Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Aptible Update Webinar - October 2017

7ee78ba49eaf26113318ac3597887cc5?s=47 Aptible
October 25, 2017

Aptible Update Webinar - October 2017

The Aptible Update Webinar Series is a quarterly presentation that covers recent features and changes to the Enclave container orchestration platform and Gridiron security management tool.

We hosted our Q4 Update Webinar on October 25, 2017. In it, we covered:

- Enclave. New ways to make Enclave infrastructure easier to audit, including Managed HIDS, SSH Session Logging, Activity Reporting, and much more.
- Gridiron. Making security and compliance audit/certification preparation easier, Customer & Vendor Management, and much more.

Recap: https://www.aptible.com/blog/recap-aptible-october-2017-quarterly-product-update-webinar/.

Recording & Transcript: https://www.aptible.com/resources/october-2017-updates-webinar/

7ee78ba49eaf26113318ac3597887cc5?s=128

Aptible

October 25, 2017
Tweet

Transcript

  1. Ap#ble Update Webinar October 25, 2017

  2. Agenda • Enclave features and updates • Enclave Q&A •

    Gridiron features and updates • Gridiron Q&A
  3. Logis&cs • Use Zoom Q&A for ques0ons • Recording will

    be posted at www.ap0ble.com/resources
  4. Ap#ble is now ISO 27001 cer#fied! • In September, Ap.ble

    earned ISO 27001 cer.ficate for both Enclave and Gridiron • ISO 27001 is an interna.onal, cross-industry standard that specifies requirements for managing security across an organiza.on • You can use our cer.fica.on to prove to your customers and auditors that Ap.ble has met strict standards for data security • For ques.ons about ISO 27001 (or how to pursue cer.fica.on yourself), please reach out! go.ap&ble.com/iso27001
  5. What's new on Enclave? October 25, 2017

  6. Overview We want Enclave to be the best place to

    deploy regulated and sensi7ve projects. This quarter, we focused specifically on making Enclave: • Easier to use • Easier to audit
  7. > Easier to use < Easier to audit

  8. Changes to make your life easier New: • New documenta.on

    site • Self-service Environment crea.on • Endpoint management in the CLI Improved: • Restore backups across environments • Maintenance pages served when scaled to zero • CPU Metrics in the Dashboard
  9. Making Enclave easier to use New Documenta-on Site

  10. New Documenta-on Site • Comprehensive, searchable reference material • Tutorials

    and sample code • Troubleshoo8ng instruc8ons Covers Enclave and Gridiron. go.ap&ble.com/docs
  11. Making Enclave easier to use Self-service Environment Crea3on

  12. Shared-Tenancy Environment Choose your loca-on You can choose the loca-on

    for new Shared Tenancy Environments.
  13. Dedicated-Tenancy Environments Self-service You no longer need to wait for

    ac1va1on a3er crea1ng a new Dedicated-Tenancy Environment on a pre-exis1ng Stack!
  14. 2 Layers of Isola-on: Stacks and Environments • Stacks are

    isolated virtual networks (AWS VPCs) consis:ng of a number of Docker hosts (AWS EC2 instances). • Environments are mapped onto Stacks and provide a logical isola:on layer. Apps for a given Environment are deployed on the Docker hosts for the Environment's Stack. • Stacks can be single-tenant (Dedicated Tenancy) or mul:-tenant (Shared Tenancy).
  15. Making Enclave easier to use Endpoint Management in the CLI

  16. Endpoint Management in the CLI aptible endpoints:database:create DATABASE aptible endpoints:https:create

    [--app APP] SERVICE aptible endpoints:https:modify [--app APP] ENDPOINT_HOSTNAME aptible endpoints:tcp:create [--app APP] SERVICE aptible endpoints:tcp:modify [--app APP] ENDPOINT_HOSTNAME aptible endpoints:tls:create [--app APP] SERVICE aptible endpoints:tls:modify [--app APP] ENDPOINT_HOSTNAME aptible endpoints:list [--app APP | --database DATABASE] aptible endpoints:deprovision [--app APP | --database DATABASE] ENDPOINT_HOSTNAME aptible endpoints:renew [--app APP] ENDPOINT_HOSTNAME Get the latest CLI: go.ap1ble.com/cli
  17. Endpoint Management in the CLI Use this to: • Create

    any App or Database Endpoint: TCP, TLS, HTTPS. • Deploy without interac@ng with the Dashboard. • Automate deployment and QA workflows. Learn more: go.ap-ble.com/endpoints
  18. Making Enclave easier to use Restore Backups across Environments

  19. Restore Backups across Environments • Use the --environment flag to

    select a des/na/on Environment when running aptible backup:restore. • You're protected: Enclave won't let you accidentally restore a backup from a Dedicated-Tenancy Environment into a Shared- Tenancy Environment.
  20. Restore Backups across Environments Use Cases • Analy&cs: restore produc-on

    data to a repor-ng database for BI. • Development: restore produc-on data then sani-ze it (as long as your development environment is on a Dedicated-Tenancy Stack!). Learn more: go.ap-ble.com/restore-backup
  21. Making Enclave easier to use Maintenance pages served when scaled

    to 0
  22. Maintenance pages served when scaled to 0 • When you

    scale to 0, Enclave re-routes your traffic to its error- page server, Brickwall, before shu>ng down your app containers. • Your custom maintenance page will be used, if you set one up with MAINTENANCE_PAGE_URL.
  23. Maintenance pages served when scaled to 0 Use Cases •

    Use this to place your app into maintenance mode simply by scaling down to 0. Learn more: go.ap-ble.com/maintenance-page
  24. Making Enclave easier to use CPU Metrics

  25. CPU Metrics • Use this to troubleshoot sluggish apps. •

    CPU Metrics are available for apps and databases
  26. CPU Metrics vs. CPU Limits Containers are allocated 25% of

    a CPU thread per GB of RAM. Stack Tenancy CPU Limits Shared Enforced Dedicated Opt-in Learn more: go.ap-ble.com/cpu-limits
  27. Finally: New Databases • PostgreSQL 10 • Redis 4.0

  28. Making Enclave easier to use Q&A

  29. Easier to use > Easier to audit <

  30. Changes to make your audits easier • SSH Session Logging

    • Ac.vity Reports • Coming Soon: Managed HIDS
  31. Making Enclave easier to audit SSH Session Logging

  32. SSH Session Logging • Enclave can now capture SSH Session

    Logs. • These are routed to Log Drains, just like App or Database logs.
  33. SSH Session Logging Use Cases • Ensure all access to

    produc0on data is audited. • Audit user ac0vity in SSH sessions. • This is o:en a requirement for e.g. HITRUST. Learn more: go.ap-ble.com/ssh-logging
  34. Making Enclave easier to audit Ac#vity Reports

  35. Ac#vity Reports • Ac$vity Reports are periodic CSV exports of

    all ac$vity in your Enclave Environment. • They are generated on a weekly basis, and can be downloaded via the Dashboard.
  36. None
  37. Ac#vity Reports Use Cases • Efficiently review your team's ac5vity.

    • Iden5fy suspicious ac5vity. • Share with your auditors.
  38. Making Enclave easier to audit Coming Soon: Managed HIDS

  39. Managed HIDS Managed HIDS audits the Docker Hosts your Containers

    run on, and generates weekly HIDS evidence reports. Use them to: • Share proof of HIDS with your auditors or customers. • Gain confidence that your Enclave infrastructure meets best prac?ces.
  40. Managed HIDS How it works

  41. None
  42. None
  43. None
  44. None
  45. None
  46. None
  47. Managed HIDS Next Steps If you are interested in a

    demo, please contact us at support@ap5ble.com (or via any support channel). If you are currently using Threat Stack or Alert Logic on Enclave, Managed HIDS: • Requires less effort from you • Will most likely be less expensive
  48. Managed HIDS Pricing • OSSEC is deployed on all instances,

    but access to the audit evidence is a paid add-on. • Pricing-wise, we're planning for $ 0.02 / hour / GB, only applied on containers in a Dedicated Tenancy Environment (Managed HIDS will be free for Shared Tenancy Environments). This represents a 25% increase on your producKon container pricing.
  49. Q&A

  50. What's new on Gridiron? October 25, 2017

  51. Overview Gridiron is the easiest and fastest way to manage

    your informa3on security management system. This quarter, we focused specifically on: • Customer & vendor management • Improved audit preparedness • Improved asset management • Enhanced Gridiron Risk Model
  52. > Customer/vendor management < Improved audit preparedness Improved asset management

    Enhanced Gridiron Risk Model
  53. Customer & Vendor Management Customer & Vendor management makes it

    easy to track upstream and downstream contracts directly from the Gridiron Dashboard.
  54. Customer & Vendor Management • Track all of your customers,

    vendors, agreements, and con6ngencies in one place • Quickly upload and download agreement documents • Automated vendor management
  55. Customer & Vendor Management Demo

  56. Customer & vendor management > Improved audit preparedness < Improved

    asset management Enhanced Gridiron Risk Model
  57. Improved Audit Preparedness with Gridiron Reports • Improve internal audi1ng

    ability • Pass customer audits more easily • Achieve cer1fica1ons (ISO 27001, SOC2, etc) more quickly
  58. Improved Audit Preparedness with Gridiron Reports • Training History -

    View and export all workforce training ac9vity • Asset Inventory - View and export ISMS asset details • Business Con9nuity - Implement business con9nuity plan faster • Audit Log Report - View and export audit log des9na9ons for all ISMS components
  59. Improved Audit Preparedness with Gridiron Reports Demo

  60. Customer & vendor management Improved audit preparedness > Improved asset

    management < Enhanced Gridiron Risk Model
  61. Improved Asset Management Quickly and easily track all assets in

    your informa3on security management system. • Networks, Devices, Third Party Services • Dozens of new third party systems to choose from • More backends to choose from • Integrates with Vendor Management
  62. Improved Asset Management Demo

  63. Customer & vendor management Improved audit preparedness Improved asset management

    > Enhanced Gridiron Risk Model <
  64. Enhanced Gridiron Risk Model Perform deep risk analysis across all

    aspects of ISMS. • Apps, databases, devices, and networks • Physical loca8ons • Vendors, hos8ng/data pla<orms, third party services
  65. Enhanced Gridiron Risk Model Demo

  66. Q&A

  67. Pricing From $2,499/mo paid annually Contact shah@ap,ble.com for more info.

  68. Thanks! Next Ap(ble Update Webinar: January 25, 2018