SlideShare a Scribd company logo

AWS Security Best Practices for Effective Threat Detection & Response

Download as PPTX, PDF
AlienVault, profile picture
AlienVault

The document outlines best practices for security monitoring on AWS, emphasizing the shared security model between AWS and users. Key recommendations include utilizing multi-factor authentication, tracking changes with CloudTrail, and implementing effective monitoring strategies to detect anomalies and vulnerabilities. It also highlights the importance of dynamic monitoring and visibility into API activity to mitigate risks associated with misconfigurations and unauthorized access.

Technology
Related topics:
Incident Response Threat Detection Amazon Web Services
1 of 19
Downloaded 58 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
AWS Security Monitoring Best Practices for Effective Threat Detection and Response
Introductions Russ Spitler VP of Product Strategy
Agenda Review of the AWS “Shared Security” Model Implications on Threat Detection Current state of Security in the Amazon AWS Cloud Effective Security Monitoring in AWS
AWS APPLICATION OPERATING SYSTEM NETWORK HYPERVISOR PHYSICAL AWS: Who’s really responsible?
AWS APPLICATION OPERATING SYSTEM NETWORK HYPERVISOR PHYSICAL User’s Responsibility Amazon’s Responsibility AWS: Who’s really responsible?
Plenty of advice on how to secure your AWS implementation: • Secure the root credentials with a strong password and multi-factor authentication • Use Multi-Factor Authentication for all admin accounts • AWS VPC security • AWS EC2 security: Use roles with minimal permissions to make API calls from within EC2. • Use CloudTrail to track changes made to the environment via API calls. • Make use of intrusion detection and log analysis in your environment • For more complex environments, use SAML to establish a single sign-on (SSO) for your AWS management. AWS: Shared Security Model AWS APPLICATION OPERATING SYSTEM NETWORK HYPERVISOR PHYSICAL
AWS: Shared Security Model AWS APPLICATION OPERATING SYSTEM NETWORK HYPERVISOR PHYSICAL So how do you monitor your environment? How do you detect the latest threats? What we do know is if an environment can be compromised, it WILL be compromised.
AWS: What is effective monitoring?  View user activity  Detect known malicious behavioral patterns  Identify anomalous activity  Audit best practices and secure configuration  Dynamically adapt to a changing environment
AWS APPLICATION OPERATING SYSTEM NETWORK HYPERVISOR PHYSICAL Dynamic environment Restricted Deployment Monitoring in a shared world New Features
In other words… • What services are my users using? • Who terminated my instance? • Do any of my instances have known vulnerabilities? • Has anyone updated my security groups? • Do I have any of my services publicly accessible?
Failure to use Security Groups – more than 20,000 databases are publically accessible in one Amazon region alone. (9 Regions total). Failure to manage credentials – unrestricted AWS credentials used in deployments Hackers are stealing compute power with stolen AWS API credentials Hackers are using stolen servers as command and control servers. AWS: The Current State Of Security
• Heavily Restricted Deployment Environment • New Security Model With New Features • Dynamic Environment Online Retailer- “CloudTrail is a great start, but I need to understand what it is saying.” “I just don’t have visibility into when Amazon’s security features are working.” “The stuff I bought for my other datacenter just doesn’t work here.” “I’m not sure if my developers are exposing the company to more risk.” “It is my impression that this is not Amazon’s fault that these issues exist. Most of the vulnerabilities this year are from misconfigurations or small things where the developers working on applications made mistakes” – Andres Riancho @ BlackHat The Security Problem Opportunity
What is effective monitoring in AWS?  Dynamically scalable monitoring  Visibility into the API activity  Assessment of the environment’s configuration AWS APPLICATION OPERATING SYSTEM NETWORK HYPERVISOR PHYSICAL
USM for AMAZON Heavily Restricted Deployment • Vulnerability Scanning • API Audit Logs Analysis New Security Model • AWS Infrastructure Assessment Dynamic Environment • Log Management • Asset Discovery • CloudTrail Logs Integration Native Cloud Features • Horizontally scalable storage and correlation • Automated Deployment in your environment from AWS
AUTOMATED ASSET DISCOVERY – Manage security the way your infrastructure is managed. Automatically inventory running instances Full visibility into AWS meta-data for forensics analysis Map all security data back to Amazon instance-ID’s for real cloud forensics AMAZON INFRASTRUCTURE ASSESSMENT – Double check use of AWS security primitives and detect changes. Detect insecure configuration of network access controls Remotely assessable service ports. Remotely assessable management ports. VPC subnet Security Group Security GroupSecurity Group Core Features
LOG MANAGEMENT & CORRELATION – Monitor your applications & systems for compliance & security. Monitor your applications to detect behavioral changes Secure storage for compliance S3 & CloudWatch Log integration for ease of management CLOUDTRAIL MONITORING & ALERTING – Notification of environmental changes & abuse. Monitor full API audit log Monitor and alert on critical environment updates Monitor and alert on malicious behavior Core Features
VULNERABILITY ASSESSMENT – Stay ahead of vulnerabilities & understand your exposure. Elastically assess your infrastructure Auto-Notification of new instances Secure, authenticated scans with low-overhead ELASTIC SCALABILITY Horizontally scales as you grow. CloudFormation templates for easy provisioning Priced for elastic environments. Auto-Scaling Group Core Features
Lets See It In Action
888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Questions? Download a Free 15-Day Trial http://www.alienvault.com/free-trial Check out our Solution Brief: AlienVault Unified Security Management for AWS http://www.alienvault.com/resource-center/solution- briefs/alienvault-unified-security-management-for-aws Reach out to us • rgeorgian@alienvault.com • Hello@alienvault.com • Twitter: @AlienVault

More Related Content

PPTX
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
PPTX
Creating Correlation Rules in AlienVault
AlienVault
 
PPTX
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
PDF
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
PPTX
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
PPTX
Beginner's Guide to SIEM
AlienVault
 
PPTX
Six Steps to SIEM Success
AlienVault
 
PPTX
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
Creating Correlation Rules in AlienVault
AlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
Beginner's Guide to SIEM
AlienVault
 
Six Steps to SIEM Success
AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 

What's hot (20)

PPTX
Incident response live demo slides final
AlienVault
 
PPTX
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
PPTX
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
PPTX
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Qualys
 
PPTX
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
PPTX
Configuring Data Sources in AlienVault
AlienVault
 
PDF
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
PPTX
How Malware Works
AlienVault
 
PPTX
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
PPTX
SIEM 101: Get a Clue About IT Security Analysis
AlienVault
 
PPTX
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
AlienVault
 
PPTX
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
PPTX
Securing Your Public Cloud Infrastructure
Qualys
 
PDF
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
PPTX
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
PPTX
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Qualys
 
PDF
Managing third party libraries
n|u - The Open Security Community
 
PPTX
#ALSummit: Live Cyber Hack Demonstration
Alert Logic
 
Incident response live demo slides final
AlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Qualys
 
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Configuring Data Sources in AlienVault
AlienVault
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
How Malware Works
AlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
SIEM 101: Get a Clue About IT Security Analysis
AlienVault
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
AlienVault
 
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
Securing Your Public Cloud Infrastructure
Qualys
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Qualys
 
Managing third party libraries
n|u - The Open Security Community
 
#ALSummit: Live Cyber Hack Demonstration
Alert Logic
 
Ad

Viewers also liked (16)

PPT
Best Practices for Leveraging Security Threat Intelligence
AlienVault
 
PDF
AWS Security Best Practices (March 2017)
Julien SIMON
 
PPTX
Managing Security with Splunk Enterprise
Splunk
 
PPTX
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
PPTX
The Evolution of IDS: Why Context is Key
AlienVault
 
PPTX
How to Leverage Log Data for Effective Threat Detection
AlienVault
 
PPTX
Improve threat detection with hids and alien vault usm
AlienVault
 
PPTX
OSSIM User Training: Get Improved Security Visibility with OSSIM
AlienVault
 
PPTX
How to Detect SQL Injections & XSS Attacks with AlienVault USM
AlienVault
 
PDF
PCI DSS Implementation: A Five Step Guide
AlienVault
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
PPTX
Alienvault threat alerts in spiceworks
AlienVault
 
PDF
Security operations center 5 security controls
AlienVault
 
PDF
Insider Threat Detection Recommendations
AlienVault
 
PPTX
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
PPTX
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Best Practices for Leveraging Security Threat Intelligence
AlienVault
 
AWS Security Best Practices (March 2017)
Julien SIMON
 
Managing Security with Splunk Enterprise
Splunk
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
The Evolution of IDS: Why Context is Key
AlienVault
 
How to Leverage Log Data for Effective Threat Detection
AlienVault
 
Improve threat detection with hids and alien vault usm
AlienVault
 
OSSIM User Training: Get Improved Security Visibility with OSSIM
AlienVault
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
AlienVault
 
PCI DSS Implementation: A Five Step Guide
AlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
Alienvault threat alerts in spiceworks
AlienVault
 
Security operations center 5 security controls
AlienVault
 
Insider Threat Detection Recommendations
AlienVault
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Ad

Similar to AWS Security Best Practices for Effective Threat Detection & Response (9)

PDF
Security Best Practices_John Hildebrandt
Helen Rogers
 
PDF
Security and Compliance Better on AWS_John Hildebrandt
Helen Rogers
 
PPTX
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
PDF
Segurança de Ponta a Ponta na AWS
Alexandre Santos
 
PDF
Information Security in AWS - Dave Walker
East Midlands Cyber Security Forum
 
PDF
1. aws security and compliance wwps pre-day sao paolo - markry
Amazon Web Services LATAM
 
PPTX
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
Alert Logic
 
PPTX
Blue Chip Tek Connect and Protect Presentation #3
Kimberly Macias
 
PDF
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
Amazon Web Services Korea
 
Security Best Practices_John Hildebrandt
Helen Rogers
 
Security and Compliance Better on AWS_John Hildebrandt
Helen Rogers
 
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
Segurança de Ponta a Ponta na AWS
Alexandre Santos
 
Information Security in AWS - Dave Walker
East Midlands Cyber Security Forum
 
1. aws security and compliance wwps pre-day sao paolo - markry
Amazon Web Services LATAM
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
Alert Logic
 
Blue Chip Tek Connect and Protect Presentation #3
Kimberly Macias
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
Amazon Web Services Korea
 

More from AlienVault (10)

PDF
Malware Invaders - Is Your OS at Risk?
AlienVault
 
PPTX
Malware detection how to spot infections early with alien vault usm
AlienVault
 
PDF
The State of Incident Response - INFOGRAPHIC
AlienVault
 
PPTX
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
AlienVault
 
PDF
Alien vault sans cyber threat intelligence
AlienVault
 
PPTX
Security by Collaboration: Rethinking Red Teams versus Blue Teams
AlienVault
 
PPTX
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
AlienVault
 
PPTX
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
PPTX
Spice world 2014 hacker smackdown
AlienVault
 
PPTX
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
Malware Invaders - Is Your OS at Risk?
AlienVault
 
Malware detection how to spot infections early with alien vault usm
AlienVault
 
The State of Incident Response - INFOGRAPHIC
AlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
AlienVault
 
Alien vault sans cyber threat intelligence
AlienVault
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
AlienVault
 
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
AlienVault
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
Spice world 2014 hacker smackdown
AlienVault
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 

Recently uploaded (20)

PDF
[발표본] 너의 과제는 클라우드에 있어_KTDS_김동현_20250524.pdf
ssuserf8b8bd1
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
[발표본] 너의 과제는 클라우드에 있어_KTDS_김동현_20250524.pdf
ssuserf8b8bd1
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Teaching material agriculture food technology
LiaRayya
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
KodekX | Application Modernization Development
KodekX
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 

AWS Security Best Practices for Effective Threat Detection & Response

  • 1. AWS Security Monitoring Best Practices for Effective Threat Detection and Response
  • 3. Agenda Review of the AWS “Shared Security” Model Implications on Threat Detection Current state of Security in the Amazon AWS Cloud Effective Security Monitoring in AWS
  • 6. Plenty of advice on how to secure your AWS implementation: • Secure the root credentials with a strong password and multi-factor authentication • Use Multi-Factor Authentication for all admin accounts • AWS VPC security • AWS EC2 security: Use roles with minimal permissions to make API calls from within EC2. • Use CloudTrail to track changes made to the environment via API calls. • Make use of intrusion detection and log analysis in your environment • For more complex environments, use SAML to establish a single sign-on (SSO) for your AWS management. AWS: Shared Security Model AWS APPLICATION OPERATING SYSTEM NETWORK HYPERVISOR PHYSICAL
  • 7. AWS: Shared Security Model AWS APPLICATION OPERATING SYSTEM NETWORK HYPERVISOR PHYSICAL So how do you monitor your environment? How do you detect the latest threats? What we do know is if an environment can be compromised, it WILL be compromised.
  • 8. AWS: What is effective monitoring?  View user activity  Detect known malicious behavioral patterns  Identify anomalous activity  Audit best practices and secure configuration  Dynamically adapt to a changing environment
  • 10. In other words… • What services are my users using? • Who terminated my instance? • Do any of my instances have known vulnerabilities? • Has anyone updated my security groups? • Do I have any of my services publicly accessible?
  • 11. Failure to use Security Groups – more than 20,000 databases are publically accessible in one Amazon region alone. (9 Regions total). Failure to manage credentials – unrestricted AWS credentials used in deployments Hackers are stealing compute power with stolen AWS API credentials Hackers are using stolen servers as command and control servers. AWS: The Current State Of Security
  • 12. • Heavily Restricted Deployment Environment • New Security Model With New Features • Dynamic Environment Online Retailer- “CloudTrail is a great start, but I need to understand what it is saying.” “I just don’t have visibility into when Amazon’s security features are working.” “The stuff I bought for my other datacenter just doesn’t work here.” “I’m not sure if my developers are exposing the company to more risk.” “It is my impression that this is not Amazon’s fault that these issues exist. Most of the vulnerabilities this year are from misconfigurations or small things where the developers working on applications made mistakes” – Andres Riancho @ BlackHat The Security Problem Opportunity
  • 13. What is effective monitoring in AWS?  Dynamically scalable monitoring  Visibility into the API activity  Assessment of the environment’s configuration AWS APPLICATION OPERATING SYSTEM NETWORK HYPERVISOR PHYSICAL
  • 14. USM for AMAZON Heavily Restricted Deployment • Vulnerability Scanning • API Audit Logs Analysis New Security Model • AWS Infrastructure Assessment Dynamic Environment • Log Management • Asset Discovery • CloudTrail Logs Integration Native Cloud Features • Horizontally scalable storage and correlation • Automated Deployment in your environment from AWS
  • 15. AUTOMATED ASSET DISCOVERY – Manage security the way your infrastructure is managed. Automatically inventory running instances Full visibility into AWS meta-data for forensics analysis Map all security data back to Amazon instance-ID’s for real cloud forensics AMAZON INFRASTRUCTURE ASSESSMENT – Double check use of AWS security primitives and detect changes. Detect insecure configuration of network access controls Remotely assessable service ports. Remotely assessable management ports. VPC subnet Security Group Security GroupSecurity Group Core Features
  • 16. LOG MANAGEMENT & CORRELATION – Monitor your applications & systems for compliance & security. Monitor your applications to detect behavioral changes Secure storage for compliance S3 & CloudWatch Log integration for ease of management CLOUDTRAIL MONITORING & ALERTING – Notification of environmental changes & abuse. Monitor full API audit log Monitor and alert on critical environment updates Monitor and alert on malicious behavior Core Features
  • 17. VULNERABILITY ASSESSMENT – Stay ahead of vulnerabilities & understand your exposure. Elastically assess your infrastructure Auto-Notification of new instances Secure, authenticated scans with low-overhead ELASTIC SCALABILITY Horizontally scales as you grow. CloudFormation templates for easy provisioning Priced for elastic environments. Auto-Scaling Group Core Features
  • 18. Lets See It In Action
  • 19. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Questions? Download a Free 15-Day Trial http://www.alienvault.com/free-trial Check out our Solution Brief: AlienVault Unified Security Management for AWS http://www.alienvault.com/resource-center/solution- briefs/alienvault-unified-security-management-for-aws Reach out to us • rgeorgian@alienvault.com • Hello@alienvault.com • Twitter: @AlienVault

Editor's Notes

  • #7: So how do you monitor your environment? How do you detect the latest threats? What we do know is if an environment can be compromised, it WILL be compromised.
  • #8: So how do you monitor your environment? How do you detect the latest threats? What we do know is if an environment can be compromised, it WILL be compromised.