Workload Security
How to Secure AWS Cloud Storage
Discover how to quickly install and integrate Trend Micro Cloud One with Amazon Web Services (AWS)
In the near future, you may speak to folks about how things were way back in the tangible age of computing when hardware was on-premises. You may regale them with tales of vendor misalignments, inventory shortages, and purchase agreements. Their eyes widen with confusion as you explain that getting the hardware on-premises was just the beginning of an onerous phase. Once it was delivered, you had to find room in the data center facility to house it. But that’s not all—after the data center setup, another team had to hook the hardware up to the network, as well as install the operating systems and other required software applications including the traditional security provisions. “You’re so lucky you have the cloud,” you tell them as they shudder in horror from the very thought of on-premises hardware.
The Evolution From On-Premises to Cloud Computing
The cloud innovated the way enterprises build and deploy applications. Applications that were deployed to on-premises data centers are now deployed via cloud virtual machines (VMs) or containers. Installs that use to take days, or even weeks, now take minutes with an established pipeline in place. Yet, even with all these advances, cloud security has broad requirements, and organizations must understand where the gaps are in order to reduce malicious threats.
The Importance of a Secure AWS Infrastructure
Running on cloud providers, including Amazon Web Services (AWS), does not eliminate the threat of malware or ransomware. Organizations must share the security responsibility and protect what they put in the cloud. Fortunately, Trend Micro Cloud One™ has you covered. The solution is easy to set up and protects your cloud apps from security threats. In this article, we'll demonstrate how to set up and run Trend Micro Cloud One on AWS.
How to Secure Your Cloud Infrastructure Using Trend Micro Cloud One
Trend Micro Cloud One is a security services platform with broad platform support and API integration to protect your AWS infrastructure. The AWS infrastructure includes: Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS Lambda, AWS Fargate, containers, AWS Outposts, Amazon Simple Storage Service (Amazon S3), and your virtual private cloud (VPC) networking. In short, Trend Micro acts as your cloud security expert. Also, since Trend Micro Cloud One is available on the AWS Marketplace, procurement, installation, and billing are all simplified thanks to integration with your AWS account.
Although there are built-in AWS security measures in place, they do not cover everything, especially some of your most worrisome cloud-deployment issues. Internal data is usually a company’s most precious commodity and main concern. Code vulnerabilities or data exfiltration on the server can lead to unwanted data pirating.
How to Prevent Malware in Your Cloud Infrastructure
Another issue is malware being unknowingly installed on your servers and interfering with your running applications. Since malware is constantly developed and updated, it is important to protect your critical applications from such attacks. Additional attacks can come from vulnerabilities in operating systems, runtime threats, traffic requests, a remote code execution, and more.
Now that you know what you’re up against, the remainder of this article will take you through how easy it is to install and use Trend Micro Cloud One services, so you can try it for yourself.
How to Install Trend Micro Cloud One on AWS for Better Security
Trend Micro Cloud One is available on the AWS Marketplace, making installation simple and quick. It even works on the AWS free tier if you're just looking to confirm it meets your needs.
The first step to adding Trend Micro Cloud One is to navigate to AWS Marketplace: Trend Micro Cloud One (amazon.com) and click on the “Continue to Subscribe” button.
You will then enter the Trend Micro Cloud One AWS marketplace. Click on the “Subscribe” button.
This will take you to the Trend Micro Cloud One portal to sign up. Once you sign up, you will see the Trend Micro Cloud One console.
How to Set up Trend Micro Cloud One for a More Secure AWS
For this demo, we will take you through the steps of adding Trend Micro Cloud One™ – Workload Security to an AWS instance. Workload Security is a component of Trend Micro Cloud One that provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.
Within the Trend Micro Cloud One portal, click on “Workload Security”. Then, in the dashboard, select “Computers” ➜ “Add” ➜ “Add AWS Account…”.
Select the “Quick setup” option, then click “Next”. A page will appear describing what happens during the setup process with a URL. The URL is valid for one hour.
Click “Next”. If you are not already logged into your AWS account, you will be prompted to do so. Once you are logged in, the AWS CloudFormation “Create stack” screen will load.
Click “Next” on the “Specify template” page to accept the defaults.
Name your security stack on the next page, then hit “Next”.
If your organization uses tags, you can add them on the “Options” page, then click “Next” to get to the “Review” page. On the Review page, select the check box next to “I acknowledge that this template might cause AWS CloudFormation to create IAM resources.”
Click “Create”. When AWS CloudFormation finishes setting up a cross-account role, the Workload Security wizard will display a success message. You can close the screen before the success message appears. The account is added to Workload Security immediately after the cross-account role is set up.
Your Workload Security console screen will automatically be updated with your AWS account and the account will show up under the Computers tab.
If your AWS account includes Amazon WorkSpaces and you want to protect them with Workload Security, go to the Workload Security console, right-click your AWS account on the left, and select “Properties”. Enable “Include Amazon WorkSpaces” and click “OK”. By enabling the checkbox, you ensure your Amazon WorkSpaces appear in the correct location in the tree structure within the Workload Security console and are billed at the correct rate.
The next step is to spin up an Amazon EC2 instance (you can use a free-tier instance for experimentation) and add an Amazon WorkSpaces agent. On the Amazon WorkSpaces dashboard, click on “Administration” ➜ “System Settings” ➜ “Agent”.
When assigning the security group to your Amazon EC2 instance, you need to open the SSH port and two TCP ports: One at 443 and one at 80.
After the Amazon EC2 instance is created, you must install the Workload Security agent. You retrieve the Workload Security agent from the Workload Security console. Go to “Administration” ➜ “Updates” ➜ “Software” ➜ “Local” and find the correct agent for your Amazon EC2 operating system.
Click on “Export” ➜ “Export Installer” to download the agent to your local machine.
After the agent downloads, SCP the agent to your Amazon EC2 instance, log into your Amazon EC2 instance, then run: rpm -i <your agent.rpm>. This will install the agent. To activate the agent, run the following command: /opt/ds_agent/dsa_control -a dsm://agents.depsecurity.trendmicro.com:443/ “tenantID:<your tenantID>” “token:<your token>”
Find the tenantID and token under “Support” ➜ “Deployment Scripts” by scrolling to the bottom of the deployment script.
Running the command on your Amazon EC2 instance should appear as follows:
Once the activation script successfully executes, you should see your instance appear in the “Computers” tab as “Managed”.
You can then click on the “Details” tab to manage different security measures on your Amazon EC2 instance.
Next Steps
The cloud provides great opportunities and flexibility to quickly adjust to your infrastructure needs. Trend Micro Cloud One fills in the security gaps with a wide range of features that are easy to use and set up.
It only took a couple of minutes and a few clicks in the AWS Marketplace to install and set up Trend Micro Cloud One. If you like what you see, why not secure your company's cloud workloads with Trend Micro Cloud One today? Take the first step to protecting your cloud storage from the next security threat on the horizon with a no-risk Trend Micro Cloud One free trial.
