This document discusses managing cloud security and intrusion detection services in public clouds. It describes Datapipe's cloud security stack including intrusion detection, 2-factor authentication, vulnerability scanning, integrity monitoring, and firewall/antivirus software. It also discusses how security solutions must be adapted specifically for public clouds due to attributes like elastic scaling, utility pricing, and virtualization. The document outlines how Alert Logic provides intrusion detection for Amazon EC2 through software-based network taps, log collection agents, and virtual appliances to detect threats across elastic cloud environments.
3. Comprehensive Security
IDS
2 Factor Authentication “Strong security controls are a
Vulnerability Scanning requirement for many
mission-critical IT
Integrity Monitoring workloads. Customers
demand that service providers
Configuration Assessment (Tripwire)
address security as they move
Firewall IT infrastructure to fully elastic
public cloud environments”
Antivirus
Web Application Firewall - Joel Friedman, Datapipe CSO
TDE – Transparent Database Encryption
3
5. Public Cloud Security Complexity
Security solutions must be built specifically for public cloud
elastic
scaling
utility virtualized
pricing computing
PUBLIC CLOUD
SECURITY
REQUIREMENTS
managed management
operations automation
third-party self-service
ownership provisioning
Page 5
5
6. Alert Logic for Amazon EC2
Enabling: IDS for LM for VA for
• Traffic monitoring via Cloud Cloud Cloud
software-based network taps
• Log collection via a software agents
• Virtual appliances based data collection Virtual Appliances & Host Agents
• Host agents that continuously track the
state of monitored instances
• Automated software and configuration Management API
deployment via internal management APIs
• Multi-tenant aware provisioning API for
integration with service provider Provisioning API
Provides:
• Auto-scaling by tracking IP addresses of protected hosts
• Load balancing & fail over between appliances
• Transport-level data encryption
• Centralized resource authorization via certificates for
Amazon Web
Services
Page 6
7. Datapipe IDS for EC2: Setup Process
API TM LM SOC
Integration UI
CMS
Deploy certificates
+ + +
Install software
packages and
virtual appliances
VPN Transport