Protecting island VPCs: Agentless security for shadow cloud (SEC236)
Applying Perimeter Security Controls in Cloud-Native Deployments
Introduction
The speaker, Chris McKenry, is the lead product at Aviatrix, a long-time partner of AWS.
The talk focuses on the challenge of applying perimeter security controls to cloud-native application environments.
The Challenges of Cloud Security
Perimeter Definitions in the Cloud: The perimeter in the cloud is not as well-defined as it was on-premises, as it is now a logical, configuration-oriented concept.
Lift-and-Shift Network Security: Historically, organizations have tried to lift and shift their on-premises network security architecture into the cloud, which doesn't work well with the cloud's horizontally scalable and distributed nature.
Isolated VPCs: Some VPCs (Virtual Private Clouds) may be deployed as "island VPCs" for developer playgrounds or production applications, making it challenging to apply security controls.
Aviatrix's Solution
Tight Integration with AWS APIs and Infrastructure as Code: Aviatrix has re-architected the concept of network security for the public cloud, tightly integrating with AWS APIs and infrastructure as code to deliver a developer-centric experience while keeping security teams happy.
Dynamic Security Policy Application: Aviatrix can dynamically apply security policy and solve challenges like IP address overlap in EKS (Elastic Kubernetes Service) environments.
Intent-Based Policies: Aviatrix allows the use of intent-based policies to build firewall access controls, so that policies automatically follow applications even as they change or get redeployed.
Accelerated Journey to Zero Trust: Aviatrix leverages Amazon BRaKE to provide customized policy recommendations for application environments, accelerating the journey to a zero-trust security posture.
Aviatrix PA (Palo Alto) Offering: Aviatrix recently announced a full-service offering for the entire suite of Aviatrix capabilities, including cloud perimeter security and distributed cloud firewall features.
Demo: Securing Island VPCs with Aviatrix PA
The demo showcases how Aviatrix PA can onboard and monitor VPCs, providing visibility into the services and dependencies of the applications running in those VPCs.
Aviatrix PA can make customized policy recommendations based on the observed application behavior, allowing security teams to quickly review and approve the recommended policies.
Aviatrix PA can then enforce the approved policies using its distributed cloud firewall, protecting the VPCs from potential threats, even if they have overlapping IP addresses.
The entire process, from an unprotected state to a fully protected, zero-trust security posture, can be achieved in under 4 minutes.
Conclusion
Aviatrix offers a solution that addresses the challenges of applying perimeter security controls in cloud-native deployments, providing a developer-centric experience while keeping security teams happy.
The Aviatrix PA offering is now in limited GA, with the company onboarding customers and providing a demonstration of its capabilities at Booth 144.
These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.
If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.