As you move your IT Infrastructure into the cloud, how secure can you expect your applications to be? Join Alert Logic and Internap on this webcast for an enlightening discussion on the state of cloud security and how it impacts security management decisions, especially in the context of deploying infrastructure to hosted and cloud environments.
2. Agenda
Introductions and Internap Overview
Security Drivers and Concerns - Industry Perspectives
Security Risk Evaluation – Service Provider vs. On-Premise
Questions?
#cloudsecurity
2
3. Today’s speakers & moderator
Marek Vesely
Mark Fitzgerald Chief Technology Officer
Manager, Casenet LLC
Infrastructure & Strategy
Turbine
John Freimuth Randy Rosenbaum
VP, Mgd Hstg & Partner Executive
Cloud Alert Logic
Internap
Moderator
#cloudsecurity
3
4. Our intelligent IT
Infrastructure solutions
can take your business
to a higher level.
3,700+ Enterprise Customers 500 Employees 2011 Revenue: $245M NASDAQ: INAP
#cloudsecurity
4
5. End user
to the
Performance
IT Vendor
IT Vendor
IT Vendor
IT Vendor
IT Vendor
IT Vendor
IT Vendor
Platform
Flexibility
#cloudsecurity 5
5
6. Performance
to the End user
Platform
Flexibility
IP Connectivity Colocation
• Enterprise IP • Space, Power, Cooling
• TCP Acceleration • Interconnection
Content Delivery Network Hosting
• Media Delivery, Transparent • Managed Hosting
Caching, Mobile Delivery • Dedicated Hosting
• Analytics
Cloud
• Private Cloud
• Public Cloud
• Cloud Storage
We live and breathe a full
range of intelligent IT
Infrastructure services
#cloudsecurity
6
7. Poll Question
What is your greatest
concern about a cloud
environment?
#cloudsecurity
7
8. What is top of mind today for
enterprises regarding
security and cloud services?
#cloudsecurity
9. Panel Question: Business Drivers
VP, IT
Dell SecureWorks
What business drivers
influence your security
decisions?
#cloudsecurity
9
10. Panel Question: Cloud Security Concerns
VP, IT
Dell SecureWorks
What are your security
concerns when using a
cloud environment?
#cloudsecurity
10
11. Panel Question: Levering Cloud Services
VP, IT
Given security Dell SecureWorks
requirements, how will
you leverage cloud in
the future?
#cloudsecurity
11
12. Poll Question
Which methods of
attack concerns you
most in terms of your
customers’ data?
#cloudsecurity
12
13. Security-‐as-‐a-‐Service
solu0ons
for
more
than
1,500
customers
Threat
Manager
Ac-veWatch
• Intrusion detection and vulnerability assessment
• PCI Approved Scanning Vendor (ASV)
• Custom dashboards and reports
• 24x7 monitoring and review services
Log
Manager
LogReview
• Log data collection and aggregation
• Identify suspicious activity and automatically issue
threat alerts
• Powerful search and reporting
• Daily analysis and review services
Web
Security
Manager
• Award-winning web application firewall
• Adaptive learning and easy tuning
• 24x7 monitoring for consistent protection
13
15. Alert Logic provides a rich data set
Threat data from more than 1500 customers
Customers
of
over
half
the
top
30
Consistently-‐
North
American
collected
data
service
providers
from
both
service
provider
and
on-‐premise
On-‐premise
enterprise
environments
environments
from
a
range
of
ver-cals
15
16. Customer Data Set
• Analyzed network
traffic from over 1600
customers
– 1300 + Managed
Hosting/Cloud
Customers
– 300 + On-Premise
Customers
16
Page 16
18. Security Incident Categories
INCIDENT
TYPE
DEFINITION
EXAMPLES
Applica-on
ALack
Exploit
aLempts
against
applica-ons
or
services
that
are
not
Buffer
overflow
running
over
HTTP
protocol
Brute
Force
Exploit
aLempts
enumera-ng
a
large
number
of
combina-ons,
Password
cracking
aLempts
typically
involving
numerous
creden-al
failures
Malware/Botnet
Ac-vity
Malicious
soUware
installed
on
a
host
engaging
in
unscrupulous
Conficker,
Zeus
botnet
ac-vity,
data
destruc-on,
informa-on
gathering
or
crea-on
of
backdoor.
Included
in
this
category
is
botnet
ac-vity:
post-‐
compromise
ac-vity
displaying
characteris-cs
of
command
and
control
communica-on
Misconfigura-on
Network/Host/Applica-on
configura-on
issues
that
introduce
Weak
patch
management,
possible
security
vulnerabili-es,
typically
a
result
of
inadequate
unnecessary
services
running
hardening
Reconnaissance
Reconnaissance
ac-vity
focused
on
mapping
the
networks,
Port
scans
and
fingerprin-ng
applica-ons
and/or
services
Vulnerability
Scan
Automated
vulnerability
discovery
in
applica-ons,
services
or
Unauthorized
Nessus
scan
protocol
implementa-ons
Web
Applica-on
ALack
ALacks
targe-ng
the
presenta-on,
logic
or
database
layer
of
web
SQL
injec-on
applica-ons
18
19. Metrics to answer basic questions
OCCURRENCE
FREQUENCY
THREAT
DIVERSITY
What
percentage
of
How
oUen
did
impacted
How
many
unique
threat
customers
were
impacted
customers
experience
types
did
customers
by
each
threat
type?
each
threat
type?
experience?
What
is
the
complexity
What
threats
are
actually
experienced
in
on-‐
of
the
threat
landscape
premise
vs
service
provider
environments,
and
(and
resul-ng
security
how
oUen?
program)?
19
21. Why Do We See Differences?
Size and Diversity Increase Attack Surface
21
22. What does this mean?
Cloud
and
Service
Provider
Managed
Environments
are
Not
Less
Secure
Good
Management
Yields
Good
Security
Smart
Enterprises
Should
Exploit
Differences
in
Risk
Profiles
Web
Applica-on
Security
is
a
Significant
Challenge
22
23. Use data to make security investment decisions
This is aggregate data; use your own IDS and log data
Review
log
data
to
detect
brute
force
Consider
Web
App
aLempts
Firewall,
network
IDS
Use
IDS
to
detect
suspicious
recon
Malware
protec-on
Pay
aLen-on
to
cri-cal
for
on-‐premises
configura-on
infrastructure
management,
patching
23 Source: Alert Logic State of Cloud Security, Spring 2012