Reality Check: Security in the Cloud
1 like338 views
This document discusses security in the cloud and recommends best practices. It notes that while AWS provides many security tools, customers are still responsible for 95% of security failures due to human error. It then outlines various attack types like SQL injection and remote code execution that target web applications. The document recommends leveraging machine learning and multiple detection techniques to identify multi-stage attacks. It emphasizes the need to secure the entire attack surface, including on-premises environments, and highlights services like Alert Logic that provide 24/7 monitoring, analytics, and security experts to help detect and respond to threats.
Reality Check: Security in the Cloud
- 1. REALITY CHECK: SECURITY IN THE CLOUD Chris Camaclang, Sales Engineer – Alert Logic
- 2. The Cloud Is Secure AWS has all the tools you need to secure your cloud! • AWS WAF • CloudFront • Security Groups • AWS Artifact • Certificate Manager • AWS Cloud HSM • Amazon Cognito • AWS Firewall Manager • Macie • GuardDuty • AWS IAM • Inspector • AWS Config • AWS KMS • Amazon Macie • AWS Shield • AWS Secrets Manager • AWS SSO
- 3. Sometimes…you might wonder what could go wrong? • Through 2022, at least 95% of cloud security failures will be the customer’s fault – Gartner • More than 1.5 billion sensitive corporate and other files are visible on the public internet due to human error – Digital Shadows • 88% of Java applications had at least one component-based vulnerability, 56% of all PHP apps had at least one SQLi vulnerability - Veracode
- 4. Cloud Has Disrupted Traditional Security Agility & Automation Hyper-scalability
- 5. The Cloud Attack Service
- 7. The Cloud Attack Surface /s 443
- 8. Web App Attacks – King of the Hill WEB APP ATTACK DoS / DDoS 1% Other 1% 75% DOS/DDOS 1% OTHER 1% SERVER-SIDE MALWARE 2% RECON 5% BRUTE FORCE 5% SQL INJECTION 55% REMOTE CODE EXECUTION 22% XXE 3% APACHE STRUTS RCE 6% WEB APP ATTACK RECON 5% FILE UPLOAD 6% OTHER 4% SECURITY INCIDENT TYPES ESCALATED
- 9. With great power, comes those that seek to abuse it.
- 10. Check your sources… Attacks are cloud scale just like your application.
- 11. Check your surroundings… Your adversary is leveraging ML and AI against you.
- 12. Multi-stage Web Application Attacks Appear As Noise
- 13. Enter Machine Learning Over nine months : 8-10% of the customers we monitored were targeted by actors with better-than- average levels of skill and determination Each attack had a High degree of complexity Identified, approx. 231 attacks
- 14. Multi-stage Attacks Time: Day 1 Event: Early stage recon event Criticality: Medium Time: Day 3 Event: SQL Injection recon Criticality: Medium Time: Day 4 Event: SQL table enumeration Criticality: High Time: Day 4 Event: Injection Criticality: Critica Situation: Multiple address spaces and disparate unrelated events over days
- 15. Behind the Data Web apps and misconfigurations can be the final destination…or initial entry point Perimeter AND Network AND System /log-based Detection defend your hosts see N / S / E / W in all of your protected environments WAF blocking/virtual patching, IDS, and log monitoring as air cover as you burn down your web app vulnerabilities • Redistribute malware directly / indirectly (exploit kits / watering hole) • Monetization through fraud (SEO, Coin Mining, Spam) • Entry point into Infrastructure • Lateral movement, privilege escalation • Steal data (exfiltration of information from databases)
- 16. Leverage Multiple Detection Techniques
- 17. Best Practices Know your Shared Security Responsibilities with AWS Attack surface isn’t just where your data resides Continually assess for exposures across all environments Understand impacts from applicable compliance mandates Implement controls built for cloud…and work on-premises
- 18. A Few Parting Thoughts • 24-hour monitoring • Validation & enrichment • Remediation advice ANALYTICS • Signatures & rules • Anomaly detection • Machine learning LIVE EXPERTS ActiveWatch™ Managed Threat Detection DETECT DATA COLLECTION & INSPECTION •Web (HTTP) requests & responses •System logs •Network packets BLOCK In-Line Web Application Firewall (WAF) COMPLY • PCI, HIPAA, SOX COBIT • Attestation reporting • Log review & archiving ASSESS VULNERABILITY SCANNING • Software CVEs • Network config • Remediation workflows AWS CONFIG AUDITING • Configuration exposures • Pre-authorized with AWS • Auto-discovery, topology Priority Alerts AlertsIncident Reports Incident Workflows HOSTEDON-PREMISES
- 19. Alert Logic Cloud Security Report 2017 550 DAYS AUG 1, 2015 – JAN 31 2017 2,207,795 INCIDENTS TOTAL TRUE POSITIVE SECURITY INCIDENTS ANALYZED 32.5 MILLION EVENTS DRIVING ESCALATED INCIDENTS 147 PETABYTES OF DATA ANALYZED 3807 CUSTOMERS ANALYZED 452 INDUSTRIES ACROSS 3 CONTINENTS
- 20. Who Can I Speak To? Need 1-on-1 time with Security Experts? Speak to Alert Logic to have all your questions answered. Alert Logic 2017 Cloud Security Report www.alertlogic.com
- 21. Thank you.