Breach Stats
Introduction to Security in the Cloud
Mark BrooksSenior Director Solution Engineering
SECURITY IS A CHALLENGE
Infrastructure Has Changed
EARLY 2000’s MID 2000’s NOW
Buying Hardware
Infrastructure Has Changed
EARLY 2000’s MID 2000’s NOW
Infrastructure As a ServiceBuying Hardware
Security Has Changed
Security Has Changed
Cybercrime Has Also ChangedSingle Actors
EARLY 2000’s MID 2000’s NOW
Cybercrime Has Also ChangedSingle Actors Highly Organized Groups
EARLY 2000’s MID 2000’s NOW
Cybercrime is Flourishing
508 is the average number of
applicationsin an enterprise
Evolution of AdversariesExpanding Attack Surfaces Overwhelmed Defenses
37% of US companies face 50,000+ alerts
per month
390,000 new malicious programs
every day with a viable ecosystem
Forbes, 2014FireEye, 2015
AV-TEST, 2016
Who is being targeted?
Who is being targeted?
Who is being targeted?
Today’s Attacks Have Several Stages
THE GOOD NEWS
The Cloud Can be Secure
“Public cloud workloads can be at least as secure as those in your own data center, likely better.”
Neil McDonald – Garter Security and Risk Management SummitLondon Sept 2015
Cloud Security – New Approach
The Principles of security do not change but your Approach to security needs to change:
• Security best practices are no different in the cloud
• You need to apply the same security standards to cloud workloads as applied to on-premises
• Understand the Shared Responsibility of Cloud Security
Security in the Cloud is a Shared Responsibility
PROVIDES
• Secure coding and best practices• Software and virtual patching• Configuration management
• Access management• Application level attack monitoring
• Access management• Patch management• Configuration hardening• Security monitoring• Log analysis
• Network threat detection• Security monitoring
• Logical network segmentation• Perimeter security services• External DDoS, spoofing, and scanning prevented
• Hardened hypervisor• System image library• Root access for customer
• Configuration best practices
Challenges of being Secure in the Cloud
SECURITY TOOLS AREComplicated to use
Difficult to deploy
Expensive to manage and tune
HUMAN EXPERTISE ISHard to find
Harder to keep
Very expensive
THREAT INTELLIGENCE AND SECURITY CONTENTGets stale quickly
Requires specificknow-how
Validation required to avoid false positives
ALERT LOGIC HAS A SOLUTION
Alert Logic Provides
Realtime Security Monitoring of Network and Logs
Analytics Engine to find potential threats
Review and Escalation by our Security Analysts
Visibility of the AWS Environment
AWS Best Practices
Vulnerabilities on the InstancesAWS
Config / Inspector
AWS CloudTrail
Research into generic and AWS threats
Audit and Compliance reporting
Alert Logic – a Leader in Forrester’s 2016 NA MSSP WAVETM
“Alert Logic has a head start in the cloud, and it shows.
Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations.”
- Forrester WAVETM Report
How Cloud Defender Works in AWS
AWS Service Log Collection Web and Network Security Events,Application & server logs
Continuous Vulnerability ScanningConfiguration Assessments, and Environment
Visibility
AWS SERVICES INSTANCES & APPLICATIONS
Analytics Platform Threat Intel & Context Expert Analysis
Threat Detection with Remediation Tactics
YOUR TEAM
Vulnerability & Configuration Issues
How Cloud Defender Works
Threat Intel & Security
Content
24 x 7 Monitoring &
Escalation
Web Application Events
Network Events
Log Data Data Collection
Threat Data Analytics Platform
Continuous Detection of
Threats & Exposures
Your Team
Threat & Exposure Remediation Tactics
Vulnerability and AWS-Specific Checks Included
AWS ACCOUNTSPasswords complexityNon-expiring passwordsNo users with API keysNo MFA No key rotationInactive user accountsEC2 instance not using IAM roles
S3 BUCKETSUpload permissions not restrictedDelete permissions not restrictedUnrestricted list access
AWS RDS Secure database settings Data encryption
OVER 80,000 VULNERABILITY AND CONFIGURATION CHECKS
NETWORK TOPOLOGYUnrestricted inbound/outboundDirect inbound/ outbound access to DBInsecure services open to InternetMultiple functions on a single host (Web and DB server)
ELB SECURITYInsecure cipher or protocolListener not using secure protocolUnapproved cipherMissing security groupsUnapproved port access
Almost 4,000 Organizations Worldwide Trust Alert Logic
MILLIONS of devices secured
PETABYTES of log data undermanagement
HUNDREDSOF MILLIONS of security eventscorrelatedper month
THOUSANDS of incidents identified and reviewed per month
Thank you.