Foundations of cloud security monitoring
2 likes570 views
The document outlines the foundational aspects of cloud monitoring, emphasizing various management tools such as Cloud Security Posture Management (CSPM) and Application Security Posture Management (ASPM). It highlights the importance of best practices in cloud security and the role of the Cloud Security Alliance in promoting secure cloud computing. Additionally, it details various niche areas such as Cloud Identity and Entitlement Management (CIEM) and Data Security Posture Management (DSPM), along with monitoring strategies and tools for effective cloud security management.
Foundations of cloud security monitoring
- 1. 1 w w w . o n l i n e c l o u d s e c . c o m Foundations of Cloud monitoring When the winds of change blow, some people build walls and others build windmills. Chinese Proverb Moshe Ferber CCSK, CCSP, CCAK, ACSP “ ”
- 2. 2 w w w . o n l i n e c l o u d s e c . c o m Foundations of Cloud monitoring Moshe Ferber CCSK, CCSP, CCAK, ACSP When the winds of change blow, some people build walls and others build windmills. Chinese Proverb “ ”
- 3. 3 w w w . o n l i n e c l o u d s e c . c o m About myself Cloud Security Course Schedule can be found at: http://www.onlinecloudsec.com/course-schedule Founder, partner and investor at various cyber initiatives and startups Popular industry speaker & lecturer (DEFCON, RSA, BLACKHAT, INFOSEC and more) Co-hosting the Silverlining IL podcast – security engineering Founding committee member for ISC2 CCSP , CSA CCSK, ISACA CCAK certifications Member of the board at Macshava Tova – Narrowing societal gaps Chairman of the Board, Cloud Security Alliance, Israeli Chapter Information security professional for over 20 years
- 4. 4 w w w . o n l i n e c l o u d s e c . c o m 01 Global, not-for-profit organization 02 Building security best practices for next generation IT 03 Research and Educational Programs 04 Cloud providers & security professionals Certifications 05 Awareness and Marketing 06 The globally authoritative source for Trust in the Cloud 4 w w w . o n l i n e c l o u d s e c . c o m About the Cloud Security Alliance To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing “ ” CSA Israel: Community of security professional promoting responsible cloud adoption.
- 6. 6 w w w . o n l i n e c l o u d s e c . c o m Monitoring Tool set CSPM Cloud Security Posture Management • Protect management dashboard • Monitor for Compliance breachs, misconfiguration, Identity permissions CWPP - Cloud Workload Protection Platform • Protect Workloads (VM’s, Containers, serverless • Traditional end-point security (AV, VA ) ASPM - Application Security Posture Management • Orchestration the SDLC process, from development to deployment and testing CIEM - Cloud Identity & entitlement management • Monitor Identity information • Identity is more then humans - include services, workloads and more DSPM – Data Security Posture management • Govern and monitor of data silos across organizations • Support multiple services SSPM / CASB– SaaS security posture management • Evaluating SaaS providers • Focus on posture and compliance Cloud native application protection platform (CNAPP) IaaS/PaaS SaaS
- 7. 7 w w w . o n l i n e c l o u d s e c . c o m CNAPP CSPM Cloud Security Posture Management • Protect management dashboard • Monitor for Compliance breaks, misconfiguration, Identity permissions CWPP - Cloud Workload Protection Platform • Protect Workloads (VM’s, Containers, serverless • Traditional end-point security (AV, VA ) • Should support new workloads (K8’s, FaaS) Cloud native application protection platform (CNAPP) Focus on IaaS/PaaS All cloud providers got internal solutions A must have solution Disclaimer: vendor names are just examples…. • Palo Alto • Check Point • Wiz • ORCA • AQUA • Light spin How compliant I am with IS27001? How compliant I am with IS27001? Which Workload has critical vulnerability ?
- 8. 8 w w w . o n l i n e c l o u d s e c . c o m ASPM Application Security Posture Management • Orchestration of the SDLC process, from development to deployment & testing and ongoing operations • Integrates with CI/CD , testing tools and workflow tools for developers' friendly integration Focus on IaaS/PaaS Foundation for devsecops The newest solution Disclaimer: vendor names are just examples…. • ENSO • APIIRO • CIDER • OX Security What are my most vulnerable applications? Which sensitive data is exposed? What is the status of CI/CD security testing ?
- 9. 9 w w w . o n l i n e c l o u d s e c . c o m CIEM Cloud Identity & entitlement management • Monitor Identity information • Identity is more then humans - include services, workloads and more Oriented at multicloud Considered to be a niche Identity is most challenging aspect in cloud Disclaimer: vendor names are just examples…. • Ermetic • Solvo • Authomize • Britive Which users don’t have MFA? Which user has over privileges? Which user has hidden privileges?
- 10. 10 w w w . o n l i n e c l o u d s e c . c o m DSPM Data Security Posture Management • Govern and monitor of data silos across organizations • From discovery & classification to realtime monitoring • Support multiple cloud platforms IaaS/PaaS/SaaS Considered to be a niche Has similar aspects to CIEM Disclaimer: vendor names are just examples…. • DIG • Laminar • Satori • Polar security Do I have public PII? Where are my sensitive files? Who can access project X files?
- 11. 11 w w w . o n l i n e c l o u d s e c . c o m SSPM SaaS Security Posture Management • Detect misconfiguration , excessive permission, compliance risks • A mixture of posture + online monitoring • Need to support multiple services Focus on SaaS GRC Mostly identity and compliance We used to call it CASB Disclaimer: vendor names are just examples…. • Adaptive Shield • GRIP • Valence • WING • ATOMSEC • DoControl DO I have misconfigurations? Which 3rd party apps connected? Which SaaS application do we use?
- 12. 12 w w w . o n l i n e c l o u d s e c . c o m Monitoring Tool set Logs Posture & configuration Identity data Threat intelligence Workloads vulnerabilities Security Center
- 13. 13 w w w . o n l i n e c l o u d s e c . c o m Log sources • Cover Dashboard API activity & access • Cover main admin tasks Cloud MNGT Logs • Network traffic )flow logs format) Traffic Logs • Extracted just like traditional OS Instances Logs • K8's logs • DNS logs • Object storage logs Unique logs
- 14. 14 w w w . o n l i n e c l o u d s e c . c o m Architecting for log management Cloud Trail S3 SIEM Agent Cloud WATCH (Rules & Alerts) SNS (notifications) VPC Flow Logs OS Logs
- 15. 15 w w w . o n l i n e c l o u d s e c . c o m Keep in touch Cloud Security Course Schedule can be found at: http://www.onlinecloudsec.com/course-schedule Moshe Ferber www.onlinecloudsec.com @FerberMoshe http://il.linkedin.com/in/MosheFerber 15 w w w . o n l i n e c l o u d s e c . c o m