protecting your it environment: insights from real-world security incidents
TRANSCRIPT
Protecting Your IT Environments: Insights from Real-World Security Incidents.
Welcome
Sheri SullivanSenior Partner Marketing Manager
Amazon Web Services
Webinar Overview
Today’s webcast is being recorded. Submit Your Questions using the Q&A tool.
A copy of today’s presentation will be made available on:
AWS SlideShare Channel@ http://www.slideshare.net/AmazonWebServices/
AWS YouTube Channel@ http://www.youtube.com/user/AmazonWebServices
Amazon Web Services overview and security requirements
Alert Logic cloud security insights and research findings
Alert Logic security solutions on AWS
Q&A
What We’ll Cover
Miles WardSenior Solutions Architect
Amazon Web Services
Stephen CotyDirector of Research
AlertLogic
Introducing
What is AWS?
AWS Global Infrastructure
Application Services
Networking
Deployment & Administration
DatabaseStorageCompute
AWS Security and Compliance Framework
No Up-Front Capital Expense
Pay Only for What You Use
Self-Service Infrastructure
Easily Scale Up and Down
Improve Agility & Time-to-Market
Low Cost
Cloud Computing Benefits
Deploy
• $5.2B retail business
• 7,800 employees
• A whole lot of servers
Every day, AWS adds enough
server capacity to power that
whole $5B enterprise
Solving Problems for Organizations Around the World
Gartner “Magic Quadrant for Cloud Infrastructure a Service,” Lydia Leong, Douglas Toombs, Bob Gill, Gregor Petri, Tiny Hayn, October 18, 2012. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report.. The Gartner report is available upon request from Steven Armstrong ([email protected]). Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Magic Quadrant for Cloud Infrastructure as a Service
Why Amazon Web Services?
The Cloud API
Standard
Global Footprint
and Expansion
Operational Excellence
Rate of Innovation
Security and Compliance
Deploy
Clear Market Leadership
Why Amazon Web Services?
The Cloud API
Standard
Global Footprint
and Expansion
Operational Excellence
Rate of Innovation
Security and Compliance
Deploy
Clear Market Leadership
Architected for Enterprise Security Requirements
And now.. FedRAMP!
“The Amazon Virtual Private Cloud
[Amazon VPC] was a unique option that
offered an additional level of security and
an ability to integrate with other aspects
of our infrastructure.”Dr. Michael Miller,
Head of HPC for R&D
“You basically turn yourself into a
polymorphic surface to which the attack guy
has a much tougher time getting at. That,
ultimately, is the real key advantage to drive
security and make things much better for us
across the board.”Gus Hunt, CTO
Central Intelligence Agency
SSAE16/32 AuditISO 27001/2 CertificationPCI DSS 2.0 Level 1-5HIPAA/SOX ComplianceFISMA ModerateFEDRamp / GSA ATO
Enforce IAM policiesUse MFA, VPC, Leverage S3 bucket policies,
EC2 Security groups, SSL, EFS in EC2 Etc..
Encrypt data in transitEncrypt data at rest
Protect your AWS CredentialsRotate your keys
Secure your OS and applications
In the Cloud, Security is a Shared Responsibility
Application Security
Services Security
Infrastructure Security
How we secure our infrastructure
What security options and features are available to you?
How can you secure your application and what is your
responsibility?
> www.alertlogic.com
Insights from Real-World Security Incidents
Stephen Coty, Director of Research
Protecting Your IT Environments
> www.alertlogic.com 16
Lack of data on real risks drives this uncertainty
There’s a perception of cloud insecurity…
> www.alertlogic.com
Alert Logic looks at security data every day
17
1 billion > 45,000
Our State of Cloud Security Report analyzes real customer cloud
security data.
> www.alertlogic.com
Spring 2013 Report
18
• 1,800+ customers• 45,000+ incidents• Report series cover 2+ years
of data
April – Sept 2012 Data
• Financial Services• Healthcare• Software-as-a-Service
Vertical Focus
> www.alertlogic.com
Spring 2013 Report
19
• 1,800+ Customers Environments• 2 Years of Threat Data Published• 150k+ Security Incidents Analyzed
Key Findings
• Cloud environments are not more attack prone than enterprise data centers
• Web application attacks are a significant threat vector for all environments
• Threats levels are consistent across industries and verticals
Full Report Available at alrt.co/Spring2013CSR
> www.alertlogic.com
Anatomy of an Incident
Page 20
Hacker Timeline
Corporate Timeline
> www.alertlogic.com
Percentage of customer impacted by…
21
App Attack
Malware/Botnet
Recon
Vulnerability Scan
Bruteforce
Web App Attack
0% 10% 20% 30% 40% 50% 60%
15%
49%
23%
28%
49%
39%
3%
5%
9%
27%
30%
52%
Cloud Hosting Providers Enterprise Data Center
> www.alertlogic.com
Solutions to address these incidents
App Attack
Malware/Botnet
Recon
Vulnerability Scan
Bruteforce
Web App Attack
0% 10% 20% 30% 40% 50% 60%
15%
49%
23%
28%
49%
39%
3%
5%
9%
27%
30%
52%
Cloud Hosting Providers Enterprise Data Center
Source: Alert Logic State of Cloud Security, Spring 2013
Malware protection critical for on-premises infrastructure
Review log data to detect brute force
attempts
Use IDS to detect
suspicious recon
Active web application defense blocks attacks
22
> www.alertlogic.com
23
AWS GlobalInfrastructure
FoundationServices
Multiple Availability
Zones
Globally Distributed
Regions
Compute Storage DB Network
VPC Networks
Hosts
• VPC provides Logically isolated environments• Security groups filter inbound/outbound • External DDoS, spoofing and scanning
prevented
• Hardened hypervisor• Promiscuous mode prevented• Deny-all default in security group• Root access provided to customer
• Access management• Patch management• Configuration hardening• Security monitoring• Log analysis
Apps
• Network threat detection
• Security monitoring
• Secure coding and best practices• Software and virtual patching• Configuration management
• Access management• Application level attack monitoring
The Enterprise Security Model
SQLiX-site scripting
Data exfiltration
Privilege escalationTrojan
Brute force attacks
Botnet compromiseC&C traffic
Buffer overflow
23
> www.alertlogic.com
Alert Logic Solutions
24
COMPLY MONITOR PROTECT
Network
Host
App
Web Security Manager + ActiveWatch
Product Technologies• Web Application Firewall
• Positive & negative security models• Adaptive learning engine• Broad compliance coverage (PCI 6.6, OWASP Top 10)
Log Manager + LogReview
Product Technologies• Log archival• SIEM
• Automated analysis of security logs• Simple, intuitive search interface• All your data accessible online, all the time
Threat Manager + ActiveWatch
Product Technologies• IDS with blocking• Vulnerability Assessment
• Context aware threat identification• Integrated VA for minimal false positives• PCI Approved Scanning Vendor certified
Implement Operate Content Monitor Alert Respond
Clou
d En
able
d IT
Infr
astr
uctu
re
Security & Compliance Outcomes
Security-as-a-Service Delivery
SQLiX-site scripting
Data exfiltration
Privilege escalationTrojan
Brute force attacks
Botnet compromiseC&C traffic
Buffer overflow
> www.alertlogic.com 25
Engineered for AWS Environments
Engineered for AWS
Supports auto-scaling & role aware Automatable with APIs and scripts Available across multiple regions Manageable at scale IP address & topology independant Usage based utility pricing Marketplace transactable
AMI and agent deployment options Network and system visibility Proven reference architectures
Runs on AWS
> www.alertlogic.com
Case Study: Element Solutions
26
PROFILE• Subscription-based content management solutions
INFRASTRUCTURE• Deployments in three Amazon cloud regions
CHALLENGE• Meet client compliance requirements with security as
secure as on-premises data centers
SOLUTION • Alert Logic Threat Manager
HIGHLIGHTS• No physical appliances and no dedicated infrastructure
to manage• Rapid provisioning into Amazon cloud infrastructure
"I was very pleased with Alert Logic's responsive-ness… Due to their feedback we were able to effectively eliminate possible causes and find the real cause of the problem…. Threat Manager fits well with our hosted offerings.”
Len Buzyna, CTO
> www.alertlogic.com
Case Study: Spindle, Inc.
27
PROFILE• Payment service processor with card swipe solution for
mobile and ecommerce environments
INFRASTRUCTURE• Two cloud production environments
CHALLENGE• PCI Level One certification on Amazon Web Services
SOLUTION • Alert Logic Threat Manager
HIGHLIGHTS• Managed solution that doesn't require additional staff• Fluid interaction with other AWS tools
"The fact that Alert Logic monitors all traffic, and alerts us when there is an issue, is of great value to us. Threat Manager with ActiveWatch for AWS encompasses everything we need to protect our infrastructure on the Amazon cloud.”
Justin Clark, Head of Operations
> www.alertlogic.com 28
Download: www.alertlogic.com/csr
Twitter: @alertlogic #csr
Get the Report
> www.alertlogic.com
Solutions available in the AWS Marketplace
aws.amazon.com/marketplace/
> www.alertlogic.com
Thank you!
Questions
Contacts:Alert Logic Info:www.alertlogic.com/csr
AWS Contact: aws.amazon.com/contact-us
We appreciate your feedback on this presentation.
Please take a moment for a quick survey.