Cloud security really boils down to a visibility challenge. I am showing why companies are moving to the cloud and what the security implications are. The security challenges boil down to a visibility, which in turn is a big data challenge. Loggly, a logging as a service provider, addresses this visibility challenge by providing a big data, cloud logging platform. The presentation outlines some visualization use-cases that can be built on top of the Loggly platform to support visibility into cloud operations.
1. Cloud Security
A Visibility Challenge
Raffael Marty - @zrlram
UNAM 2010, Mexico City
Wednesday, December 1, 2010
2. Raffael Marty
⢠Founder @
⢠Chief Security Strategist and Product Manager @ Splunk
⢠Manager Solutions @ ArcSight
⢠Intrusion Detection Research @ IBM Research
⢠IT Security Consultant @ PriceWaterhouse Coopers
Applied Security Visualization
Publisher: Addison Wesley (August, 2008)
ISBN: 0321510100
Logging as a Service 2 Š by Raffael Marty
Wednesday, December 1, 2010
3. Agenda
â˘Data Centers â˘Visibility and Big Data
â˘The Cloud â˘Logging as a Service
â˘A New Risk Landscape
Logging as a Service 3 Š by Raffael Marty
Wednesday, December 1, 2010
5. 11.8 million servers in data centers
âEffectively and Securely Using the Cloud Computing Paradigm AWS servicesâ - Peter Mell, Tim Grance, NIST
Raffael Marty - @zrlram 5
Wednesday, December 1, 2010
6. Servers are used at only 15% of their
capacity
âEffectively and Securely Using the Cloud Computing Paradigm AWS servicesâ - Peter Mell, Tim Grance, NIST
Raffael Marty - @zrlram 6
Wednesday, December 1, 2010
7. 800 billion dollars spent yearly on purchasing
and maintaining enterprise software
80% of enterprise software expenditure is on
installation and maintenance of software
âEffectively and Securely Using the Cloud Computing Paradigm AWS servicesâ - Peter Mell, Tim Grance, NIST
Raffael Marty - @zrlram 7
Wednesday, December 1, 2010
8. Data centers consume up to 100 times more per
square foot than a typical office building
Data centers consume 1.5% of the USAâs
electricity
âEffectively and Securely Using the Cloud Computing Paradigm AWS servicesâ - Peter Mell, Tim Grance, NIST
Raffael Marty - @zrlram 8
Wednesday, December 1, 2010
9. From 2001 to 2006:
⢠Number of servers doubled
⢠Average power consumption per server
quadrupled
âEffectively and Securely Using the Cloud Computing Paradigm AWS servicesâ - Peter Mell, Tim Grance, NIST
Raffael Marty - @zrlram 9
Wednesday, December 1, 2010
10. Green technologies can reduce energy
costs by 50%
âEffectively and Securely Using the Cloud Computing Paradigm AWS servicesâ - Peter Mell, Tim Grance, NIST
Raffael Marty - @zrlram 10
Wednesday, December 1, 2010
12. The Public Cloud
IaaS - Infrastructure
PaaS - Platform
SaaS - Software
Enterprise Infrastructure Services
LaaS - Logging
XaaS - DNS / RDBMS /...
Raffael Marty - @zrlram 12
Wednesday, December 1, 2010
13. Cloud âFeaturesâ
⢠Almost infinite resources - on demand
⢠Pay as you go
⢠Elasticity - dynamic load allocation
⢠Quality of service guarantees (SLAs)
⢠Outsource non-core capabilities / responsibilities
⢠Forces operations to streamline and automate
⢠Availability of infrastructure services (load balancing, database, logging, etc.)
⢠Enables higher availability
- Provision in multiple data centers / multiple instances
Raffael Marty - @zrlram 13
Wednesday, December 1, 2010
14. Why Companies Move to the Cloud
âIf you move your data centre to a cloud provider, it will
cost a tenth of the cost.â â Brian Gammage, Gartner Fellow
âUsing cloud infrastructures saves 18% to 29% before considering that you no
longer need to buy for peak capacityâ - George Reese, founder Valtira and enStratus
âWeb service providers offer APIs that enable developers to exploit functionality
over the Internet, rather than delivering full-blown applications.â - Infoworld
Raffael Marty - @zrlram 14
Wednesday, December 1, 2010
15. Why Companies Move to the Cloud
⢠Ecological considerations drive economical decisions
⢠Increased Efficiency due to better use of resources
⢠More predictable cost
⢠IT staff can be freed up for other initiatives
⢠Design with redundancy and failure
tolerance needed
⢠Automation is necessary, but is a good thing
⢠Easy integration of services for non-core capabilities (RDBMS,
Load balancing, etc.)
Raffael Marty - @zrlram 15
Wednesday, December 1, 2010
16. Changes in Security
⢠The Good
- Cloud homogeneity makes security auditing/testing simpler
- Clouds enable automated security management
- Redundancy / Disaster Recovery
- Distributed denial of service (DDoS) protection
⢠The Bad?
- Loss of physical control
- No more network-based Intrusion Detection
- No data leak prevention (DLP)
- Little network routing mechanisms
Raffael Marty - @zrlram 16
Wednesday, December 1, 2010
17. What Has Changed
⢠Data Storage and Access
- Isolation management / data multi-tenancy
- Data retention issues
- Data dispersal and international privacy laws
⣠EU Data Protection Directive and U.S. Safe Harbor program
⣠Exposure of data to foreign governments and data subpoenas
⢠Processing Infrastructure
- Application multi-tenancy
- Reliance on hypervisors
- Process isolation / Application sandboxes
Raffael Marty - @zrlram 17
Wednesday, December 1, 2010
18. Your New
Risk Landscape
18
Wednesday, December 1, 2010
19. Risk = (Threat, Vulnerability)
⢠Shared resources ⢠Hypervisor escaping
⢠Using external services ⢠Stored credentials
Proprietary implementations canât be examined
-
⢠Web ubiquity
- Availability of services
- Confidentiality of services
⢠Malicious insiders
⢠Data storage
⢠Trusting vendorâs security model
- Obtaining support for investigations
- Inability to respond to audit findings
Raffael Marty - @zrlram 19
Wednesday, December 1, 2010
20. Visibility
and Big Data
20
Wednesday, December 1, 2010
22. Visibility
⢠Monitoring
- Performance
- Availability
- Ephemeral Infrastructure IaaS - Similar to before
⢠Security PaaS - Lack of Infrastructure
- New Threats SaaS - Blind?
- New Vulnerabilities
- Different Risk Distribution
Raffael Marty - @zrlram 22
Wednesday, December 1, 2010
23. Application Visibility
⢠If you canât control the infrastructure, control your applications
⢠Application logging
- need guidelines
- better tools
- education of developers / students?
⢠Challenges
- how to centrally collect all the data
- how to mine the data
- how to use/understand the data
See: Raffael Marty, âCloud Application Logging for Forensicsâ, SAC 2011, Taipei.
Raffael Marty - @zrlram 23
Wednesday, December 1, 2010
24. Big Data
⢠NoSQL
⢠Distributed data stores
⢠Distributed queues
⢠Map reduce
⢠ETL (Extract, Transform, Load)
⢠...
Raffael Marty - @zrlram 24
Wednesday, December 1, 2010
25. LaaS - Logging as a Service
⢠Log collection
Benefits
⢠all data in one place ⢠No installation ⢠Great scalability
⢠Log storage and management ⢠Easy configuration ⢠7x24 availability
⢠No maintenance ⢠Pay as you go
⢠index, storage, archive
⢠Extremely fast log search across all your data
⢠data source agnostic (no parsers)
⢠innovative Web shell
⢠API log access
⢠oAuth authentication
⢠always on
Logging as a Service 25 Š by Raffael Marty
Wednesday, December 1, 2010
26. âLogging Busâ
Machines Mashups
mobile-166 My syslog
Users ⢠Logs published to bus
⢠Consumers read from
bus
Bus
Individuals Mashups
⢠Situational awareness
Clouds
Small businesses
⢠Security forensics
Data centers ⢠Security monitoring
Logging as a Service 26 Š by Raffael Marty
Wednesday, December 1, 2010
27. Situational Awareness
⢠Treemap
⢠Protovis.JS
⢠Size: Amount
⢠Brightness: Variance
⢠Color: Sensor
⢠Shows: Scans -
bright spots
⢠Thanks to Chris Horsley
Logging as a Service 27 Š by Raffael Marty
Wednesday, December 1, 2010
28. Forensics
mobile-166 My syslog
Logging as a Service 28 Š by Raffael Marty
Wednesday, December 1, 2010
29. Security Visualization
www.secviz.org
Logging as a Service 29 Š by Raffael Marty
Wednesday, December 1, 2010
30. about.me/raffy
loggly.com/signup
30
Wednesday, December 1, 2010