Aptible Update Webinar - October 2017

Transcript

1. Ap#ble Update Webinar October 25, 2017

2. Agenda • Enclave features and updates • Enclave Q&A •

   Gridiron features and updates • Gridiron Q&A

3. Logis&cs • Use Zoom Q&A for ques0ons • Recording will

   be posted at www.ap0ble.com/resources

4. Ap#ble is now ISO 27001 cer#fied! • In September, Ap.ble

   earned ISO 27001 cer.ficate for both Enclave and Gridiron • ISO 27001 is an interna.onal, cross-industry standard that specifies requirements for managing security across an organiza.on • You can use our cer.fica.on to prove to your customers and auditors that Ap.ble has met strict standards for data security • For ques.ons about ISO 27001 (or how to pursue cer.fica.on yourself), please reach out! go.ap&ble.com/iso27001

5. What's new on Enclave? October 25, 2017

6. Overview We want Enclave to be the best place to

   deploy regulated and sensi7ve projects. This quarter, we focused specifically on making Enclave: • Easier to use • Easier to audit

7. > Easier to use < Easier to audit

8. Changes to make your life easier New: • New documenta.on

   site • Self-service Environment crea.on • Endpoint management in the CLI Improved: • Restore backups across environments • Maintenance pages served when scaled to zero • CPU Metrics in the Dashboard

9. Making Enclave easier to use New Documenta-on Site

10. New Documenta-on Site • Comprehensive, searchable reference material • Tutorials

    and sample code • Troubleshoo8ng instruc8ons Covers Enclave and Gridiron. go.ap&ble.com/docs

11. Making Enclave easier to use Self-service Environment Crea3on

12. Shared-Tenancy Environment Choose your loca-on You can choose the loca-on

    for new Shared Tenancy Environments.

13. Dedicated-Tenancy Environments Self-service You no longer need to wait for

    ac1va1on a3er crea1ng a new Dedicated-Tenancy Environment on a pre-exis1ng Stack!

14. 2 Layers of Isola-on: Stacks and Environments • Stacks are

    isolated virtual networks (AWS VPCs) consis:ng of a number of Docker hosts (AWS EC2 instances). • Environments are mapped onto Stacks and provide a logical isola:on layer. Apps for a given Environment are deployed on the Docker hosts for the Environment's Stack. • Stacks can be single-tenant (Dedicated Tenancy) or mul:-tenant (Shared Tenancy).

15. Making Enclave easier to use Endpoint Management in the CLI

16. Endpoint Management in the CLI aptible endpoints:database:create DATABASE aptible endpoints:https:create

    [--app APP] SERVICE aptible endpoints:https:modify [--app APP] ENDPOINT_HOSTNAME aptible endpoints:tcp:create [--app APP] SERVICE aptible endpoints:tcp:modify [--app APP] ENDPOINT_HOSTNAME aptible endpoints:tls:create [--app APP] SERVICE aptible endpoints:tls:modify [--app APP] ENDPOINT_HOSTNAME aptible endpoints:list [--app APP | --database DATABASE] aptible endpoints:deprovision [--app APP | --database DATABASE] ENDPOINT_HOSTNAME aptible endpoints:renew [--app APP] ENDPOINT_HOSTNAME Get the latest CLI: go.ap1ble.com/cli

17. Endpoint Management in the CLI Use this to: • Create

    any App or Database Endpoint: TCP, TLS, HTTPS. • Deploy without interac@ng with the Dashboard. • Automate deployment and QA workflows. Learn more: go.ap-ble.com/endpoints

18. Making Enclave easier to use Restore Backups across Environments

19. Restore Backups across Environments • Use the --environment flag to

    select a des/na/on Environment when running aptible backup:restore. • You're protected: Enclave won't let you accidentally restore a backup from a Dedicated-Tenancy Environment into a Shared- Tenancy Environment.

20. Restore Backups across Environments Use Cases • Analy&cs: restore produc-on

    data to a repor-ng database for BI. • Development: restore produc-on data then sani-ze it (as long as your development environment is on a Dedicated-Tenancy Stack!). Learn more: go.ap-ble.com/restore-backup

21. Making Enclave easier to use Maintenance pages served when scaled

    to 0

22. Maintenance pages served when scaled to 0 • When you

    scale to 0, Enclave re-routes your traffic to its error- page server, Brickwall, before shu>ng down your app containers. • Your custom maintenance page will be used, if you set one up with MAINTENANCE_PAGE_URL.

23. Maintenance pages served when scaled to 0 Use Cases •

    Use this to place your app into maintenance mode simply by scaling down to 0. Learn more: go.ap-ble.com/maintenance-page

24. Making Enclave easier to use CPU Metrics

25. CPU Metrics • Use this to troubleshoot sluggish apps. •

    CPU Metrics are available for apps and databases

26. CPU Metrics vs. CPU Limits Containers are allocated 25% of

    a CPU thread per GB of RAM. Stack Tenancy CPU Limits Shared Enforced Dedicated Opt-in Learn more: go.ap-ble.com/cpu-limits

27. Finally: New Databases • PostgreSQL 10 • Redis 4.0

28. Making Enclave easier to use Q&A

29. Easier to use > Easier to audit <

30. Changes to make your audits easier • SSH Session Logging

    • Ac.vity Reports • Coming Soon: Managed HIDS

31. Making Enclave easier to audit SSH Session Logging

32. SSH Session Logging • Enclave can now capture SSH Session

    Logs. • These are routed to Log Drains, just like App or Database logs.

33. SSH Session Logging Use Cases • Ensure all access to

    produc0on data is audited. • Audit user ac0vity in SSH sessions. • This is o:en a requirement for e.g. HITRUST. Learn more: go.ap-ble.com/ssh-logging

34. Making Enclave easier to audit Ac#vity Reports

35. Ac#vity Reports • Ac$vity Reports are periodic CSV exports of

    all ac$vity in your Enclave Environment. • They are generated on a weekly basis, and can be downloaded via the Dashboard.
36. None

37. Ac#vity Reports Use Cases • Efficiently review your team's ac5vity.

    • Iden5fy suspicious ac5vity. • Share with your auditors.

38. Making Enclave easier to audit Coming Soon: Managed HIDS

39. Managed HIDS Managed HIDS audits the Docker Hosts your Containers

    run on, and generates weekly HIDS evidence reports. Use them to: • Share proof of HIDS with your auditors or customers. • Gain confidence that your Enclave infrastructure meets best prac?ces.

40. Managed HIDS How it works

41. None
42. None
43. None
44. None
45. None
46. None

47. Managed HIDS Next Steps If you are interested in a

    demo, please contact us at [email protected] (or via any support channel). If you are currently using Threat Stack or Alert Logic on Enclave, Managed HIDS: • Requires less effort from you • Will most likely be less expensive

48. Managed HIDS Pricing • OSSEC is deployed on all instances,

    but access to the audit evidence is a paid add-on. • Pricing-wise, we're planning for $ 0.02 / hour / GB, only applied on containers in a Dedicated Tenancy Environment (Managed HIDS will be free for Shared Tenancy Environments). This represents a 25% increase on your producKon container pricing.

49. Q&A

50. What's new on Gridiron? October 25, 2017

51. Overview Gridiron is the easiest and fastest way to manage

    your informa3on security management system. This quarter, we focused specifically on: • Customer & vendor management • Improved audit preparedness • Improved asset management • Enhanced Gridiron Risk Model

52. > Customer/vendor management < Improved audit preparedness Improved asset management

    Enhanced Gridiron Risk Model

53. Customer & Vendor Management Customer & Vendor management makes it

    easy to track upstream and downstream contracts directly from the Gridiron Dashboard.

54. Customer & Vendor Management • Track all of your customers,

    vendors, agreements, and con6ngencies in one place • Quickly upload and download agreement documents • Automated vendor management

55. Customer & Vendor Management Demo

56. Customer & vendor management > Improved audit preparedness < Improved

    asset management Enhanced Gridiron Risk Model

57. Improved Audit Preparedness with Gridiron Reports • Improve internal audi1ng

    ability • Pass customer audits more easily • Achieve cer1fica1ons (ISO 27001, SOC2, etc) more quickly

58. Improved Audit Preparedness with Gridiron Reports • Training History -

    View and export all workforce training ac9vity • Asset Inventory - View and export ISMS asset details • Business Con9nuity - Implement business con9nuity plan faster • Audit Log Report - View and export audit log des9na9ons for all ISMS components

59. Improved Audit Preparedness with Gridiron Reports Demo

60. Customer & vendor management Improved audit preparedness > Improved asset

    management < Enhanced Gridiron Risk Model

61. Improved Asset Management Quickly and easily track all assets in

    your informa3on security management system. • Networks, Devices, Third Party Services • Dozens of new third party systems to choose from • More backends to choose from • Integrates with Vendor Management

62. Improved Asset Management Demo

63. Customer & vendor management Improved audit preparedness Improved asset management

    > Enhanced Gridiron Risk Model <

64. Enhanced Gridiron Risk Model Perform deep risk analysis across all

    aspects of ISMS. • Apps, databases, devices, and networks • Physical loca8ons • Vendors, hos8ng/data pla<orms, third party services

65. Enhanced Gridiron Risk Model Demo

66. Q&A

67. Pricing From $2,499/mo paid annually Contact shah@ap,ble.com for more info.

68. Thanks! Next Ap(ble Update Webinar: January 25, 2018