nimbo/alert logic - azure in the cloud
TRANSCRIPT
Alert Logic – Azure Cloud Security
Johnathan NormanCloud Solutions Architect
Agenda
• Key Findings: Cloud Security Report, Spring 2014- Alert Logic Customer Data- Honeypot Research
• Common Azure Security & Compliance Issues• Alert Logic for Azure
- Log Manager
- Threat Manager
- Web Security Manager
Cloud Adoption is Gaining Momentum
• Major Public cloud vendors predicted to eclipse $10B in revenue by 2015
• Oracle Cloud bookings increased by 35% in 2013
• Gartner predicts 60% of banking institutions to migrate to the cloud
• Healthcare is expected to adopt cloud computing at a 21% year over year rate through 2017
• VDI (Desktop as a Service) market reached $13.4 billion in 2013
Over 2,800 Organizations Worldwide Trust Alert Logic
Millions of devices secured
3.7 Petabytesof log data under
management
8.5 Millionsecurity events
correlated per day
40,000incidents identified
and reviewedper month
Threats in the Cloud are Increasing With Adoption
• Increase in attack frequency
• Traditional on-premises threats are now moving to the
cloud
• Majority of cloud incidents were related to web
application attacks, brute force attacks, and
vulnerability scans
• Brute force attacks and vulnerability scans are now
occurring at near-equivalent rates
in both cloud and on-premises
environments
• Malware/Botnet is increasing year
over year
Global Honeypot Network
Why Honeypots?
•Honeypots give us a unique data set
•Simulates vulnerable systems without the risk of real data loss
•Gives the ability to collect intelligence from malicious attackers
•Allows for collection of variousdifferent attacks based on system
•Helps identify what industry specific targets are out there
Honeypot Findings
https://www.alertlogic.com/wp-content/uploads/2014/08/alertlogic-HoneypotFindings2014-infographic.pdf
Common Azure Compliance & Security Issues
Secure your code
Know your scope
Instance Isolation
Shared Responsibility
Storage Key Management
1234567
1- Secure Your Code – Implement SDL
1- Secure Your Code – Sharing is bad…
2- Know Your Scope
Web Traffic
Web Role
Web Role
Azure Website
Azure Website
Azure Storage
Azure Storage
Traffic Manager
2 – Know your scope
3 – Instance Isolation
worker rolesweb rolesservice endpoint
service endpoint
Virtual NetworkVirtual Network
Web Traffic
4 - Storage Key Management
storage blob
Azure Mobile Services
1. Upload()
2. Path = http://blah.storage.azure.com/public/xyz/foo.jpg
3. UploadToPath(Path);
4 - Storage Key Management
storage blob
Azure Mobile Services
1. Upload()
2.) Return SAS (write/expires 5 min) and Path
3.) Authenticate & Upload
5 - Security in the Cloud is a Shared Responsibility
CustomerResponsibili
ty
FoundationServices
Hosts
• Logical network segmentation• Perimeter security services• External DDoS, spoofing, and scanning
prevented
• Hardened hypervisor• System image library• Root access for customer
• Access management• Patch management• Configuration hardening• Security monitoring• Log analysis
Apps
• Secure coding and best practices
• Software and virtual patching• Configuration management
• Access management• Application level attack
monitoring
• Network threat detection
• Security monitoringNetworks
CloudService Provider
Responsibility
Compute
Storage
DB Network
http://azure.microsoft.com/en-us/support/trust-center/compliance/
Alert Logic –Security Solutions
Security and Compliance is Challenging
Skilled security resources are in high demand and
hard to find
Moving to cloud and hybrid IT environments brings
different threats and complexities
Maintaining continuous security and compliance
is expensive
Applications
Systems
Networks
Building a Security and Compliance Solution
IDS
Vulnerability Scanning
Web Application Firewall
Log ManagementThreat
IntelligenceFeeds
SIEM
Staff capable of:
•Provisioning
•Monitoring
•Configuration and tuning
•Researching incidents, emerging threats, and defining remediation steps
Big Data Analytics
ProductsAutomated Correlation
and AnalyticsPeople & Process
Alert Logic Solutions
Alert LogicThreat Manager™
Alert LogicWeb Security Manager™
Alert LogicLog Manager™
Alert Logic Unified Web User Interface
Intrusion Detection & Vulnerability Scanning
Log Management & Compliance Reporting
Active Protection for Web Applications
Thank you.