

Best practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWSBest practices to Support Active Directory Aware Workloads on AWS
Best practices to Support Active Directory Aware Workloads on AWS
Amazon Web Services
 
Moving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWSMoving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWS
Amazon Web Services
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
Amazon Web Services Korea
 
Best Practices for Bringing Microsoft License and Applications to AWS
Best Practices for Bringing Microsoft License and Applications to AWS Best Practices for Bringing Microsoft License and Applications to AWS
Best Practices for Bringing Microsoft License and Applications to AWS
Amazon Web Services
 
AWS June Webinar Series - Deep dive: Hybrid Architectures
AWS June Webinar Series - Deep dive: Hybrid ArchitecturesAWS June Webinar Series - Deep dive: Hybrid Architectures
AWS June Webinar Series - Deep dive: Hybrid Architectures
Amazon Web Services
 
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
(NET208) Enable & Secure Your Business Apps via the Hybrid Cloud on AWS
Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
AWS Summit Barcelona - Hybrid & Enterprise Apps
AWS Summit Barcelona - Hybrid & Enterprise AppsAWS Summit Barcelona - Hybrid & Enterprise Apps
AWS Summit Barcelona - Hybrid & Enterprise Apps
Amazon Web Services
 
Being compliant with Microsoft Licensing on AWS
Being compliant with Microsoft Licensing on AWSBeing compliant with Microsoft Licensing on AWS
Being compliant with Microsoft Licensing on AWS
Amazon Web Services
 
Licensing Windows Workloads on AWS - AWS Online Tech Talks
Licensing Windows Workloads on AWS - AWS Online Tech TalksLicensing Windows Workloads on AWS - AWS Online Tech Talks
Licensing Windows Workloads on AWS - AWS Online Tech Talks
Amazon Web Services
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWS
Amazon Web Services
 
Deep Dive: Hybrid Architectures
Deep Dive: Hybrid ArchitecturesDeep Dive: Hybrid Architectures
Deep Dive: Hybrid Architectures
Amazon Web Services
 
Migration of Microsoft Workloads
Migration of Microsoft WorkloadsMigration of Microsoft Workloads
Migration of Microsoft Workloads
Amazon Web Services
 
A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017
Amazon Web Services
 
VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017
VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017
VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both WorldsAWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
Amazon Web Services
 
Everything you wanted to know about licensing Windows workloads on AWS, but w...
Everything you wanted to know about licensing Windows workloads on AWS, but w...Everything you wanted to know about licensing Windows workloads on AWS, but w...
Everything you wanted to know about licensing Windows workloads on AWS, but w...
Amazon Web Services
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
Shiva Narayanaswamy
 
Microservices on AWS: Divide & Conquer for Agility and Scalability
Microservices on AWS: Divide & Conquer for Agility and Scalability Microservices on AWS: Divide & Conquer for Agility and Scalability
Microservices on AWS: Divide & Conquer for Agility and Scalability
Amazon Web Services
 
Microsoft licensing on AWS
Microsoft licensing on AWSMicrosoft licensing on AWS
Microsoft licensing on AWS
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
Amazon Web Services
 
Running Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS CloudRunning Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS Cloud
Amazon Web Services
 
Building enterprise class disaster recovery as a service to aws - session spo...
Building enterprise class disaster recovery as a service to aws - session spo...Building enterprise class disaster recovery as a service to aws - session spo...
Building enterprise class disaster recovery as a service to aws - session spo...
Amazon Web Services
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
Amazon Web Services
 
Hybrid cloud sample architectures
Hybrid cloud sample architecturesHybrid cloud sample architectures
Hybrid cloud sample architectures
Jarek Sokolnicki
 
Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017
Amazon Web Services
 
Microservices Architecture for Web Applications using Serverless Computing wi...
Microservices Architecture for Web Applications using Serverless Computing wi...Microservices Architecture for Web Applications using Serverless Computing wi...
Microservices Architecture for Web Applications using Serverless Computing wi...
Mitoc Group
 
Microservices Architecture for MEAN Applications using Serverless AWS
Microservices Architecture for MEAN Applications using Serverless AWSMicroservices Architecture for MEAN Applications using Serverless AWS
Microservices Architecture for MEAN Applications using Serverless AWS
Mitoc Group
 

Más contenido relacionado

La actualidad más candente

ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWS
Amazon Web Services
 
A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017
Amazon Web Services
 
VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017
VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017
VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017
Amazon Web Services
 
Everything you wanted to know about licensing Windows workloads on AWS, but w...
Everything you wanted to know about licensing Windows workloads on AWS, but w...Everything you wanted to know about licensing Windows workloads on AWS, but w...
Everything you wanted to know about licensing Windows workloads on AWS, but w...
Amazon Web Services
 
Running Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS CloudRunning Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS Cloud
Amazon Web Services
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
Amazon Web Services
 

La actualidad más candente (20)

Being compliant with Microsoft Licensing on AWS
Being compliant with Microsoft Licensing on AWSBeing compliant with Microsoft Licensing on AWS
Being compliant with Microsoft Licensing on AWS
 
Licensing Windows Workloads on AWS - AWS Online Tech Talks
Licensing Windows Workloads on AWS - AWS Online Tech TalksLicensing Windows Workloads on AWS - AWS Online Tech Talks
Licensing Windows Workloads on AWS - AWS Online Tech Talks
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWS
 
Deep Dive: Hybrid Architectures
Deep Dive: Hybrid ArchitecturesDeep Dive: Hybrid Architectures
Deep Dive: Hybrid Architectures
 
Migration of Microsoft Workloads
Migration of Microsoft WorkloadsMigration of Microsoft Workloads
Migration of Microsoft Workloads
 
A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017
 
VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017
VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017
VMWare Cloud for the AWS Cloud | AWS Public Sector Summit 2017
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both WorldsAWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
 
Everything you wanted to know about licensing Windows workloads on AWS, but w...
Everything you wanted to know about licensing Windows workloads on AWS, but w...Everything you wanted to know about licensing Windows workloads on AWS, but w...
Everything you wanted to know about licensing Windows workloads on AWS, but w...
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
 
Microservices on AWS: Divide & Conquer for Agility and Scalability
Microservices on AWS: Divide & Conquer for Agility and Scalability Microservices on AWS: Divide & Conquer for Agility and Scalability
Microservices on AWS: Divide & Conquer for Agility and Scalability
 
Microsoft licensing on AWS
Microsoft licensing on AWSMicrosoft licensing on AWS
Microsoft licensing on AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Running Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS CloudRunning Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS Cloud
 
Building enterprise class disaster recovery as a service to aws - session spo...
Building enterprise class disaster recovery as a service to aws - session spo...Building enterprise class disaster recovery as a service to aws - session spo...
Building enterprise class disaster recovery as a service to aws - session spo...
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
 
Hybrid cloud sample architectures
Hybrid cloud sample architecturesHybrid cloud sample architectures
Hybrid cloud sample architectures
 
Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017
 

Similar a Barracuda, AWS & Securosis: Application Security for the Cloud

Microservices Architecture for Web Applications using Serverless Computing wi...
Microservices Architecture for Web Applications using Serverless Computing wi...Microservices Architecture for Web Applications using Serverless Computing wi...
Microservices Architecture for Web Applications using Serverless Computing wi...
Mitoc Group
 
Microservices Architecture for MEAN Applications using Serverless AWS
Microservices Architecture for MEAN Applications using Serverless AWSMicroservices Architecture for MEAN Applications using Serverless AWS
Microservices Architecture for MEAN Applications using Serverless AWS
Mitoc Group
 
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Amazon Web Services
 
Microservices Architecture for Web Applications using AWS Lambda and more
Microservices Architecture for Web Applications using AWS Lambda and moreMicroservices Architecture for Web Applications using AWS Lambda and more
Microservices Architecture for Web Applications using AWS Lambda and more
Mitoc Group
 
Microservices Architecture for Digital Platforms using Serverless AWS
Microservices Architecture for Digital Platforms using Serverless AWSMicroservices Architecture for Digital Platforms using Serverless AWS
Microservices Architecture for Digital Platforms using Serverless AWS
Mitoc Group
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
Amazon Web Services
 

Similar a Barracuda, AWS & Securosis: Application Security for the Cloud (20)

Microservices Architecture for Web Applications using Serverless Computing wi...
Microservices Architecture for Web Applications using Serverless Computing wi...Microservices Architecture for Web Applications using Serverless Computing wi...
Microservices Architecture for Web Applications using Serverless Computing wi...
 
Microservices Architecture for MEAN Applications using Serverless AWS
Microservices Architecture for MEAN Applications using Serverless AWSMicroservices Architecture for MEAN Applications using Serverless AWS
Microservices Architecture for MEAN Applications using Serverless AWS
 
Expanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureExpanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud Infrastructure
 
Expanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureExpanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud Infrastructure
 
ARC201 Microservices Architecture @ AWS re:Invent 2015
ARC201 Microservices Architecture @ AWS re:Invent 2015ARC201 Microservices Architecture @ AWS re:Invent 2015
ARC201 Microservices Architecture @ AWS re:Invent 2015
 
Build Web Applications using Microservices on Node.js and Serverless AWS
Build Web Applications using Microservices on Node.js and Serverless AWSBuild Web Applications using Microservices on Node.js and Serverless AWS
Build Web Applications using Microservices on Node.js and Serverless AWS
 
Microservices Architecture for Content Management Systems using AWS Lambda an...
Microservices Architecture for Content Management Systems using AWS Lambda an...Microservices Architecture for Content Management Systems using AWS Lambda an...
Microservices Architecture for Content Management Systems using AWS Lambda an...
 
Enterprise Management for the AWS Cloud
Enterprise Management for the AWS CloudEnterprise Management for the AWS Cloud
Enterprise Management for the AWS Cloud
 
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
 
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
 
Microservices Architecture for Web Applications using AWS Lambda and more
Microservices Architecture for Web Applications using AWS Lambda and moreMicroservices Architecture for Web Applications using AWS Lambda and more
Microservices Architecture for Web Applications using AWS Lambda and more
 
Microservices Architecture for Web Applications using Amazon AWS Cloud
Microservices Architecture for Web Applications using Amazon AWS CloudMicroservices Architecture for Web Applications using Amazon AWS Cloud
Microservices Architecture for Web Applications using Amazon AWS Cloud
 
Microservices Architecture for Digital Platforms using Serverless AWS
Microservices Architecture for Digital Platforms using Serverless AWSMicroservices Architecture for Digital Platforms using Serverless AWS
Microservices Architecture for Digital Platforms using Serverless AWS
 
Ask The Architect: RightScale & AWS Dive Deep into Hybrid IT
Ask The Architect: RightScale & AWS Dive Deep into Hybrid ITAsk The Architect: RightScale & AWS Dive Deep into Hybrid IT
Ask The Architect: RightScale & AWS Dive Deep into Hybrid IT
 
Cisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformCisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud Platform
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
 
Migrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWSMigrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWS
 
[India Merge World Tour] Electric Cloud
[India Merge World Tour] Electric Cloud[India Merge World Tour] Electric Cloud
[India Merge World Tour] Electric Cloud
 
Implementing Service Oriented Architecture
Implementing Service Oriented ArchitectureImplementing Service Oriented Architecture
Implementing Service Oriented Architecture
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Barracuda, AWS & Securosis: Application Security for the Cloud

  • 1. Barracuda, AWS & Securosis: Application Security for the Cloud Nick Matthews, Solutions Architect, AWS Rich Mogull, Securosis, Analyst & CEO Tushar Richabadas, Product Manager, Barracuda
  • 2. Nick Matthews, Solutions Architect, AWS Rich Mogull, Securosis, Analyst & CEO Tushar Richabadas, Product Manager, Barracuda Today’s Presenters
  • 3. Today’s Agenda • Security on AWS • Web Application Security for the Cloud Age • Barracuda WAF on AWS product overview & demo • Q&A/Discussion
  • 4. Learning Objectives • Challenges of app security when moving to the cloud • Methods for securing web, mobile, and API-based applications • Live demo of the Barracuda WAF securing an AWS app
  • 6. Familiar Security Model Validated and driven by customers’ security experts Benefits all customers PEOPLE & PROCESS SYSTEM NETWORK PHYSICAL Security is Job Zero
  • 7. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption AWS and you share responsibility for security
  • 8. The challenge: How to integrate security into DevOps workloads so that developers can focus on application development without worrying about online attacks. Moving from DevOps to DevSecOps DevOps + Security = DevSecOps
  • 9. Web Application Security for the Cloud Age Rich Mogull @rmogull
  • 10. • Cloud can be more secure than traditional datacenters. • The economics are in your favor. • Cloud architectures can wipe out some traditional security headaches. • This isn’t theory, it’s being done today. • But only if you understand how to leverage the cloud. • We can use this to dramatically improve web application security. Little. Cloudy. Different.
  • 11. • For clients to use a cloud provider, they must trust the provider. • This is especially true for anything with a sensitive data or process. • Thus security has to be a top priority for a provider or you won’t use them. • A major breach for a provider that affects multiple customers is an existential event. You get one chance
  • 12. • Security tools and testing are typically added after the fact • And, often, manually • Dev and Ops just hate it when security tool changes or updates break “functionality” • Even when said functionality is a security issue • DevOps + Cloud = Immutable = Security Automation and Integration Automating Security
  • 14. • Segregating networks in a data center is hard, expensive, and often unwieldy. • It’s hard to isolate application services on physical machines. • Even using virtual machines has a lot of management overhead. • Attackers drop in and move North/South in application stacks, and East/West on networks (or both). Segregation is critical but hard
  • 15. Limiting blast radius Account Security Group Virtual Network Subnet Virtual Network Subnet Security Group
  • 16. To a host or network… Account Virtual Network Subnet Virtual Network Subnet Security Group Boom Security Group
  • 17. To a host or network… Account Virtual Network Subnet Virtual Network Subnet Security Group Boom Security Group
  • 18. Or an entire “data center” Account Virtual Network Subnet Virtual Network Subnet Security Group Account Virtual Network Subnet Virtual Network Subnet Security Group Account Virtual Network Subnet Virtual Network Subnet Security Group Security Group Security Group Security Group
  • 19. Or an entire “data center” Account Virtual Network Subnet Virtual Network Subnet Security Group Account Virtual Network Subnet Virtual Network Subnet Security Group Account Virtual Network Subnet Virtual Network Subnet Security Group Boom Security Group Security Group Security Group
  • 20. But This Works Best with Infrastructure as Code
  • 21. • Instead of updating, you completely replace infrastructure through automation. • Can apply to a single server, up to an entire application stack. • Incredibly resilient and secure. Think “servers without logins.” The Power of Immutable Image from: http://tourismplacesworld.blogspot.com/2012/07/uluru.html
  • 23.
  • 25. Immutable Infrastructure Template A: Template B: Internet
  • 26. Immutable Infrastructure Template A: Template B: Internet
  • 27. Immutable Infrastructure Template A: Template B: Internet
  • 31. How immutable servers work: Auto scaling Load Balancer a b c Auto Scale Group
  • 32. Load Balancer a b c Auto Scale Group How immutable works: Auto scaling
  • 33. Load Balancer a b c Auto Scale Group How immutable works: Auto scaling
  • 34. Load Balancer Auto Scale Group a b c Vulnerable Patched How immutable works: Auto scaling
  • 35. Load Balancer Auto Scale Group a b c Vulnerable Patched How immutable works: Auto scaling
  • 36. Load Balancer Auto Scale Group a b c Vulnerable Patched How immutable works: Auto scaling
  • 37. How immutable works: Auto scaling Load Balancer Auto Scale Group a b c Vulnerable Patched
  • 38. • Easier to deploy smaller services since you can right-fit both networks and hosts/containers • Easier to isolate • Can integrate PaaS for “network air gaps” Application Hardening Through Architecture and Automation
  • 40.
  • 42. • Cloud providers have massive economic incentives to be better at security than anyone else. • In reality, we see this mostly in IaaS…SaaS can still be pretty messy. • Cloud is not merely “virtual machines.” • To get the security benefits you need to rethink how you do things and retool operations to be specific for not only cloud, but your cloud providers of preference. • Architecture and automation are the keys! • There are incredible opportunities to leverage the inherent characteristics of cloud platforms to improve security. • From managing blast radius to eliminating unapproved infrastructure changes. Web Application Security for the Cloud
  • 43. Web Application Security for the Cloud Age Rich Mogull @rmogull
  • 45. Bridge app security and delivery gaps
  • 46. Barracuda WAF Demo Barracuda Web Application Firewall for AWS
  • 47. Real-World Use Case Large Financial Institution
  • 48. Challenges • Central InfoSec Team • LOB-Specific Toolchains • Need Fully Automated Deployments
  • 49. Solving Customer Challenges • Automation and Ease of Deployment • Security • Cost Control
  • 50. Architecture Dev/QA/Prod Promotion: • Scrub kickstart config for env • Pull latest AMI into CFT • Add to the App’s AWS Acct • Grab configuration • Audit vs. Central • Validate exceptions Promotion Process Amazon S3 Central Bucket Ready for QA, modified config Rest API Call sends config Amazon S3 Dev Bucket Amazon S3 QA Bucket Central Config Backups Dev Config Dev CFT QA Config QA CFT Developer QA Central Security Team
  • 51. Engineered for AWS deployments Elastic Load Balancer Auto-Scaling Group Barracuda WAF Cluster AUTO-SCALING Virtual Private Cloud Server 1 Server NElastic Load Balancer
  • 52. All-in-One Application Security Platform Session Persistence Security & DDoS Protection Logging & Reporting Authentication & Access Control Load Balancing & Server Health Monitoring SSL & Performance Acceleration
  • 54. Cloud Ready, Set, Go! • Get tutorials and videos: • https://www.barracuda.com/programs/aws • Hands-on lab of the Barracuda WAF on AWS: • https://campus.barracuda.com/product/webapplic ationfirewall/article/display/BWAFv76/70586316/ • Launch a 90-day free trial of Barracuda WAF: • https://aws.amazon.com/marketplace/pp/B014G EC526
  • 55. Q&A Nick Matthews, Solutions Architect, AWS Rich Mogull, Securosis, Analyst & CEO Tushar Richabadas, Product Manager, Barracuda
  • 56. Thank you! Recording & Slides Will Be Available in 2 to 3 Business Days

Notas del editor

  1. At AWS security is a top priority. We build our security program on many of the same tenets as you do. Our data centers are designed with the highest physical security requirements in mind, and access to those data centers is restricted to a very small number of individuals. In our data center we have very strict segregation of duties to ensure that out data center technicians have on the most minimal accesses they need to do their jobs. In the same way you do, we lock down our network and systems, and have well defined processes and people controls to make sure our data centers operate in an efficient and secure manner. Our security measures have been driven by security experts from across our largest, most advanced customers, including Shell, NASDAQ, and GE, and have been validated by a wide range of security experts and accreditation bodies. These organizations with very high security standards set the bar for AWS security, but the great thing about security in AWS is that everyone gets to benefit from the security controls that we have put in place. Whether you are a small startup, a mid sized enterprise, or the largest company you get to take advantage of the security controls that we have put in place to satisfy <IF THE CUSTOMER ASKS ABOUT SPECIFIC CONTROLS WE HAVE IN PLACE, DIRECT THEM TOWARDS OUR SECURITY WHITEPAPER, RISK AND COMPLIANCE WHITEPAPER AND SOC 2 REPORTS THAT WE CAN MAKE AVAIALABLE>
  2. At AWS we have a shared security model, where we are responsible for some aspects of security, whereas you get to choose other security measures you put in place. As AWS we are responsible for the security of the underlying infrastructure . That of course include physical security across our regions, our data centers, our availability zones, our edge locations. We are also responsible for the security of the foundation services that underpin the AWS environment. This includes the infrastructure that supports our compute, storage, database and networking services. As a customer, then, you have a choice of what security controls you choose to deploy to protect your virtual networks, servers, your data and what access control policies you wish to put in place. For highly sensitive content and applications you may want to put very stringent controls in place. For less sensitive applications, you may want to dial security back – you get to choose.
  3. BP to check font size
  4. Show the segregation stack- accounts, virtual network, subnets, instances (security groups)
  5. Show the segregation stack- accounts, virtual network, subnets, instances (security groups)
  6. Show the segregation stack- accounts, virtual network, subnets, instances (security groups)
  7. Show the segregation stack- accounts, virtual network, subnets, instances (security groups)
  8. Show the segregation stack- accounts, virtual network, subnets, instances (security groups)
  9. BP to check this slide – should “deployment” be visible?
  10. Should the header include the word “servers”? It’s inconsistent with the rest of these slides (slide 32-37)
  11. BP to check font size
  12. BP to check font size
  13. BP to check font size
  14. BP to check font size
  15. BP to check font size
  16. Thank you Rich! Good Morning folks! My name is Tushar and I’m the Product Manager for the Barracuda WAF and ADC for the public cloud. Enabling DevSevOps Security for web, mobile and API applications Fits closely into the Continuous Deployment model: Removes manual config in the deployment phase CloudFormation and other deployment automation tools Blue/green deployments, canary rollouts and dark launches
  17. Build and push base config across deployments Automate config audits for compliance Support changes due to exception approvals Build and push base config across deployments Automate config audits for compliance Support changes due to exception approvals Different toolchains used in different departments
  18. Three key things were crucial to helping this customer Covers 98% of high-level risks for the organization, including OWASP Top 10 Cloud & Automation Ready, with Metered Billing
  19. Quick overview – reference architecture
  20. This shows you how the Barracuda WAF is deployed in your AWS environment – it’s placed using an ELB sandwich in your VPC in an autoscaling group. Also the Barracuda WAF has the AWS Security competency certified – this just means that our solution is prequalified by AWS that it’s been well architected to leverage AWS features.
  21. The Barracuda WAF is a fully functional WAF, with OWASP Top 10 and lots of other powerful features. One to highlight is logging, since visibility is huge for the DevOps community. Another thing to highlight is the remediation service – it closely aligns with our theme our helping to automate security. BVRS enables application security testing at every stage Automatically reconfigure the Barracuda WAF from the BVRS tool Mitigate vulnerabilities & false positives much before UAT Integrate with testing tools with upcoming BVRS API set Find earlier, fix faster and deploy automatically!
  22. We are laser focused on solving cloud problems – and we know that DevOps wants to move fast. So when innovating, we thought not just about product innovations, but also licensing. Takes away the friction of BYOL and per-instance costs of PAYG Allows you to deploy as many instances as you want Easy billing: Pay per GB of data transfer across all the instances This takes PAYG to the next level You’re really only paying for what you use, and allows companies to go to the security everywhere approach. Do away with the services vpc concept