2. The Cloud Is Secure
AWS has all the tools you need to secure your cloud!
• AWS WAF
• CloudFront
• Security Groups
• AWS Artifact
• Certificate Manager
• AWS Cloud HSM
• Amazon Cognito
• AWS Firewall Manager
• Macie
• GuardDuty
• AWS IAM
• Inspector
• AWS Config
• AWS KMS
• Amazon Macie
• AWS Shield
• AWS Secrets Manager
• AWS SSO
3. Sometimes…you might wonder what could go wrong?
• Through 2022, at least 95% of cloud security failures will be the customer’s
fault – Gartner
• More than 1.5 billion sensitive corporate and other files are visible on the
public internet due to human error – Digital Shadows
• 88% of Java applications had at least one component-based vulnerability,
56% of all PHP apps had at least one SQLi vulnerability - Veracode
4. Cloud Has Disrupted Traditional Security
Agility & Automation Hyper-scalability
8. Web App Attacks – King of the Hill
WEB APP
ATTACK
DoS / DDoS
1% Other
1%
75%
DOS/DDOS
1% OTHER
1%
SERVER-SIDE
MALWARE
2%
RECON
5%
BRUTE
FORCE
5%
SQL INJECTION
55% REMOTE
CODE
EXECUTION
22%
XXE
3%
APACHE
STRUTS
RCE
6%
WEB APP
ATTACK
RECON
5%
FILE
UPLOAD
6%
OTHER
4%
SECURITY INCIDENT TYPES ESCALATED
13. Enter Machine Learning
Over nine months :
8-10% of the customers we
monitored were targeted by
actors with better-than-
average levels of skill and
determination
Each attack
had a High
degree of
complexity
Identified,
approx. 231
attacks
14. Multi-stage Attacks
Time: Day 1
Event: Early stage recon event
Criticality: Medium
Time: Day 3
Event: SQL Injection recon
Criticality: Medium
Time: Day 4
Event: SQL table enumeration
Criticality: High
Time: Day 4
Event: Injection
Criticality: Critica
Situation: Multiple address spaces and disparate unrelated events over days
15. Behind the Data
Web apps and misconfigurations can be the final destination…or initial entry
point
Perimeter AND Network AND
System /log-based Detection
defend your hosts
see N / S / E / W in all of your
protected environments
WAF blocking/virtual patching,
IDS, and log monitoring as air
cover as you burn down your
web app vulnerabilities
• Redistribute malware directly / indirectly
(exploit kits / watering hole)
• Monetization through fraud (SEO, Coin Mining,
Spam)
• Entry point into Infrastructure
• Lateral movement, privilege escalation
• Steal data (exfiltration of information from
databases)
17. Best Practices
Know your Shared
Security Responsibilities
with AWS
Attack surface
isn’t just where
your data resides
Continually assess for
exposures across all
environments
Understand impacts
from applicable
compliance mandates
Implement controls
built for cloud…and
work on-premises
19. Alert Logic Cloud Security Report 2017
550 DAYS
AUG 1, 2015 – JAN 31 2017
2,207,795 INCIDENTS
TOTAL TRUE POSITIVE SECURITY INCIDENTS
ANALYZED
32.5 MILLION EVENTS
DRIVING ESCALATED INCIDENTS
147 PETABYTES
OF DATA ANALYZED
3807 CUSTOMERS
ANALYZED
452 INDUSTRIES
ACROSS 3 CONTINENTS
20. Who Can I Speak To?
Need 1-on-1 time with Security Experts?
Speak to Alert Logic to have all your questions
answered.
Alert Logic 2017 Cloud Security Report
www.alertlogic.com