Friday, January 26, 2018

Protect Your CLOUD EC2 instances with Deep Security as a Service | Deep Security

Protect EC2 instances with Deep Security as a Service | Deep Security: "

Add your AWS cloud account to Deep Security

This adds your EC2 instances to Deep Security, and creates a cross-account role for Deep Security.
If you already added some EC2 instances that belong to this AWS account, and you follow these steps, Deep Security will move the EC2 instances under the AWS account in the navigation tree on Computers.
  1. Log in to Deep Security as a Service.
  2. Go to Computers.
  3. Select Add > Add AWS Account.
  4. Select Quick.
  5. Click Next.
  6. The next screen describes what will happen during the setup process, and provides a URL that you can send to your AWS administrator if you do not have access to AWS. Click Next.
  7. If you have not already logged into your AWS account, the wizard prompts you to log in.
  8. On the Select Template screen, in Source, keep the default Amazon S3 template URL for Deep Security ( Click CloudFormation template
  9. On the Specify Details screen, type a name for the AWS CloudFormation stack that will be used to group your EC2 resources for Deep Security. Click Next.
  10. If your organization uses tags, on the Options screen, add them. Click Next.
  11. On the Review screen, select I acknowledge that this template might cause AWS CloudFormation to create IAM resources, and then click Create.
    When the cross-account role is created and the account has been set up, a success message will appear. You don't need to wait; you can close the wizard before the success message appears. All of your account's EC2 instances will appear in Deep Security Manager on Computers, organized by region, VPC, and subnet.
    If your account doesn't appear in Deep Security Manager within 10 minutes, or if an error message appears, see Issues adding your AWS account to Deep Security.
  12. If your AWS account includes Amazon WorkSpaces, and you want to protect them with Deep Security, go to Deep Security Manager, right-click your AWS account on the left, and select Properties. Enable Include Amazon WorkSpaces and click Save. By enabling the check box, you ensure that your Amazon WorkSpaces appear in the correct location in the tree structure in Deep Security Manager and are billed at the correct rate.

Deploy Deep Security Agents to your EC2 instances

  1. In Deep Security Manager, in the top right corner, select Support > Deployment Scripts.
    As you select settings, the deployment script generator will generate a corresponding script (PowerShell for Windows, bash for Linux), that you will run on your Deep Security instance.
  2. Select the Platform to which you are deploying the software.
  3. Select Activate Agent automatically after installation.
  4. Select a Policy based on the operating system to which you will be deploying the Agent(s).
  5. Keep defaults for other settings.
  6. Copy the deployment script.
  7. In your EC2 instances, paste and run the script.
    The script will download, install, and activate a Deep Security Agent on your EC2 instance, and then apply the Deep Security protection policy that you selected.
    1. Connect to your Windows instance via RDP.
    2. Right-click the PowerShell icon and select Run as Administrator.
    3. Paste the script into PowerShell and then run it.
    1. Connect to your Linux instance via SSH.
    2. Start bash with sudo or as a superuser account such as root.
      sudo bash
    3. Paste the script into the CLI and then run it.
  8. In Deep Security Manager, go to Computers. In the row for your EC2 instance, verify that the Status column is "Managed (Online)" or that it is managed and an activity is occurring, and that a policy is assigned.
Threat Encyclopedia
Add your AWS cloud account to Deep Security
Post a Comment