Security Management Automation with AWS CloudFormation

As a perpetual traveler, I’m a pretty big fan of automation. Push mobile updates for flight reminders and notifications of delays, navigation re-routing around delays at drive time and more save me a bit of time, but are largely a convenience and serve to make my life just a bit less stressful on the road.

As a cloud security architect, I’m absolutely fanatical about automation for myself and my customers. From this point of view, automation is a critical component in enabling massive deployments at scale required by lines of business and the repeatable auditable controls crucial to securing these applications. Luckily I have the spectacular privilege of working daily with organizations deploying Deep Security in AWS, two technologies which afford me wonderful opportunities to automate all day long.

If you keep up with our blog, you certainly have seen that Deep Security loves automation too. Whether using Ansible, Chef, Elastic Beanstalk, or other deployment tools, our github site probably has some great tools we can leverage to accelerate your deployments. Deep Security Manager’s APIs and SDKs offer great flexibility to build custom scripts to automate management, integrate with other services, or build an automated responsive security fabric.

While these are great resources for managing the security platform, deploying protection dynamically to workloads, and integrating with other services, we need another hook to get the server infrastructure up and running in the first place. Again, lucky for me to be working so often in AWS, we have a service called AWS CloudFormation to leverage for precisely that goal.

To enable a repeatable method for deploying Deep Security’s management infrastructure we maintain a set of CloudFormation templates to help you deploy our management stack into your existing shared services VPC. Whether you’re excited about new pay per instance hour pricing dimensions available with our latest marketplace release or prefer traditional BYOL procurement we have stacks to get the environment build according to best practices quickly and easily – just click the link you want to deploy, answer a few questions and watch CloudFormation do the work for you. For VPC requirements check out quickstart documentation.

Stayed tuned to aws.trendmicro.com/resources if you’re interested in some technical followup on what we’re doing behind the scenes and why, head over to our github to find additional resources, contribute, or let us know about any issues you encounter, and as always email us at aws@trendmicro.com with any questions or challenges you’re facing in the cloud.

Post written by Bryan Webster