© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

June 21st, 2016

AWS Talk: SecurityNikola Bozinovic, CEO, Frame

Matt Keil, Director of Product Marketing, Palo Alto NetworksMichael Schmidt, Founder & CTO, Nutonian

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Nikola Bozinovic, CEO Frame

June 21, 2016

Cloud, Security & the End of the Desktop

Millions of cyber-attacks happen every day

How will you manage and secure your IT environment?

IT used to be simple(r)

Today

Virtual Desktops and Apps

Apps running on PCs

PHYSICAL DESKTOP MODEL

Virtual Desktops and Apps

Datacenter Clients

VIRTUAL DESKTOP MODEL (VDI)PHYSICAL DESKTOP MODEL

Apps running on PCs

Apps runningin the datacenter

Stream pixels to clients

Problems with VDI

Complicated Expensive Doesn’t work that well

Because of this, less than 5% of the world’s desktops have been virtualized.

Requires months (or years) of

training

$100,000 to start (buy servers and

software)

Low performance, poor user

experience

Cloud changes everything

PC

Datacenter (VDI)

Cloud

Question: Can we move to the cloud with legacy VDI?

“If we design this architecture and just continue to do business as usual, it will be an absolute waste of money. It’s like designing the autobahn with the horse

and buggy.” 

“If we design this architecture and just continue to do business as usual, it will be an absolute waste of money. It’s like designing the autobahn with the horse

and buggy.” 

Lt. Gen. Vincent Stewart, DIA Director

What is Frame?

Frame is a secure cloud platform that lets organizations deliver amazing experiences

to users on all connected devices.

Pixels

user input

Revolution in end-user computing

Founded in 2012Headquartered in San Mateo, CAPlatform of choice for top Windows ISVs and Enterprises www.fra.me

Most demanding customers pick Frame

Cloud IaaS Faster, more reliable networks

The rise of “dumb terminals”

BYODHTML5 browsers

Data gravity Frame Protocol(H.264 + QOS)

Frame Platform(orchestration)

Frame Product (U/X)

Convergence of technologies makes it possible to deliver apps remotely from the cloud at hyper-scale.

2008

2016 VDI

Why now

 

* Infrastructure is managed through Frame. Customers can choose the configuration that works best for you based on performance, cost, and location.

2. Pick infrastructure*

(Compute & Graphics)

AWS

1. Bring your apps(Windows or Linux )

4. Connect files (Cloud storage)

3. Authorize users(Configure SSO)

5. Deliver to users (Any location, any device)

Public

AD

How it works

AWSC2S

Self-service onboarding, system management, usage and in-app analytics.

CPANEL

APP STORE

Persistent data, Storage User identity (SSO), Authentication

HTML5 terminal, native Win/OSX terminals, Touch U/X, HID support…

TERMINALSMarketing, access rights,, metering, billing…

CONNECTORSPROTOCOLVideo (h.264-based) protocol, QOS, content-adaptive, encoding WAN optimization, collaboration

Full-stack solution

Apps

Users

PUBLIC CLOUD

IDENTITY (SSO)

STORAGE

AWS AWSGovCloud

Infrastructure

Integrations

GOV. CLOUD

PLATFORMOrchestration, brokering, security, geographical distribution, high-availability, scaling,…

FRAME

AD/ADFS

Custom

Technology

S3/EBS

AWSC2S cloud

C2S

The LaunchpadThe DashboardWhere users go to run appsWhere admins go to install and manage apps

Super adminWhere you go to create and manage teams

Beautiful, Intuitive Interface

Optimized infrastructure management

Modern, developer friendly

Scalable, multi-tenant platform

Custom workflows and

blueprints

Rich APIs for instant integration

Optimized capacity usageUp to 90% savings

Best of breedworkflow solutions

How is Frame different from VDI?

Web scale app delivery

platform

“Frame is the future of both software distribution and personal computing in the post-mobile era I’m going to

call ubiquitous computing.”Bob Cringely,

Learn more at www.fra.meinfo@fra.me

Thank you

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Matt Keil, Director of Product Marketing, Public Cloud, Palo Alto Networks

June 21, 2016

Cloud First! Now What?VM-Series for AWS GovCloud (US): Securely enabling

Cloud First Directives

The Threat Lifecycle Remains Unchanged

SPEAR PHISHING EMAIL

EXPLOITKIT

or

INFECTUSER

MOVE ACROSSTHE NETWORK

FIND THETARGET

ADVERSARY COMMANDS

STEALDATA

$

BUILDBOTNETS

HARVEST BITCOIN

Cloud First Security Considerations

1. Know and understand what apps are in use

2. Adopt a prevention architecture in the cloud

3. Strive for consistency, automate where possible

25 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Reduce Your Threat Footprint

• Security groups + next-gen firewall = app visibility, regardless of port• Whitelist apps to leverage the firewall “deny-all-else” premise• Grant application access based on user identity and need

26 | © 2015, Palo Alto Networks. Confidential and Proprietary.

• Policies keep apps and data separate = improved security, compliance• Prevent threats from moving laterally, block exfiltration efforts

27 | © 2015, Palo Alto Networks. Confidential and Proprietary.

Segmentation = A Prevention Architecture

AppDev

App Data

AppTest

App Data

App Production

App Data

• Centrally manage policies = consistency from the network to the cloud• Automation ensures security keeps pace with cloud first initiatives

Policy Consistency and Automation

Control apps | Segment | Prevent threats

ContentUsersApps

Takeaways

1. Knowledge of apps, content, user is key

2. Segmentation + prevention = improved security posture

3. Policy consistency = agnostic workload location

29 | © 2015, Palo Alto Networks. Confidential and Proprietary.

30 | © 2015, Palo Alto Networks. Confidential and Proprietary.

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Thank you

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Michael Schmidt, Founder & CTO, Nutonian

June 21, 2016

Discovering Threat Patterns in Chaotic Security Data

© 2016 Nutonian. Confidential and Proprietary.

Founded out of the Cornell Artificial Intelligence Lab in 2011, Nutonian empowers blue-chip companies to extract meaning from chaos. Its proprietary A.I.-powered modeling engine, Eureqa, analyzes vast amounts of structured data billions of times per second to build the most accurate and actionable models.

Data Modeling Explanation Action

Industrializing Data Science

© 2016 Nutonian. Confidential and Proprietary.

The “Eureqa” Moment

Schmidt M., Lipson H. (2009) "Distilling Free-Form Natural Laws from Experimental Data," Science, Vol. 324, no. 5923, pp. 81 - 85.

Algorithms distill laws of physics from chaotic systems(published in Science 2009)

Explain Unleash

Connect Model

…

© 2016 Nutonian. Confidential and Proprietary.

Massively parallel analysis

© 2016 Nutonian. Confidential and Proprietary.

Search

Kernel

Computation tests billions of independent models on the data

Search

Kernel

● Low bandwidth -- transferring solutions● High latency -- no control flow dependencies

Compute Server 1

Search

Kernel

Search

Kernel

CPU Cores

Search

Kernel

Search

Kernel

Compute Server 2

Search

Kernel

Search

Kernel

CPU Cores

Search

Kernel

Search

Kernel

Compute Server N

Search

Kernel

Search

Kernel

CPU Cores

...

• Predict finish positions of the 2016 Kentucky Derby

• Expose relationships between running style, speed, and trainer record

• Predicted winner, and 4 out of top 5 horses– Winning Exacta (30:1 odds), – Winning Trifecta (87:1)– Winning Superfecta (542:1)

Machine Intelligence in Action

1. Nyquist2. Gun Runner3. Exaggerator4. Creator5. Mohaymen

• Standardized live odds probability• Speed over the past two races• Post position• Racing style• Track conditions

http://performancegenetics.com/machine-learning-algorithm-crushed-kentucky-derby/

© 2016 Nutonian. Confidential and Proprietary.

Intrusion Detection

Vulnerability Assessment

Firewall Log Data

HTTP Proxy Log Data

More sources

SIEMSplunk / ArcSight

EureqaAI App

ArchitectureSecurity Analyst

© 2016 Nutonian. Confidential and Proprietary.

Use Case - Industrial Control Systems• Differentiate between naturally occurring events and those

caused by a malicious actor on a set of power transmission lines

*Dataset dev. by Mississippi State University and Oak Ridge National Laboratory

ImpedanceRelay Status FlagVoltage Phase Angle

CurrentCurrent Phase Angle

© 2016 Nutonian. Confidential and Proprietary.

Twitter: @Nutonian Blog: http://blog.nutonian.com

Michael SchmidtFounder & CTO, Nutonianmichael@nutonian.com

Conclusions

www.nutonian.com

• Machine Intelligence extracts meaning from data• Companies already employing Machine Intelligence today• Many new applications ahead of us

© 2016 Nutonian. Confidential and Proprietary.

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Thank you