Realities of Security in the Cloud
0 likes181 views
This document discusses security in the cloud and provides recommendations. It summarizes that while the cloud provides tools to enhance security, customers are still responsible for 95% of security failures due to human error. It then outlines some key findings: 1) customers must secure their entire attack surface, 2) vulnerabilities can emerge from an organization's code, configurations, and inherited issues, and 3) hybrid environments see more security incidents than public cloud alone. The document recommends that organizations find and fix vulnerabilities across their platforms, block known bad traffic, remain vigilant through monitoring, and achieve compliance as an outcome rather than a box-checking exercise. It positions Alert Logic as a partner that can help with these recommendations through anomaly detection, leveraging multiple detection
Realities of Security in the Cloud
- 1. Thank you.
- 2. REALITY CHECK: SECURITY IN THE CLOUD Charles Johnson Director, Sales Engineering – US WEST
- 3. The Cloud Is Secure AWS has all the tools you need to secure your cloud! • AWS WAF • CloudFront • Security Groups • AWS Artifact • Certificate Manager • AWS Cloud HSM • Amazon Cognito • AWS Firewall Manager • Guardduty • AWS IAM • Inspector • AWS KMS • Amazon Macie • AWS Shield • AWS Secrets Manager • AWS SSO
- 4. Sometimes… • Through 2022, at least 95% of cloud security failures will be the customer’s fault – Gartner • More than 1.5 billion sensitive corporate and other files are visible on the public internet due to human error – Digital Shadows • 88% of Java applications had at least one component-based vulnerability, 56% of all PHP apps had at least one SQLi vulnerability - Veracode • Attackers are outpacing enterprises with technology such as machine learning and artificial intelligence (AI) – Ponemon/ServiceNow
- 5. Alert Logic Security Operations Center
- 6. Alert Logic Cloud Security Report 2017 CONFIDENTIAL 550 DAYS AUG 1, 2015 –JAN 31 2017 3807 CUTOMERS ANALYZED 452 SIC CODES ACROSS 3 CONTINENTS 32.5 MILLION EVENTS DRIVING ESCALATED INCIDENTS 147 PETABYTES OF DATA ANALYZED 2,207,795 TOTAL TRUE POSITIVE SECURITY INCIDENTS ANALYZED
- 7. Key Findings 1. Watch your whole Attack Surface 2. Vulnerabilities have Emergent Properties 3. The Hybrid Chasm is real 4. No one detection method is enough
- 8. WEB APP… Brute Force 16% Recon 5% Server-side Malware 2% DoS / DDoS 1% Other 1% 75 % DOS/DDOS 1% OTHER 1% SERVER-SIDE MALWARE 2% RECON 5% Web App Attacks – King of the Hill BRUTE FORCE 5% SQL INJECTION 55% REMOTE CODE EXECUTION 22% XXE 3% APACHE STRUTS RCE 6% WEB APP ATTACK RECON 5% FILE UPLOAD 6% OTHER 4% SECURITY INCIDENT TYPES ESCALATED
- 9. Increasing vulnerabilities at every layer Vulnerabilities in YOUR CODE Vulnerabilities in YOUR CONFIGS Vulnerabilities YOU INHERIT
- 10. Workload Environments Impact Incident Volumes 2.5x more security incidents observed in Hybrid vs Public Cloud 51% higher rate of security incidents in on premises vs Cloud AVERAGE PER CUSTOMER SECURITY INCIDENT COUNTS
- 11. Ok, Now what? • Find the Vulnerabilities - DON’T FORGET PLATFORM • Block Known Bad • Always Be Watching • Compliance is an Outcome
- 12. Alert Logic can help!
- 13. Address Vulnerabilities Source: SC Magazine: scmagazine.com/one-year-later-heartbleed-still-a-threat/article/407803/ SHELLSHOCK HEARTBLEED % of Global 2000 Organizations Vulnerable to Heartbleed in August 2014: 76% April, 2015: 74% 359 of 6000 analyzed containers – Tenable, 2018
- 14. Leverage Multiple Detection Techniques
- 15. Anomaly Detection – Something Just Doesn’t Look Right
- 16. Multi-stage Application Attacks Appear As Noise
- 17. Enter Machine Learning Over nine months : 8-10% of the customers we monitored were targeted by actors with better-than-average levels of skill and determination Each attack had a High degree of complexity Identified, approx. 231 attacks
- 18. Multi-stage Attacks Time: Day 1 Event: Early stage recon event Criticality: Medium Time: Day 19 Event: SQL Injection recon Criticality: Medium Time: Day 38 Event: SQL table enumeration Criticality: High Time: Day 71 Event: Injection Criticality: Critica Situation: Multiple address spaces and disparate unrelated events over days
- 19. Compliance without ComplexityCompliance is an outcome!
- 20. Best Practices Know your Shared Security Responsibilities with AWS Attack surface isn’t just where your data resides Continually assess for exposures across all environments Understand impacts from applicable compliance mandates Implement controls built for cloud , containers, and DevOps
- 21. We can help
- 22. Thank you.