intelligent automation with snort and aws security services
TRANSCRIPT
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Intelligent automation with Snort and AWS security services
Samuel Waymouth, MBA (Well), GDL (Lon), CISSP, MBCS, SANS-GIAC, Esq.
O P N 2 1 5 - R
Solutions Architect
EMEA SARL, UK Branch
Amazon Web Services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“With over 5 million downloads and over 600,000 registered users, it is the most widely deployed intrusion prevention system in the world.”
https://www.snort.org/
Retrieved 10/10/2019
Snort
Snort is awesome!
Open source
Popular
Easy
Snort is challenging!
Multiple sensors
Lots of rules
Limited automation
Log aggregation and storage
Leveraging AWS services
Big data
Scalable storage
Scalable ingestion
Automation
Centralize rules management
On premises and AWS Cloud
Machine learning
Anomaly detection
Visualization
Human readable reports
Machine readable reports
Example
Big data
Amazon S3
Amazon Kinesis Data Firehose
Automation
AWS Systems Manager
Managed instance for hybrid environment
Machine learning
Amazon SageMaker
Reporting
Amazon QuickSight
Amazon Athena
Amazon
Amazon
Amazon
Don’t do this at home
The prototype:
Sam is lazy and doesn’t check log files
Sam never checks anything else
Sam randomly connects new things to his network
Sam’s home network is not well-architected
Lets build it
AWS Cloud Development Kit
Define infrastructure as code
Quickly generate AWS CloudFormation
Thank you!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Samuel Waymouth