James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers: • The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS. • Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections) • Best practices for how to protect your environment from the latest threats

1. JOURNEY TO THE CLOUD:
SECURING YOUR AWS WEB
APPLICATIONS
James Brown, Director of Cloud
Computing & Solution Architecture

2. Before We Begin
Housekeeping Speaker
• Turn on your system’s sound to
hear the streaming presentation
• Questions? Submit them to the
presenter at anytime into the
question box
• The presentation slides will be
available to download from the
attachment tab after the webinar
• The webinar will be recorded
and published on BrightTalk
• Technical Problems? Click
“Help”
• James Brown
• Director of Cloud Computing &
Security Architecture, Alert Logic

3. Providing fully managed and monitored security and compliance for
cloud, hybrid, and on-premises infrastructure, with the benefits of deep
insight, continuous protection, and lower costs
Continuous
Protection
Lower
Total Costs
Deep Security
Insight
Leading Provider of Security & Compliance Solutions for the Cloud

4. Leading Provider of Security & Compliance for the Cloud
#1 for
Cloud Platforms
#1 in
Security-as-a-Service
#1 for Managed
Cloud & Hosting Providers
Over 3,000
customers
worldwide

5. The IT and Threat Landscape has Changed
D A T A C E N T E R S
The Hybrid Data Center
• Cloud/mobile First approach
by many companies
• Public cloud and Hybrid IT
environments mainstream
The Virtual Data Center
• Virtualization becomes
mainstream
• Public clouds launch
• Mobile devices proliferate
The Physical Data Center
• X86 server pre-dominant
• Primarily on-premises
• Hosting providers emerge
• Cloud options being
developed
T H R E A T S A N D A T T A C K S
Next Generation Threats
• Advanced attacks
• Multi-vector approach
• Social engineering
• Targeted recon
• Long duration compromises
Catalyst for Change
• Proliferation of malware
• Organized hacking groups
• Access to information
• Financial gain motivation
The Early Days of Threats
• Basic malware
• Spray and pray
• Smash-n-grab
• Solo hackers
• Mischief motivation
EARLY 2000’s MID 2000’s 2015 & BEYOND

6. Today’s Attacks are Becoming More Complex
• Attacks are multi-stage using multiple threat vectors
• Takes organizations months to identify they have been compromised
• 205 days on average before detection of compromise1
• Over two-thirds of organizations find out from a 3rd party they have been
compromised2
1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast
2 – M-Trends 2015: A View from the Front Lines
Initial
Attack
Identify &
Recon
Command
& Control
Discover &
Spread
Extract &
Exfiltrate
The Impact
• Financial loss
• Harm brand
and reputation
• Scrutiny from
regulators

7. Attacks Happen at Multiple Layers of the Application Stack
THE IMPACT
• Every layer of the
application stack is under
attack
• Attacks are multi-stage
using multiple threat
vectors
• Web applications are #1
vector in the cloud
• Security must be cloud-
native, cover every layer of
application stack, and
identify attacks at every
stage.
SQL Injection
Identify &
Recon
Command
& Control
Worm
Outbreak
Extract &
Exfiltrate
Malware
Brute
Force
Identify &
Recon

8. Understanding the Shared Responsibility Model
Public Cloud providers do an amazing job of securing the
areas that they are responsible for
You have to be very aware of what you are responsible for

9. Security in the Cloud is a Shared Responsibility

10. Security in the Cloud is a Shared Responsibility

11. Different Attack types in the Cloud
Web App Attack Malware/Botnet
Brute Force Brute Force
Vulnerability Scan Vulnerability Scan
#1
#2
#3

12. “We are asked this question a lot: 'What
keeps you up at night?' What keeps us up
at night in AWS security is the customer
not configuring their applications
correctly to keep themselves secure”
AWS Head of Global Security Programs, Bill Murray

15. HOW DO YOU PROTECT
AGAINST WEB
APPLICATION ATTACKS

16. Protection Strategies for Websites
Before it hits production…
1. Secure your code
2. Secure your cloud provider accounts
3. Agree a security baseline
4. Integrate security into DevOps
5. Understand the shared security model
6. Scan for vulnerabilities
Once it is in production…
7. Continuous monitoring of network and logs

17. OWASP Top 10
• OWASP is an open community dedicated to enabling organisations
to conceive, develop, acquire, operate, and maintain applications
that can be trusted.
• All of the OWASP tools, documents, forums, and chapters are free
and open to anyone interested in improving application security.
• We advocate approaching application security as a people,
process, and technology problem because the most effective
approaches to application security include improvements in all of
these areas
https://www.owasp.org

18. OWASP - Open Web Application Security Project
https://www.owasp.org

19. Injection Attacks - SQLMap

20. CONTINUOUS MONITORING

21. “AWS is great for physical security and
network security, but when you are building
an application, you have to own that
security yourself - Amazon does not know
what you are building”
Colin Bodell, EVP & CTO Time Inc

22. How Can We Protect Ourselves Against Attack?
Traditionally we have evaluated security in terms of risk, and
security policies and practices are put in place to minimize this risk
This does not take into account actual threats that exist, that can be
mitigated right now.
We need to move to continuous monitoring - The answer is
people, process and software
OWASP – “We advocate approaching application security as a
people, process, and technology problem because the most
effective approaches to application security include improvements in
all of these areas”

23. Threat Research
Customer
ACTIVEWATCH
INCIDENTS
Honey Pot Network
Flow based Forensic Analysis
Malware Forensic Sandboxing
Intelligence Harvesting Grid
Alert Logic Threat Manager Data
Alert Logic Log Manager Data
Alert Logic Web Security Manager Data
Alert Logic ScanWatch Data
Asset Model Data
Customer Business Data
Security Content
Applied Analytics
Threat Intelligence
Research
INPUTS
Data Sources

24. Threat Research – Honeypots
Honeypot Research Benefits
Collect new and
emerging malware
Identify the
source of the
attacks
Determine
attack vectors
Build a profile of
the target
industry

25. Threat Research – The Dark Web

26. How Cloud Defender Works
Continuous
protection
from
threats and
exposures
Big Data
Analytics
Platform
Threat
Intelligence
& Security
Content
Alert Logic
ActiveAnalytics
Alert Logic
ActiveIntelligence
Alert Logic
ActiveWatch
24 x 7
Monitoring
&
Escalation
Data
Collection
Customer IT
Environment
Cloud, Hybrid
On-Premises
Web Application
Events
Network Events &
Vulnerability
Scanning
Log Data Alert Logic Web Security Manager
Alert Logic Threat Manager
Alert Logic Log Manager
Alert Logic
ActiveAnalytics
Alert Logic
ActiveIntelligence
Alert Logic
ActiveWatch

27. Questions and Resources
Resources
All available under the
“Attachments” tab of the webinar:
• It’s Not You, It’s Me:
Understanding the Shared
Responsibility of Cloud
Security
• Includes 7 Best Practices for
Cloud Security
• The Anatomy of a Web Attack
Infographic
• Alert Logic Blog
• DevOps - Top 10 tips for Security
Professionals Blog
Questions
• Questions? Submit them to the
presenter at anytime into the
question box

28. Get Connected
www.alertlogic.com @alertlogic
linkedin.com/company/alert-logic
alertlogic.com/resources/blog/
youtube.com/user/AlertLogicTV
brighttalk.com/channel/11587

29. Thank you.