SlideShare ist ein Scribd-Unternehmen logo

Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next? Security!

Als PPTX, PDF herunterladen
Outpost24
Outpost24

AWS, Azure and Google Cloud have disrupted the traditional infrastructure market. After realizing that security is a major roadblock to cloud adoption, they are putting money and effort to built-in security features. But hybrid setups remain a challenge for companies and there is a learning curve for security teams to be proficient on cloud. Find out how to choose the best toolset to secure your data in the cloud.

Technologie
1 von 35
Cloud Providers ate hosting companies’ lunch, what’s next? Security! John Stock and Sergio Loureiro, Product Managers 1
Objective 2 • Short intro on Cloud (IaaS/PaaS) adoption • Overview of cloud provider’ security tools • How to build a SOC with cloud providers’ tools • Benefits and cost analysis for cloud and hybrid infrastructures • Action plan
Cloud Providers disrupted the hosting market 3 • These are technology companies • They have the expertise • Pay per use business model • Very fast innovation cycle • Tailored for DevOps
Reasons Security is next 4 Tackling challenges: • Security is main obstacle to cloud adoption • Shared responsibility is great but cloud providers get the headlines Increasing revenues: • Security is an upsell opportunity • Cloud providers already have your data, applications and virtual machines (trust?), so they leverage this • Don’t leave the console! 
First headline back in 2011
Fast forward to 2018
Market success in spite of security FUD 7 source: https://www.rightscale.com/lp/state-of-the-cloud Customer Security Challenges - Assess a different kind of infrastructure - Time consuming permission process - Evaluate configurations for all instances and storage - Lack of expertise
DevOps paradigm shift helped • Ops were not agile enough for Dev • Infrastructure as code • APIs for everything • Need for automation • Value does not come from infrastructure
Growth of Container Adoption with DevOps Trend 9 DevOps advantages - Easy to package - Small teams - Scalability - Agility AWS and Azure have container services source: https://www.docker.com/what-container
Traditional Security is disrupted by Cloud • Shared responsibility • New layer of configuration (and misconfigurations) • Elasticity and Agile challenges • Changing IPs for VMs • License model • Cloud Shadow IT • New cloud services every week • APIs for everything publicly accessible
Overview of AWS and Azure security capabilities 11 AWS - Security Groups (firewall) - Trusted Advisor (high level) - Inspector (assessment) - Key Management Service - Identity and Access Management - Macie (DLP) - GuardDuty (threat detection) - Shield (DoS) - WAF (WAF) Azure - Azure Security Center - Security Groups (firewall) - Key Vault - Endpoint Protection - VM agent - …
Challenges with AWS and Azure? 2 different approaches 12 AWS: you put all security services together Azure: Security Center wants to be your SOC Google: Command Center me too (alpha)
IaaS Security = CSPM + CWSS + CWPP 13 • Cloud Security Posture Management • Cloud Workload Security Service • Cloud Workload Protection Platform Some features available on CASB (Cloud Access Security Brokers)
Cloud Controls - Top 3 Approaches Operations Hygiene Core CWPP Additional • CIS AWS benchmark • CIS Azure benchmark • CIS Docker benchmark • CIS Kubernetes bench.
CWPP Source: Gartner Market Guide to Cloud Workload Protection Platform 2017
Examples of CSPM: CIS AWS and CIS Azure Controls
Let’s draw a SOC for cloud assets 17 1. discovery of assets 2. workload security assessment + cloud configuration assessment 3. security automation for continuous assessment 4. protect, detect, respond, recover 5. extend to new kinds of assets
With Azure this means 18
With AWS this means 19 1. Slow start: Trusted Advisor 2. Agent: Inspector (limited set) 3. Log analysis: CloudWatch 4. Automation: CloudFormation, System Manager, Config, OpsWorks 5. Protection: GuardDuty
Quick features comparison 20 © 2018 Gartner, Inc.ID: 343562 Comparison of Cloud Console and Deployment Security GCP Stackdriver Logging (Cloud Security Command Center in Alpha Stage) AWS AWS CloudWatch, AWS CloudTrail AWS Guard Duty AWS Inspector AWS Trusted Advisor Azure Azure Monitor, Azure Operational Insights Advanced Threat Protection Azure Advisor Azure Security Center Visibility Tools Threat Protection Security Assessment Cloud Configuration Assessment Console and Deployment Security (Cloud Security Command Center in Alpha Stage) CSP Access Transparency AWS Organizations (Service Control Policies) Enterprisewide Policies and Constraints (Access Transparency in Beta Stage) Azure Management Groups © 2018 Gartner, Inc.ID: 343562 Comparison of Instance Security GCPAWS AWS Inspector AWS Systems Manager Azure Azure Security Center Microsoft Antimalware for Azure Update Management (Part of Azure Automation) Vulnerability Assessment Endpoint Protection Patch Management Instance Security Others comparison for Data Protection, Compliance, Logging/alerting, and Network: source Gartner Comparing Security Controls and Paradigms in AWS, Google Cloud Platform and Microsoft Azure
Let’s draw a SOC for a hybrid infrastructure 21 - 1st option: integrate your cloud SOC with legacy bare metal, virtualized or other cloud? - 2nd option: integrate your on premise SOC with cloud - This is a big difference between Azure and AWS: With Azure security center you can monitor non Azure assets (limited OS set)
Cost depends on where your data center of gravity is • Cloud in most use cases boils down to outbound bandwidth consumption • Storage and compute are cheap • Cloud security services have a price tag (free tiers are limited, Azure is simple) • Pricing models, e.g. pay per use vs licenses can play too • Example of AWS Inspector for vulnerability assessment • Migration costs Questions • Where are your data sources? • And your security requirements?
Simplifying SOC -> SIEM -> Logs -> Bandwidth AWS up to 10 TB Azure up to 10TB $0.087
Benefits analysis Pros cloud tools • Cloud tools are deeply integrated • Automation Cons cloud tools • Lock in risk (migrating data out of AWS and Azure will cost money) • Hybrid setups (not supported by AWS, 2 SOCs?)
The way forward
1. Integration of tools – Get everything together • Do your cost analysis • Compare traditional security features for CWPP (competition for lunch) • Marketplace tools are available • Deployment model • For CSPM start by CIS benchmarks: AWS, Azure, Docker and Kubernetes • Do an assessment now!
2. Continuous Workload Analytics – Shift left • DevOps is changing when, who and how security management is done • Using the IaaS Provider or Hypervisors APIs to integrate • Auto-discovery for elastic scenarios, zero configuration • Integration on CI/CD setups for DevOps, containers • Real-time alerts on configuration issues
3. Extend to new cloud services PaaS – Off the beaten track • API discovery and check best practices for every service • Not always possible to install agents • Serverless or FaaS • No best practices available
Conclusion • Great to have more choice, innovation by cloud providers is welcome • Integrated tools are better, don’t have to manage several point solutions • Lock-in risk = cost you a lot to move data out • Data sovereignty risk / compliance • Hybrid use case is challenging for cloud providers
Full Stack Cyber Risk Assessment 30 Combines all 3 into one solution Vulnerability Management identifies vulnerabilities Application Security evaluates applications Cloud & Container Security assesses configurations and workloads
Supporting Material • EWP web: https://outpost24.com/cloud-security • EWP white paper - https://marketing.outpost24.com/cloud-security-whitepaper • AWS best practices white paper - https://marketing.outpost24.com/aws-security- whitepaper Looking for more? • CIS benchmarks for Amazon AWS 1.2.0 and Microsoft Azure 1.0.0 • Gartner Cloud Workload Protection Platform (CWPP) research • Cloud Security Alliance Security Guidance version 4
Q & A
Use Case with AWS Elastic Map Reduce (EMR)
Use Case with AWS Elastic Map Reduce (EMR)
Use Case with AWS Elastic Map Reduce (EMR)

Empfohlen

Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security
Outpost24
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
Outpost24
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
Alert Logic
 
CSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen MiddleCSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen Middle
Alert Logic
 
Datacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGeeDatacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGee
Mediehuset Ingeniøren Live
 

Empfohlen

Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security
Outpost24
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
Outpost24
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
Alert Logic
 
CSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen MiddleCSS17: Dallas - Thawing the Frozen Middle
CSS17: Dallas - Thawing the Frozen Middle
Alert Logic
 
Datacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGeeDatacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGee
Mediehuset Ingeniøren Live
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Alert Logic
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Qualys
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Alert Logic
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
Veritis Group, Inc
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
Alert Logic
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Shared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public CloudShared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public Cloud
Alert Logic
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Alert Logic
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure Sentinel
Ashwin Patil, GCIH, GCIA, GCFE
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
Managed security services
Managed security servicesManaged security services
Managed security services
manoharparakh
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Alert Logic
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
Discover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & ManagementDiscover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & Management
Webindia Internet Services (Chennai) Pvt. Ltd.
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
CloudPassage
 
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
Amazon Web Services
 
Outpost24 Webinar - cloud security controls best practice
Outpost24 Webinar - cloud security controls best practiceOutpost24 Webinar - cloud security controls best practice
Outpost24 Webinar - cloud security controls best practice
Outpost24
 

Weitere ähnliche Inhalte

Was ist angesagt?

Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Qualys
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 

Was ist angesagt? (20)

Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
Shared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public CloudShared Security Responsibility in the AWS Public Cloud
Shared Security Responsibility in the AWS Public Cloud
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure Sentinel
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Managed security services
Managed security servicesManaged security services
Managed security services
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
 
Discover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & ManagementDiscover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & Management
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 

Ähnlich wie Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next? Security!

Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
Amazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
Amazon Web Services
 

Ähnlich wie Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next? Security! (20)

AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
 
Outpost24 Webinar - cloud security controls best practice
Outpost24 Webinar - cloud security controls best practiceOutpost24 Webinar - cloud security controls best practice
Outpost24 Webinar - cloud security controls best practice
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introduction
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps session
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
IaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysisIaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysis
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud Computing
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
 

Mehr von Outpost24

Mehr von Outpost24 (20)

Outpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystemOutpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystem
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdf
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
 
Outpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security ProgramOutpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security Program
 
Outpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theftOutpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theft
 
Outpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictionsOutpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictions
 
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface management
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
Outpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technologyOutpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technology
 
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
 
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
 
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
 
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
 
Outpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev ops
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Kürzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next? Security!

  • 1. Cloud Providers ate hosting companies’ lunch, what’s next? Security! John Stock and Sergio Loureiro, Product Managers 1
  • 2. Objective 2 • Short intro on Cloud (IaaS/PaaS) adoption • Overview of cloud provider’ security tools • How to build a SOC with cloud providers’ tools • Benefits and cost analysis for cloud and hybrid infrastructures • Action plan
  • 3. Cloud Providers disrupted the hosting market 3 • These are technology companies • They have the expertise • Pay per use business model • Very fast innovation cycle • Tailored for DevOps
  • 4. Reasons Security is next 4 Tackling challenges: • Security is main obstacle to cloud adoption • Shared responsibility is great but cloud providers get the headlines Increasing revenues: • Security is an upsell opportunity • Cloud providers already have your data, applications and virtual machines (trust?), so they leverage this • Don’t leave the console! 
  • 7. Market success in spite of security FUD 7 source: https://www.rightscale.com/lp/state-of-the-cloud Customer Security Challenges - Assess a different kind of infrastructure - Time consuming permission process - Evaluate configurations for all instances and storage - Lack of expertise
  • 8. DevOps paradigm shift helped • Ops were not agile enough for Dev • Infrastructure as code • APIs for everything • Need for automation • Value does not come from infrastructure
  • 9. Growth of Container Adoption with DevOps Trend 9 DevOps advantages - Easy to package - Small teams - Scalability - Agility AWS and Azure have container services source: https://www.docker.com/what-container
  • 10. Traditional Security is disrupted by Cloud • Shared responsibility • New layer of configuration (and misconfigurations) • Elasticity and Agile challenges • Changing IPs for VMs • License model • Cloud Shadow IT • New cloud services every week • APIs for everything publicly accessible
  • 11. Overview of AWS and Azure security capabilities 11 AWS - Security Groups (firewall) - Trusted Advisor (high level) - Inspector (assessment) - Key Management Service - Identity and Access Management - Macie (DLP) - GuardDuty (threat detection) - Shield (DoS) - WAF (WAF) Azure - Azure Security Center - Security Groups (firewall) - Key Vault - Endpoint Protection - VM agent - …
  • 12. Challenges with AWS and Azure? 2 different approaches 12 AWS: you put all security services together Azure: Security Center wants to be your SOC Google: Command Center me too (alpha)
  • 13. IaaS Security = CSPM + CWSS + CWPP 13 • Cloud Security Posture Management • Cloud Workload Security Service • Cloud Workload Protection Platform Some features available on CASB (Cloud Access Security Brokers)
  • 14. Cloud Controls - Top 3 Approaches Operations Hygiene Core CWPP Additional • CIS AWS benchmark • CIS Azure benchmark • CIS Docker benchmark • CIS Kubernetes bench.
  • 15. CWPP Source: Gartner Market Guide to Cloud Workload Protection Platform 2017
  • 16. Examples of CSPM: CIS AWS and CIS Azure Controls
  • 17. Let’s draw a SOC for cloud assets 17 1. discovery of assets 2. workload security assessment + cloud configuration assessment 3. security automation for continuous assessment 4. protect, detect, respond, recover 5. extend to new kinds of assets
  • 18. With Azure this means 18
  • 19. With AWS this means 19 1. Slow start: Trusted Advisor 2. Agent: Inspector (limited set) 3. Log analysis: CloudWatch 4. Automation: CloudFormation, System Manager, Config, OpsWorks 5. Protection: GuardDuty
  • 20. Quick features comparison 20 © 2018 Gartner, Inc.ID: 343562 Comparison of Cloud Console and Deployment Security GCP Stackdriver Logging (Cloud Security Command Center in Alpha Stage) AWS AWS CloudWatch, AWS CloudTrail AWS Guard Duty AWS Inspector AWS Trusted Advisor Azure Azure Monitor, Azure Operational Insights Advanced Threat Protection Azure Advisor Azure Security Center Visibility Tools Threat Protection Security Assessment Cloud Configuration Assessment Console and Deployment Security (Cloud Security Command Center in Alpha Stage) CSP Access Transparency AWS Organizations (Service Control Policies) Enterprisewide Policies and Constraints (Access Transparency in Beta Stage) Azure Management Groups © 2018 Gartner, Inc.ID: 343562 Comparison of Instance Security GCPAWS AWS Inspector AWS Systems Manager Azure Azure Security Center Microsoft Antimalware for Azure Update Management (Part of Azure Automation) Vulnerability Assessment Endpoint Protection Patch Management Instance Security Others comparison for Data Protection, Compliance, Logging/alerting, and Network: source Gartner Comparing Security Controls and Paradigms in AWS, Google Cloud Platform and Microsoft Azure
  • 21. Let’s draw a SOC for a hybrid infrastructure 21 - 1st option: integrate your cloud SOC with legacy bare metal, virtualized or other cloud? - 2nd option: integrate your on premise SOC with cloud - This is a big difference between Azure and AWS: With Azure security center you can monitor non Azure assets (limited OS set)
  • 22. Cost depends on where your data center of gravity is • Cloud in most use cases boils down to outbound bandwidth consumption • Storage and compute are cheap • Cloud security services have a price tag (free tiers are limited, Azure is simple) • Pricing models, e.g. pay per use vs licenses can play too • Example of AWS Inspector for vulnerability assessment • Migration costs Questions • Where are your data sources? • And your security requirements?
  • 23. Simplifying SOC -> SIEM -> Logs -> Bandwidth AWS up to 10 TB Azure up to 10TB $0.087
  • 24. Benefits analysis Pros cloud tools • Cloud tools are deeply integrated • Automation Cons cloud tools • Lock in risk (migrating data out of AWS and Azure will cost money) • Hybrid setups (not supported by AWS, 2 SOCs?)
  • 26. 1. Integration of tools – Get everything together • Do your cost analysis • Compare traditional security features for CWPP (competition for lunch) • Marketplace tools are available • Deployment model • For CSPM start by CIS benchmarks: AWS, Azure, Docker and Kubernetes • Do an assessment now!
  • 27. 2. Continuous Workload Analytics – Shift left • DevOps is changing when, who and how security management is done • Using the IaaS Provider or Hypervisors APIs to integrate • Auto-discovery for elastic scenarios, zero configuration • Integration on CI/CD setups for DevOps, containers • Real-time alerts on configuration issues
  • 28. 3. Extend to new cloud services PaaS – Off the beaten track • API discovery and check best practices for every service • Not always possible to install agents • Serverless or FaaS • No best practices available
  • 29. Conclusion • Great to have more choice, innovation by cloud providers is welcome • Integrated tools are better, don’t have to manage several point solutions • Lock-in risk = cost you a lot to move data out • Data sovereignty risk / compliance • Hybrid use case is challenging for cloud providers
  • 30. Full Stack Cyber Risk Assessment 30 Combines all 3 into one solution Vulnerability Management identifies vulnerabilities Application Security evaluates applications Cloud & Container Security assesses configurations and workloads
  • 31. Supporting Material • EWP web: https://outpost24.com/cloud-security • EWP white paper - https://marketing.outpost24.com/cloud-security-whitepaper • AWS best practices white paper - https://marketing.outpost24.com/aws-security- whitepaper Looking for more? • CIS benchmarks for Amazon AWS 1.2.0 and Microsoft Azure 1.0.0 • Gartner Cloud Workload Protection Platform (CWPP) research • Cloud Security Alliance Security Guidance version 4
  • 32. Q & A
  • 33. Use Case with AWS Elastic Map Reduce (EMR)
  • 34. Use Case with AWS Elastic Map Reduce (EMR)
  • 35. Use Case with AWS Elastic Map Reduce (EMR)

Hinweis der Redaktion

  1. Bio: PhD, 20 years on security, founder of SecludIt and CSA
  2. Back in 2009 when I started using AWS, a lot of people did not believe that they could create a new market (IaaS) and disrupt the hosting market. Well, now we have the numbers. The flexibility, agility and cost reduction are advantages that our customers keep telling us. IaaS has been an enabler for innovation and AWS and Azure have been very successful so far.
  3. Proud to be one of the first to put AWS on the headlines, but a lot of vulnerabilities we’ve found concerned misconfigurations by enterprises using AWS, such as leaving private data in public virtual machines (22%) We’ve published a paper, the results are a bit old but the recommendations still apply.
  4. Examples of customer misconfigurations putting AWS in the headlines, the low hanging fruit is usually S3 buckets with open permissions
  5. Let’s stay out of the headlines and the FUD. So, IaaS is a great value proposition. On the other hand, let’s focus on the customer security challenges to be addressed.
  6. In parallel, we have been assisting to other wave of innovation around DevOps. And cloud has enabled Dev to address Ops in a more agile way.
  7. Cloud providers have been fueling all these new technological trends and transforming infrastructure in a commodity. And that’s way they are moving from IaaS to PaaS and other opportunities such as security.
  8. We have reviewed some of the trends beyond AWS and Azure success and why the cloud providers are now starting to provide security tools. On the other hand, traditional security is disrupted by cloud Misconfiguration will give access to data, every service can give access to your data Just a short screenshot of Storage and Database options on AWS. There are many options and each one has a set of security best practices. New security challenges for traditional solutions to be elastic and agile And API bring added attack surface.
  9. AWS and Azure are entering the security market with a bunch of tools with fancy names. I do not have time to go into details on each one, I’ll focus more on workload security and configuration assessment (not network security, data security or compliance) Most part of times these tools have less features but are deeply integrated and fully automated.
  10. From a customer perspective what are the challenges? AWS: more flexible, more mature tools but you’ve to construct everything and one price and pricing model per feature. For instance inspector is per #VMs and #assessments Azure : everything integrated in the azure security center, hybrid as well and one bundled price for everything. Of course you can get your puzzle wrong but the frame is there with Azure.
  11. Let’s step back and highlight the requirements for our SOC cloud. According to Gartner you need to take care of 3 things for full stack security. We have been talking a lot about misconfigurations and that’s what the CSPM market is about. Helping customers get their cloud configurations right. CWSS you have to check the configurations, example of your firewalls. And with the shared responsibility model, you are still responsible for the workloads.
  12. What does that means? The 3 approaches Gartner covers the Core workload protection strategies CIS addresses benchmarks for CSPM To go deeper there is extensive research about cloud security CSA covers Essential characteristics, PaaS and IaaS service models, and Public-Private-Hybrid deployment models Outpost24 acquired SecludIT in January 2018, a cloud security pioneer and founding member of CSA
  13. Zooming into the pyramid CWPP from Gartner Critical stuff in the bottom of the pyramid AWS and Azure have some solutions for each of these layers.
  14. Here are some examples of controls of CIS AWS and CIS Azure AWS and Azure do not implement everything
  15. Getting a more concrete Following the NIST framework, let’s now focus on how to build a First procedure one-shot, then automation
  16. So, you have to subscribe to the standard tier that has all this. Basically you pay 14.6 dollars for each server per month and that’s all, databases and app services have a price too. Once you’ve done this you have a dashboard with all the categories. Easy and while a lot of features are still in preview this gives us the azure vision. You’ve hygiene that corresponds to CSPM and then threat protection and cloud defense for your workloads. With alerts, metrics.
  17. Remember the puzzle, with AWS is up to you to build your SOC among these tools. So more flexible and more generic services (not only security) but customers have to build it. I tried to give a plan step by step to help. Trusted advisor is very simple, covers more than security, limited Inspector run on some OS https://docs.aws.amazon.com/inspector/latest/userguide/inspector_supported_os_regions.html, for example 4 windows servers Different pricing models: trusted advisor premium on premium support plans, inspector per agent – assessment, https://aws.amazon.com/inspector/pricing/ Cloudwatch depends on #metrics, #alarms, size of logs, Api, dashborads, #events Guardduty depends on VPC flow log and DNS log analysis and AWS Cloudtrail event analysis ?!
  18. If you are interest in features comparison and maybe considering Google, Gartner has a long study. I’ve been focusing on configuration assessment and workload assessment, so this boils down to the console and instance security No big differences between Azure and AWS, the antimalware and the non-azure assets that can be monitored. Google is lagging but data tools seems very promising
  19. Sometimes enterprises have legacy 
  20. I know that not everybody agrees with the storage and compute being cheap, but having managed a small datacenter before and taking into account all the costs and specially if you have elastic consumption With AWS is harder to make a cost analysis Compliance requirements and data sovereignty are important factors that I did not tackle but with regions and data security tools today is possible to address these
  21. To give you a starting point on the cost analysis and doing a big simplification Inside can make a difference AWS can be hard to estimate outside bandwidth
  22. Security vendors like us will also put the TTP as a con. You’re not buying a anti-virus from Microsoft to protect Microsoft workloads right? Cost planning with AWS is hard
  23. Strange thing from AWS and Azure there is no straightforward way to assess for CIS AWS or Azure Agents vs Virtual appliances for Azure and AWS for private workloads (data storage)
  24. Automation SecDevOps DevOps use case - application security
  25. It is important to choose a security vendor that follows and adapt to new cloud services. API vs not API checks Full stack CSA Refer to our inclusion on the Gartner report on securing serverless PaaS AWS Lambda started in 2014
  26. Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc. New services not always covered, speed of innovation vs speed of security
  27. Focus on identify -> measure / KPIs Support hybrid infra Full stack Orchestration and integration CI/CD possible by API Virtual appliances available for Azure and AWS for private assets (data sovereignty scenarios) Managed Services, Snapshot and Professional Services plans available
  28. 3 backup questions: -where to start? -it seems that azure has a better approach, what do you think? -devops shift left in all this? Serverless? -I’m migrating to cloud. Most part of my data is on prem but this will change. I did not find the answer to my case?
  29. Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.
  30. Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.
  31. Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.