Enhance Aws Security with Splunk® Solutions
Total Page:16
File Type:pdf, Size:1020Kb
WHITE PAPER ENHANCE AWS SECURITY WITH SPLUNK® SOLUTIONS An AWS and Splunk White Paper WHITE PAPER Many organizations are moving to the cloud to take However, the concept that risk inherently increases advantage of the benefits it provides, such as increased described in the aforementioned situation doesn’t levels of performance, accessibility, and easily scalable accurately portray the complete cloud security story. storage and computing power that is difficult for on- Most of the concern over the security of the cloud premises environments to match. While organizations came to be when Infrastructure-as-a-Service (IaaS) of all sizes have increasingly looked to the cloud to was in its infancy. As enterprises started considering provide the storage and computing power needed for IaaS as an option, the viability of these new IT their business applications, many are still hesitant to architectures had to be considered from a security make the switch. point-of-view. According to IDC, security is still a top concern for When examining security, it’s important to look at enterprises that are deciding whether or not to move it from within the context of risk management. That to the cloud. In fact, in the IDC whitepaper, “Assessing is, to what extent a given security system mitigates the Risk: Yes, the Cloud Can Be More Secure Than Your risk. From a risk management perspective, risk is a On-Premises Environment*,” they cite a recent CloudView function of probability (the likelihood that a negative Survey, stating that organizations named security outcome occurs) and magnitude (the severity of concerns as, “the number 1 inhibitor regarding the the impact of the negative outcome). Unlike on- adoption of cloud technologies and services.” In premises datacenters, the AWS Cloud is designed to that survey, nearly 50% of responding organizations be resilient to server failure, data corruption or even identified security as a concern, while reliability and natural disasters. With this in mind, a technology risk compliance garnered 33% and 30% (respectively) of manager must assess this risk in the context of the respondents identifying them as concerns. main factors that affect the risk of a breach: threat and vulnerabilities (increases risk) and controls The IDC, “Security Solutions: Security in the Cloud**,” (mitigates risk). goes on to say that the truth is your organization’s workloads can be more secure on the Amazon The area with the largest differences between on- Web Services (AWS) Cloud. AWS provides a robust premises and cloud datacenters is controls. The infrastructure and a world-class team of security previously mentioned IDC whitepaper states that since experts that are monitoring AWS systems 24 hours on-premises datacenters already have established sets per day, 7 days per week to protect its infrastructure of controls in place, it can be difficult for organizations around the globe. Building on this solid foundation of to compare different deployment models within them. infrastructure security, with Splunk, an AWS Partner Cloud architectures, on the other hand, provide great Network (APN) Security Competency Partner, you can opportunity to “rethink, renew, and reinforce controls enhance your level of data security through end-to- that are more likely to match the highly distributed, end visibility and achieve security standards on the loosely coupled, component-oriented application cloud that would be difficult and cost prohibitive to architectures being developed today.” In other words, achieve in an on-premises environment. much of the modern IT world is designed for flexibility. A lot of modern applications are designed to be Understanding Cloud Security Models rapidly launched and scaled, removing much of the time-consuming installation and integration process Many individuals have the misconception that commonly found in older applications. This means the cloud is not secure, primarily based on they can be quickly integrated and used with little hearing occasional news quips and an incomplete to no delay—and that you need an equally flexible understanding of the cloud. Additionally, there is a security solution, like the one available from Splunk, perception that moving to shared resources and using that is capable of seamlessly scaling to protect these more externalized management means an increase in new applications as they are added to the cloud. security risk. Enhance AWS Security with Splunk® Solutions 2 WHITE PAPER To meet these needs, Splunk has closely aligned the AWS Cloud using either your own 256-bit AES with AWS to deliver solutions that offer real-time key through an Amazon service that automatically visibility into your cloud applications, infrastructure encrypts data uploaded to it such as Amazon Simple and AWS account. With solutions from Splunk, you Storage Service (Amazon S3), Amazon Glacier, and can monitor your AWS deployments as well as deploy Amazon Elastic Block Store (Amason EBS); or by Splunk software as an AWS-based cloud service. utilizing a master 256-bit AES key through AWS Key Legacy security systems struggle to meet the need Management Service (AWS KMS). AWS KMS is a for flexibility and the task of setting them up to service that helps you easily create and control your cover new applications is often time consuming and encryption keys, adding a level of simplicity to your expensive, slowing down innovation. The nature of the data encryption needs. cloud allows it to rapidly adapt to meet this level of necessary elasticity and innovation. Authentication and Access Management To control access to your services and resources, AWS Data Segmentation provides the AWS Identity and Access Management Creating the needed level of segmentation to protect (IAM) service. Using IAM, your organization can an organization from catastrophic data loss (e.g. create and manage AWS users and groups, and set from a server failure or breach) can be very resource permissions to allow and deny their access to AWS intensive in an on-premises datacenter. To achieve resources. IAM allows users to federate into their the level of versatility required by modern application AWS environment with their current identity provider architectures, customers can leverage capabilities (such as Active Directory). It also adds the ability to from Splunk and AWS. By doing so, you can gain use AWS Multi-Factor Authentication (MFA), a best greater security capabilities spanning segmentation, practice that adds an extra layer of protection on encryption, authentication, and logging and top of a username and password. With MFA enabled, monitoring when compared to legacy architectures. when a user signs into an AWS website, they must enter their username and password, then provide an The necessary level of segmentation can be achieved authentication code from their AWS MFA-enabled with Amazon Virtual Private Cloud (Amazon VPC). device. Amazon VPCs are logically isolated sections of the AWS Cloud where you can launch resources in a Logging and Monitoring virtual network you design and control. Through the With Splunk on AWS, you can enhance your logging use of Amazon VPCs and built-in firewalls, AWS is and monitoring capabilities. AWS provides a suite of able to segment data with less resources and at a services you can use to monitor your environment much lower cost than an on-premises datacenter. including AWS CloudTrail, AWS Config, Amazon Inspector, and Amazon CloudWatch—and Splunk can Data Encryption draw from all of these services to analyze logging and Data encryption is something that often gets monitoring data all in one place. neglected by organizations with on-premises environments. To make matters worse, as the amount AWS CloudTrail supports your cloud security by of data stored grows and becomes more complex, recording API calls for your account and delivering it becomes more difficult to encrypt. Using Splunk logs to you. It records information including the Cloud helps you solve this by utilizing standard SSL identity of the API caller, the time of the call, encryption for data in transit, plus optional AES the source IP address of the caller, the request 256-bit encryption for data at rest. Additionally, AWS parameters, and the response elements returned by gives you the ability to encrypt data uploaded to the AWS service. Enhance AWS Security with Splunk® Solutions 3 WHITE PAPER AWS Config is a fully managed service that provides determine root causes of unusual activity, enabling you you with an AWS resource inventory, configuration, to quickly address and mitigate risks. history and configuration change notifications, enabling you to achieve better security and governance. With Logging gives you the ability to gain operational Config Rules, you can create rules that automatically insight into your organization’s workloads and identify check the configuration of AWS resources recorded by potential vulnerabilities before they become issues. AWS Config. Together, Splunk and AWS provide the necessary services to gain the full operational visibility needed to Amazon Inspector helps you improve the security help keep your IT infrastructure secure. and compliance of applications deployed on AWS through an automated security assessment service. Working with the AWS Shared Amazon Inspector is designed to automatically assess Responsibility Model applications for vulnerabilities or deviations from The AWS Shared Responsibility Model is the set of best practices and produces a detailed list of security guidelines established by AWS to determine with findings prioritized by level of severity. whom a given security responsibility lies. While AWS takes responsibility for the security of the cloud, you Amazon CloudWatch is a monitoring service that are responsible for the security of your workloads on collects and tracks metrics, collects and monitors log the cloud. This means that AWS takes responsibility files, sets alarms, and automatically reacts to changes in for securing the network and physical infrastructure your AWS resources. of the cloud, but you are responsible for securing your application data and virtual environment that Splunk enhances the value of these services by resides on it.