introduction to security in the cloud - mark brooks, alert logic
TRANSCRIPT
![Page 1: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/1.jpg)
Breach Stats
![Page 2: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/2.jpg)
Introduction to Security in the Cloud
Mark BrooksSenior Director Solution Engineering
![Page 3: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/3.jpg)
SECURITY IS A CHALLENGE
![Page 4: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/4.jpg)
Infrastructure Has Changed
EARLY 2000’s MID 2000’s NOW
Buying Hardware
![Page 5: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/5.jpg)
Infrastructure Has Changed
EARLY 2000’s MID 2000’s NOW
Infrastructure As a ServiceBuying Hardware
![Page 6: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/6.jpg)
Security Has Changed
![Page 7: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/7.jpg)
Security Has Changed
![Page 8: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/8.jpg)
Cybercrime Has Also ChangedSingle Actors
EARLY 2000’s MID 2000’s NOW
![Page 9: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/9.jpg)
Cybercrime Has Also ChangedSingle Actors Highly Organized Groups
EARLY 2000’s MID 2000’s NOW
![Page 10: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/10.jpg)
Cybercrime is Flourishing
508 is the average number of
applicationsin an enterprise
Evolution of AdversariesExpanding Attack Surfaces Overwhelmed Defenses
37% of US companies face 50,000+ alerts
per month
390,000 new malicious programs
every day with a viable ecosystem
Forbes, 2014FireEye, 2015
AV-TEST, 2016
![Page 11: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/11.jpg)
Who is being targeted?
![Page 12: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/12.jpg)
Who is being targeted?
![Page 13: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/13.jpg)
Who is being targeted?
![Page 14: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/14.jpg)
Today’s Attacks Have Several Stages
![Page 15: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/15.jpg)
THE GOOD NEWS
![Page 16: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/16.jpg)
The Cloud Can be Secure
“Public cloud workloads can be at least as secure as those in your own data center, likely better.”
Neil McDonald – Garter Security and Risk Management SummitLondon Sept 2015
![Page 17: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/17.jpg)
Cloud Security – New Approach
The Principles of security do not change but your Approach to security needs to change:
• Security best practices are no different in the cloud
• You need to apply the same security standards to cloud workloads as applied to on-premises
• Understand the Shared Responsibility of Cloud Security
![Page 18: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/18.jpg)
Security in the Cloud is a Shared Responsibility
PROVIDES
• Secure coding and best practices• Software and virtual patching• Configuration management
• Access management• Application level attack monitoring
• Access management• Patch management• Configuration hardening• Security monitoring• Log analysis
• Network threat detection• Security monitoring
• Logical network segmentation• Perimeter security services• External DDoS, spoofing, and scanning prevented
• Hardened hypervisor• System image library• Root access for customer
• Configuration best practices
![Page 19: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/19.jpg)
Challenges of being Secure in the Cloud
SECURITY TOOLS AREComplicated to use
Difficult to deploy
Expensive to manage and tune
HUMAN EXPERTISE ISHard to find
Harder to keep
Very expensive
THREAT INTELLIGENCE AND SECURITY CONTENTGets stale quickly
Requires specificknow-how
Validation required to avoid false positives
![Page 20: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/20.jpg)
ALERT LOGIC HAS A SOLUTION
![Page 21: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/21.jpg)
Alert Logic Provides
Realtime Security Monitoring of Network and Logs
Analytics Engine to find potential threats
Review and Escalation by our Security Analysts
Visibility of the AWS Environment
AWS Best Practices
Vulnerabilities on the InstancesAWS
Config / Inspector
AWS CloudTrail
Research into generic and AWS threats
Audit and Compliance reporting
![Page 22: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/22.jpg)
Alert Logic – a Leader in Forrester’s 2016 NA MSSP WAVETM
“Alert Logic has a head start in the cloud, and it shows.
Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations.”
- Forrester WAVETM Report
![Page 23: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/23.jpg)
How Cloud Defender Works in AWS
AWS Service Log Collection Web and Network Security Events,Application & server logs
Continuous Vulnerability ScanningConfiguration Assessments, and Environment
Visibility
AWS SERVICES INSTANCES & APPLICATIONS
Analytics Platform Threat Intel & Context Expert Analysis
Threat Detection with Remediation Tactics
YOUR TEAM
Vulnerability & Configuration Issues
![Page 24: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/24.jpg)
How Cloud Defender Works
Threat Intel & Security
Content
24 x 7 Monitoring &
Escalation
Web Application Events
Network Events
Log Data Data Collection
Threat Data Analytics Platform
Continuous Detection of
Threats & Exposures
Your Team
Threat & Exposure Remediation Tactics
![Page 25: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/25.jpg)
Vulnerability and AWS-Specific Checks Included
AWS ACCOUNTSPasswords complexityNon-expiring passwordsNo users with API keysNo MFA No key rotationInactive user accountsEC2 instance not using IAM roles
S3 BUCKETSUpload permissions not restrictedDelete permissions not restrictedUnrestricted list access
AWS RDS Secure database settings Data encryption
OVER 80,000 VULNERABILITY AND CONFIGURATION CHECKS
NETWORK TOPOLOGYUnrestricted inbound/outboundDirect inbound/ outbound access to DBInsecure services open to InternetMultiple functions on a single host (Web and DB server)
ELB SECURITYInsecure cipher or protocolListener not using secure protocolUnapproved cipherMissing security groupsUnapproved port access
![Page 26: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/26.jpg)
Almost 4,000 Organizations Worldwide Trust Alert Logic
MILLIONS of devices secured
PETABYTES of log data undermanagement
HUNDREDSOF MILLIONS of security eventscorrelatedper month
THOUSANDS of incidents identified and reviewed per month
![Page 27: Introduction to Security in the Cloud - Mark Brooks, Alert Logic](https://reader036.vdocuments.us/reader036/viewer/2022062412/586fdf6c1a28ab18428b6fd9/html5/thumbnails/27.jpg)
Thank you.