{"id":8721,"date":"2017-08-14T09:00:23","date_gmt":"2017-08-14T17:00:23","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/14\/news-2494\/"},"modified":"2017-08-14T09:00:23","modified_gmt":"2017-08-14T17:00:23","slug":"news-2494","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/08\/14\/news-2494\/","title":{"rendered":"Amazon Macie and Deep Security"},"content":{"rendered":"<p><strong>Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Mon, 14 Aug 2017 16:01:06 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"131\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-300x131.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-300x131.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-768x334.jpg 768w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-1024x446.jpg 1024w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-640x279.jpg 640w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-900x392.jpg 900w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-440x191.jpg 440w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-380x165.jpg 380w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use.jpg 1280w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Amazon S3 stores trillions of objects and regularly peaks at millions of requests per second. By any metric, it\u2019s massive. With unparalleled durability and availability, it\u2019s the backbone of AWS\u2019 data services.<\/p>\n<p>This morning at the <a href=\"https:\/\/aws.amazon.com\/summits\/new-york\/\">AWS Summit in New York Cit<\/a><a href=\"https:\/\/aws.amazon.com\/summits\/new-york\/\">y<\/a>, AWS launched a new service: <a href=\"https:\/\/aws.amazon.com\/macie\">Amazon Macie<\/a>. Trend Micro is proud to support this exciting new service at launch.<\/p>\n<p>Amazon Macie provides automated insights into the <em>usage<\/em> of your Amazon S3 data.<\/p>\n<p>Amazon S3 is secure by default and has always provided a strong set of security controls but it has been challenging to effectively monitoring the usage of the service. <a href=\"https:\/\/aws.amazon.com\/cloudtrail\/\">AWS CloudTrai<\/a><a href=\"https:\/\/aws.amazon.com\/cloudtrail\/\">l<\/a> and <a href=\"https:\/\/aws.amazon.com\/config\/\">AWS Confi<\/a><a href=\"https:\/\/aws.amazon.com\/config\/\">g<\/a> let you examine the usage of your data while <a href=\"https:\/\/aws.amazon.com\/blogs\/aws\/aws-config-rules-dynamic-compliance-checking-for-cloud-resources\/\">AWS Config Rule<\/a><a href=\"https:\/\/aws.amazon.com\/blogs\/aws\/aws-config-rules-dynamic-compliance-checking-for-cloud-resources\/\">s<\/a>&#8211;another service Trend Micro supported at launch\u2014lets you react to configuration changes. But these solutions have required some legwork in order to pull the signal from the noise.<\/p>\n<p>Now, Amazon Macie presents that signal to you automatically. This provides much needed insight into your business uses as well as your security.<\/p>\n<h2>What is Amazon S3?<\/h2>\n<p>As a quick recap, Amazon S3 works with two simple objects: buckets and keys. A bucket is essentially a root folder where you data will be stored. A key is a data object.<\/p>\n<p>These basics structures allow you to store your data in any way that makes sense for your application. From a security perspective, the service provides a number of tools to help you configure access to you data:<\/p>\n<ul>\n<li><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/example-bucket-policies.html\">Bucket policie<\/a><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/example-bucket-policies.html\">s<\/a><\/li>\n<li><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/example-policies-s3.html\">IAM policie<\/a><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/example-policies-s3.html\">s<\/a><\/li>\n<li><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/acl-overview.html\">Access Control List<\/a><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/acl-overview.html\">s<\/a> (ACLs)<\/li>\n<li><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/API\/sigv4-query-string-auth.html\">Query string authenticatio<\/a><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/API\/sigv4-query-string-auth.html\">n<\/a>\/<a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/API\/sigv4-HTTPPOSTConstructPolicy.html\">URL-based acces<\/a><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/API\/sigv4-HTTPPOSTConstructPolicy.html\">s<\/a><\/li>\n<\/ul>\n<p>An Amazon S3 bucket is private by default (only the user who created it has access) and these methods give you the tools you need to provide access to the users or roles that require it.<\/p>\n<p>Up until now, you had to comb through <a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/UG\/ManagingBucketLogging.html\">Amazon S3 log<\/a><a href=\"http:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/UG\/ManagingBucketLogging.html\">s<\/a> in order to determine who was accessing your data and what the normal patterns of that access was.<\/p>\n<h2>What is Amazon Macie?<\/h2>\n<p>Amazon Macie leverages machine learning in order to automatically profile your Amazon S3 usage using a number of indicators like: content-types, file extensions, managed regex patterns, and managed data themes.<\/p>\n<p>Once Amazon Macie establishes a baseline, it then continuously monitors the usage of your data and provides actionable alerts based on the risk posed to your data.<\/p>\n<p>You might think of Amazon Macie as your own personal data security assistant. It sits tirelessly monitoring every access to your Amazon S3 data. It learns about patterns and profiles that determine what\u2019s \u201ctypical\u201d for your application. Anytime anything out of the ordinary happens, it raises an alert.<\/p>\n<p>You can then react to these alerts by changing your Amazon S3 settings, adjust the configuration of you application, or change other security controls in your deployment.<\/p>\n<p>Jeff Barr has <a href=\"https:\/\/aws.amazon.com\/blogs\/aws\/launch-amazon-macie-securing-your-s3-buckets\/\">a fantastic pos<\/a><a href=\"https:\/\/aws.amazon.com\/blogs\/aws\/\">t<\/a> up about the inner workings of Amazon Macie and how to get started with the service over on the AWS blog.<\/p>\n<h2>Combined Defences<\/h2>\n<p>At Trend Micro, we\u2019ve built the <a href=\"https:\/\/www.trendmicro.com\/aws\/\">Deep Securit<\/a><a href=\"https:\/\/www.trendmicro.com\/aws\/\">y<\/a> platform in order to help you fulfill your responsibilities in <a href=\"https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/\">shared responsibility mode<\/a><a href=\"https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/\">l<\/a>. It helps you lock down your <a href=\"https:\/\/aws.amazon.com\/ec2\/\">Amazon EC<\/a><a href=\"https:\/\/aws.amazon.com\/ec2\/\">2<\/a> instances and <a href=\"https:\/\/aws.amazon.com\/ecs\/\">Amazon EC<\/a><a href=\"https:\/\/aws.amazon.com\/ecs\/\">S<\/a> workloads and ensure that your application is doing what it\u2019s supposed to\u2026and only what it\u2019s supposed to.<\/p>\n<p>Deep Security applies it\u2019s protections based on policy. The platform can automatically create and apply a policy for your workloads based on what\u2019s running. This automation makes it easy to keep your security settings up to date.<\/p>\n<p>The challenge comes downstream. Amazon S3 is an abstract service which means that you have very little day-to-day responsibility for it\u2019s operations. The (slight) down side of that is that you don\u2019t get the quite as granular insights you would expect from running a data backend\u2014nor the cost, headache, or pain-in-the-you-know-what.<\/p>\n<p>Amazon Macie provides those insights. With the alerts generated by Amazon Macie, you can make better decisions about security policies within Deep Security. You can make smarter security choices for the Amazon EC2 instances and containers running in Amazon ECS that access that data in Amazon S3.<\/p>\n<p>We will shortly have a simple <a href=\"https:\/\/aws.amazon.com\/lambda\/\">AWS Lambd<\/a><a href=\"https:\/\/aws.amazon.com\/lambda\/\">a<\/a> workflow available on GitHub to demonstrate how Amazon Macie and Deep Security can work together. Here\u2019s a quick look at the high level design:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-539611\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/Screen-Shot-2017-08-14-at-11.18.22-AM-300x74.png\" alt=\"Amazon Macie and Deep Security Workflow\" width=\"300\" height=\"74\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/Screen-Shot-2017-08-14-at-11.18.22-AM-300x74.png 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/Screen-Shot-2017-08-14-at-11.18.22-AM-768x188.png 768w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/Screen-Shot-2017-08-14-at-11.18.22-AM-1024x251.png 1024w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/Screen-Shot-2017-08-14-at-11.18.22-AM-640x157.png 640w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/Screen-Shot-2017-08-14-at-11.18.22-AM-900x221.png 900w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/Screen-Shot-2017-08-14-at-11.18.22-AM-440x108.png 440w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/Screen-Shot-2017-08-14-at-11.18.22-AM-380x93.png 380w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/Screen-Shot-2017-08-14-at-11.18.22-AM.png 1558w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>The goal with this simple integration is to strengthen your applications security posture in order to better protect your data. With Amazon Macie providing insights on the backend and Trend Micro\u2019s Deep Security protecting the frontend, you\u2019ll get a much smarter security policy tailored to your AWS workflow.<\/p>\n<p>What do you think of Amazon Macie? What are you going to use it\u2019s automated insights for? Let me know on Twitter where <a href=\"https:\/\/twitter.com\/marknca\">I\u2019m @marknc<\/a><a href=\"https:\/\/twitter.com\/marknca\">a<\/a>.<\/p>\n<p><a href=\"http:\/\/blog.trendmicro.com\/amazon-macie-deep-security\/\" target=\"bwo\" >http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Mon, 14 Aug 2017 16:01:06 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"131\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-300x131.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-300x131.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-768x334.jpg 768w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-1024x446.jpg 1024w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-640x279.jpg 640w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-900x392.jpg 900w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-440x191.jpg 440w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use-380x165.jpg 380w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/ai-in-use.jpg 1280w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>Amazon S3 stores trillions of objects and regularly peaks at millions of requests per second. By any metric, it\u2019s massive. With unparalleled durability and availability, it\u2019s the backbone of AWS\u2019 data services. This morning at the AWS Summit in New York City, AWS launched a new service: Amazon Macie. Trend Micro is proud to support&#8230;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[12010,11064,11146,13640],"class_list":["post-8721","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-aws","tag-cloud-computing","tag-cloud-security","tag-deep-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8721"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8721\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8721"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}