#ALSummit: Architecting Security into your AWS Environment
Die SlideShare-Präsentation wird heruntergeladen.
×
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Andere mochten auch (9)
Ähnlich wie Journey to the Cloud: Securing Your AWS Applications - April 2015 (20)
Weitere von Alert Logic (20)
Aktuellste (20)
Journey to the Cloud: Securing Your AWS Applications - April 2015
- 1. JOURNEY TO THE CLOUD: SECURING YOUR AWS WEB APPLICATIONS James Brown, Director of Cloud Computing & Solution Architecture
- 2. Before We Begin Housekeeping Speaker • Turn on your system’s sound to hear the streaming presentation • Questions? Submit them to the presenter at anytime into the question box • The presentation slides will be available to download from the attachment tab after the webinar • The webinar will be recorded and published on BrightTalk • Technical Problems? Click “Help” • James Brown • Director of Cloud Computing & Security Architecture, Alert Logic
- 3. Providing fully managed and monitored security and compliance for cloud, hybrid, and on-premises infrastructure, with the benefits of deep insight, continuous protection, and lower costs Continuous Protection Lower Total Costs Deep Security Insight Leading Provider of Security & Compliance Solutions for the Cloud
- 4. Leading Provider of Security & Compliance for the Cloud #1 for Cloud Platforms #1 in Security-as-a-Service #1 for Managed Cloud & Hosting Providers Over 3,000 customers worldwide
- 5. The IT and Threat Landscape has Changed D A T A C E N T E R S The Hybrid Data Center • Cloud/mobile First approach by many companies • Public cloud and Hybrid IT environments mainstream The Virtual Data Center • Virtualization becomes mainstream • Public clouds launch • Mobile devices proliferate The Physical Data Center • X86 server pre-dominant • Primarily on-premises • Hosting providers emerge • Cloud options being developed T H R E A T S A N D A T T A C K S Next Generation Threats • Advanced attacks • Multi-vector approach • Social engineering • Targeted recon • Long duration compromises Catalyst for Change • Proliferation of malware • Organized hacking groups • Access to information • Financial gain motivation The Early Days of Threats • Basic malware • Spray and pray • Smash-n-grab • Solo hackers • Mischief motivation EARLY 2000’s MID 2000’s 2015 & BEYOND
- 6. Today’s Attacks are Becoming More Complex • Attacks are multi-stage using multiple threat vectors • Takes organizations months to identify they have been compromised • 205 days on average before detection of compromise1 • Over two-thirds of organizations find out from a 3rd party they have been compromised2 1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast 2 – M-Trends 2015: A View from the Front Lines Initial Attack Identify & Recon Command & Control Discover & Spread Extract & Exfiltrate The Impact • Financial loss • Harm brand and reputation • Scrutiny from regulators
- 7. Attacks Happen at Multiple Layers of the Application Stack THE IMPACT • Every layer of the application stack is under attack • Attacks are multi-stage using multiple threat vectors • Web applications are #1 vector in the cloud • Security must be cloud- native, cover every layer of application stack, and identify attacks at every stage. SQL Injection Identify & Recon Command & Control Worm Outbreak Extract & Exfiltrate Malware Brute Force Identify & Recon
- 8. Understanding the Shared Responsibility Model Public Cloud providers do an amazing job of securing the areas that they are responsible for You have to be very aware of what you are responsible for
- 9. Security in the Cloud is a Shared Responsibility
- 10. Security in the Cloud is a Shared Responsibility
- 11. Different Attack types in the Cloud Web App Attack Malware/Botnet Brute Force Brute Force Vulnerability Scan Vulnerability Scan #1 #2 #3
- 12. “We are asked this question a lot: 'What keeps you up at night?' What keeps us up at night in AWS security is the customer not configuring their applications correctly to keep themselves secure” AWS Head of Global Security Programs, Bill Murray
- 13. HOW DO YOU PROTECT AGAINST WEB APPLICATION ATTACKS
- 14. Protection Strategies for Websites Before it hits production… 1. Secure your code 2. Secure your cloud provider accounts 3. Agree a security baseline 4. Integrate security into DevOps 5. Understand the shared security model 6. Scan for vulnerabilities Once it is in production… 7. Continuous monitoring of network and logs
- 15. OWASP Top 10 • OWASP is an open community dedicated to enabling organisations to conceive, develop, acquire, operate, and maintain applications that can be trusted. • All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. • We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas https://www.owasp.org
- 16. OWASP - Open Web Application Security Project https://www.owasp.org
- 17. Injection Attacks - SQLMap
- 18. CONTINUOUS MONITORING
- 19. “AWS is great for physical security and network security, but when you are building an application, you have to own that security yourself - Amazon does not know what you are building” Colin Bodell, EVP & CTO Time Inc
- 20. How Can We Protect Ourselves Against Attack? Traditionally we have evaluated security in terms of risk, and security policies and practices are put in place to minimize this risk This does not take into account actual threats that exist, that can be mitigated right now. We need to move to continuous monitoring - The answer is people, process and software OWASP – “We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas”
- 21. Threat Research Customer ACTIVEWATCH INCIDENTS Honey Pot Network Flow based Forensic Analysis Malware Forensic Sandboxing Intelligence Harvesting Grid Alert Logic Threat Manager Data Alert Logic Log Manager Data Alert Logic Web Security Manager Data Alert Logic ScanWatch Data Asset Model Data Customer Business Data Security Content Applied Analytics Threat Intelligence Research INPUTS Data Sources
- 22. Threat Research – Honeypots Honeypot Research Benefits Collect new and emerging malware Identify the source of the attacks Determine attack vectors Build a profile of the target industry
- 23. Threat Research – The Dark Web
- 24. How Cloud Defender Works Continuous protection from threats and exposures Big Data Analytics Platform Threat Intelligence & Security Content Alert Logic ActiveAnalytics Alert Logic ActiveIntelligence Alert Logic ActiveWatch 24 x 7 Monitoring & Escalation Data Collection Customer IT Environment Cloud, Hybrid On-Premises Web Application Events Network Events & Vulnerability Scanning Log Data Alert Logic Web Security Manager Alert Logic Threat Manager Alert Logic Log Manager Alert Logic ActiveAnalytics Alert Logic ActiveIntelligence Alert Logic ActiveWatch
- 25. Questions and Resources Resources All available under the “Attachments” tab of the webinar: • It’s Not You, It’s Me: Understanding the Shared Responsibility of Cloud Security • Includes 7 Best Practices for Cloud Security • The Anatomy of a Web Attack Infographic • Alert Logic Blog • DevOps - Top 10 tips for Security Professionals Blog Questions • Questions? Submit them to the presenter at anytime into the question box
- 26. Get Connected www.alertlogic.com @alertlogic linkedin.com/company/alert-logic alertlogic.com/resources/blog/ youtube.com/user/AlertLogicTV brighttalk.com/channel/11587
- 27. Thank you.
