CSS17: Atlanta - Realities of Security in the Cloud

Editor's Notes

• #9: Reasons to be targeted
• #10: Reasons to be targeted
• #12: ***Focus on Application Stack
• #13: Reasons to be targeted
• #14: Yahoo –disclosed a new security breach in Dec’16 that may have affected more than one billion accounts. The breach dates back to 2013 and is thought to be separate from a massive cybersecurity incident announced in September. Yahoo now believes an "unauthorized third party" stole user data from more than one billion accounts in August 2013. That data may have included names, email addresses and passwords, but not financial information.
• #15: The 5050 Skatepark, an 8,000-square-foot indoor park on Staten Island for skateboards, BMX bikes and scooters, rejiggered its passwords after being hit with a denial of service attack fall 2015 that made its website unavailable. The skatepark, which generated $100,000 in revenue in 2014, attracts skateboarders from all over the world, said one of its founders, Edward Pollio. Having the website closed down was a blow to revenue, he said. “The attack caused havoc,” said Mr. Pollio, who still has a day job as a carpenter. “People were asking if we were still in business. Not having a website is like being closed.” Now, 5050 Skatepark is more strict about its passwords; it follows longstanding recommendations to use different ones for different accounts, like on Instagram and Twitter. And Mr. Pollio, who helped start the business with $50,000 of his own savings, monitors the site every day.
• #17: 4 years ago in meetings we were being told the cloud was insecure, very boring Lets change this quote around “If you do it right, the public cloud can be more secure than your own datacentre” That is the key, that is what today is about – how do you do it right Issue is you can automate failure at scale
• #18: Why are we focused here? And how can we help you? Your applications drive your businesses – the top and bottom line - and are moving into the cloud – with more and more web apps leading the charge. You’re depending on cloud to 1. Enable faster app production 2. Provide access to better performance 3. Enable new business capabilities, innovate faster, enter new markets and build channels through web apps But traditional perimeter and host security can hold you back. Security controls not designed for the demands of web apps and cloud workloads can Create chokepoints in your app production and dev ops pipeline Create chokepoints in app or workload scaling Introduce risk as most are poorly suited for protecting web apps
• #19: And if you thought building a SOC on-premise sounds difficult, if you throw Cloud adoption by the business in to the mix you’ve got an ever more challenging situation. The vast majority of the technology you’ve invested in will not integrate with Cloud platforms or at best, will impact the dynamic, agile, efficient nature of the Cloud - often what business are looking to benefit from in the first place. Even if you manage to find tech that works (for now!!!), the likelihood is that it will be a version of a data center centric product that’s been adapted to Cloud, meaning the content and intelligence that drives the tool will mostly be irrelevant And finally you now need people with a whole set of Cloud expertise – given the hype surrounding Cloud these days, they will be expensive and in hot demand Article on Wired – job security – IT security Refer back to Forrester - challenges : 1 - managing security content 2 – mutli-vector attacks 3 - Costs 4 – threat intel skills 6 – staffing the SOC
• #20: Questions to the Audience – Hands Up - Basic Security – firewall etc - AWS environment - do you have IDS, Log, WAF etc - In-house - 24 x 7 Reasons why you are not doing it – tools on-prem to cloud
• #21: Process section
• #24: Alert Logic offers fully managed security, delivered as a service, to defend applications and workloads in cloud and hybrid environments. We protect your full application and infrastructure stack against sophisticated attacks using network components, OS, database, and application layers, Our solutions help teams like yours achieve core security outcomes at a lower cost than point product patchworks or traditional managed services offerings. These outcomes include: - Assessing your environment for vulnerabilities in software and cloud configurations - Detecting active attacks and getting timely notification to quickly react and remediate - Providing thorough and prioritized information to help you resolve vulnerabilities as well as take action on active attacks including escalation of incidents and blocking malicious traffic - And implementing controls, data archiving and reporting for both internal PCI, HIPAA and SOX COBIT And our approach is unique in that we deliver the entire security value chain using full stack protection, backed by powerful security analytics and a broad, coordinated team of security experts. Discovery Questions Are you familiar with Alert Logic’s solutions? Which solutions are you evaluating at this time? What solutions / security controls do you currently use? What does your current security environment look like?
• #25: When we put our big bet on cloud a few years ago it wasn’t just about superior defenses, it was about making them easy and fast to mobilize. More specifically: Time to value: Buy and launch security capabilities as soon as today, then expand by launching new security services that snap into a your single pane of glass when you’re ready Agility: Embed and automate security across your development, test and production pipeline through robust cloud API integration and a library of templates for AWS CloudFormation, Chef and Puppet Scale: Automatically scale protection with auto-scaling support for cloud workloads Preserve application performance and availability with out-of-band threat detection distributed across every cloud instance Discovery: What does your app production and cloud deployment environment look like (automation tools?) What frequency and volume of releases are typical for you? Which applications make most use of auto-scaling?
• #26: Cloud Defender is doing two things: First it will scan you AWS services looking for any configuration issues. At the same time it scans your instances and applications looking for known vulnerabilities. That information gets passed back to your team in the form of prioritized remediation actions so you take focus on the issues that will have the biggest positive impact with regards to your risk. While that is happening Cloud Defender is also collecting logs from your servers, apps, and AWS services, as well as network, web app events. This information is fed into an analytics platform. This platform analyzes the data, eliminating irrelevant events, and then, by applying threat intelligence and context generates actionable security events. These events are then vetted by a team of security experts, who have access to both the raw data that generated the event as well as a library of threat research that enables them to provide you with the context you need to understand the threat. You are then contacted about the incident and provided remediation recommendations. This helps you focus on eliminating the issues without having to become an expert in any one specific threat vector. Cloud Defender is always on, always working for you.
• #27: Industry analysts and influencers including Gartner, Forrester, 451 Group and SC Magazine have continually applauded and recognized our leadership position in protecting cloud application workloads. 451 is interesting – they just asked companies who they were using for cloud infrastructure security, and without prompting we topped the list. Gartner Magic Quadrants and Forrester Waves are either about software vendors or managed services vendors so our unique combination doesn’t fit perfectly in either one. But Forrester believes strongly enough in our combined approach that they placed us into their MSSP Wave where they credit us with having the strongest offering due to our cloud expertise, customer satisfaction, and usability. While we aren’t the traditional MSSP, Forrester’s ranking us as the leading MSSP the first year we were evaluated is a strong testament to the value of our approach and innovation. Discovery: Have you considered any of these service or tool-only vendors for cloud application workload security?
• #28: Our solutions are designed to support companies of all sizes, across all industries.  We are proud that over 4,000 companies, including many global household names, as well as high growth start-ups, use our products to ensure security and compliance of their IT environments. As you can see, some of the largest Fortune 500 companies in the world use Alert Logic to keep their environments safe, in addition to thousands of other medium size and commercial businesses.