Security Teams & Tech In A Cloud World
2 likes634 views
This document discusses security teams and technology in a cloud world. It notes that security is now everyone's responsibility rather than isolated to one team. Modern security requires new skills from specialists like basic coding knowledge and a user-focused perspective. The document advocates distributing security specialists throughout teams rather than keeping them isolated. It also presents opportunities that cloud infrastructure provides for faster deployment times and continuous monitoring through automation and aggregation of security data.
Security Teams & Tech In A Cloud World
- 1. Security Teams & Tech In A Cloud World Mark Nunnikhoven, Vice President Cloud Research @marknca Audience: Public
- 3. Security “Facts”* About your organization or one just like it
- 4. We will respond quickly to an incident
- 5. Attackers are on a network an average of 154 days
- 6. We need more tools
- 7. Canadian companies spend just under 10% on IT security
- 8. Canadian companies spend just under 10% on IT security * 60% of companies didn’t mention people or process as an area of focus
- 9. Users are a major problem
- 10. Security is considered the opposite of usability
- 12. You have one, isolated security team
- 13. You have one, isolated security team * …and a wildly unsuccessful “awareness” program
- 15. Mark Nunnikhoven Vice President, Cloud Research Trend Micro @marknca
- 16. Modern Security
- 17. Video available at https://vimeo.com/111631197
- 18. Video available at https://vimeo.com/111631197
- 19. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM
- 20. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log Store
- 21. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log StoreMonitoring
- 22. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log StoreMonitoring Event-driven Function
- 23. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log StoreMonitoring CSP API Event-driven Function
- 24. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log Store Restrict Access Monitoring CSP API Event-driven Function
- 25. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log Store Restrict Access Monitoring Web UI CSP API Event-driven Function
- 26. 2014
- 27. What’s the hold up?
- 32. Running in the Cloud
- 33. IaaS (Infrastructure) PaaS (Container) SaaS (Abstract) Data Application Operating System Virtualization Infrastructure Physical Data Application Operating System Virtualization Infrastructure Physical Data Application Operating System Virtualization Infrastructure Physical Shared Responsibility Model
- 34. Setup • Lock down operating system, applications, and data Harden system according to NIST / best practices Encrypt everything • Enable service health monitoring features Check your CSP’s documentation • Monitor service API activities Look for unauthorized; replication, start up, termination, etc. Steps: IaaS
- 35. Setup • Read all the documentation Seriously, RTFM • Implement strong code quality systems Automation is critical to success • Configure access control and other security features Check your CSP’s documentation Steps: PaaS
- 36. Setup • Read all the documentation Seriously, RTFM • Configure access control and other security features Check your CSP’s documentation Steps: SaaS
- 37. Setup • Evaluate controls against acceptable level of risk for data used in service I shouldn’t have to say this • Monitor all service provider status updates and communications channels Remember to include them in your IR plans Steps: Any Cloud Service
- 38. IaaS (Infrastructure) PaaS (Container) SaaS (Abstract) Data Application Operating System Virtualization Infrastructure Physical Data Application Operating System Virtualization Infrastructure Physical Data Application Operating System Virtualization Infrastructure Physical Shared Responsibility Model
- 39. Opportunity
- 40. © Trend Micro, 201627 Physical Weeks Virtual Days Cloud Minutes Container Seconds Function Immediate { Time to deploy } { Environment }
- 41. © Trend Micro, 201628 Physical Weeks Virtual Days Cloud Minutes Container Seconds Function Immediate { Time to deploy } { Environment }
- 42. © Trend Micro, 201629 Move faster Focus on value Goal
- 43. © Trend Micro, 201630 Deploy using the method that delivers the most value Goal
- 44. © Trend Micro, 201631 Every tool adds overhead Constraint
- 45. © Trend Micro, 201632 Automation allows for the speed, scale, and consistency required Relief
- 46. © Trend Micro, 201633 Deploy using the method that delivers the most value Goal
- 47. © Trend Micro, 201634 …with minimal operational impact Deploy using the method that delivers the most value Goal
- 48. DevOps
- 50. Etsy deploys 50+/day Flickr deploys 10+/day Success
- 51. Etsy deploys 50+/day Amazon deploys 11.7 seconds Flickr deploys 10+/day Success
- 52. Etsy deploys 50+/day Amazon deploys 11.7 seconds Adobe +60% app development Flickr deploys 10+/day Success
- 53. Etsy deploys 50+/day Amazon deploys 11.7 seconds Adobe +60% app development Fidelity $2.3M saved for one app Flickr deploys 10+/day Success
- 55. …can have a much stronger security posture in AWS and the cloud than they can on-premises Andy Jassy, AWS CEO * From an interview with the Wall Street Journal, http://www.wsj.com/articles/amazons-andy-jassy-on-the-promise-of-the-cloud-1477880220
- 58. Team Challenges
- 60. New Skills Needed • Basic understanding of development practices & ability to write simple code Everything in the cloud is an API. Security MUST BE automated • Puts the user first We make the tech that they “can’t use right” … not their fault • Perspective & understanding of practical security No more “the sky is falling” • Educators Written, video, presentations, Slack,…anywhere teams are working Steps: Security Specialist
- 62. Your Org Chart Is Wrong
- 63. Typical Org Chart CISO Dev GRC Ops Infrastructure CIO Ops
- 64. Updated Org Chart CISO Dev GRC Ops Infrastructure CIO Ops
- 65. Updated Org Chart CISO Dev GRC OpsInfrastructure CIO Ops
- 66. Updated Org Chart CISO Dev GRC OpsInfrastructure CIO Ops GrC
- 67. @peterme Peter Merholz Kristin Skinner @bettay
- 77. Goal
- 78. Fabric
- 80. 1 min
- 81. 1 min Slow lane
- 82. 1 min Slow lane Fast lane
- 83. 1 min Slow lane Fast lane
- 84. 1 min
- 85. 1 min
- 86. 1 min Is this bad?
- 87. 1 min Is this bad?
- 88. 1 min Is this bad? Is this malicious? and
- 89. 1 min Is this bad? Is this malicious? and
- 90. 1 min Is this bad? Is this malicious? and
- 91. 1 min
- 93. 1 min Aggregate information 1m, h, d, w, m Trends
- 94. 1 min Aggregate information 1m, h, d, w, m Trends
- 95. 1 min Aggregate information 1m, h, d, w, m Trends Evidence of compliance
- 96. 1 min Aggregate information 1m, h, d, w, m Trends Evidence of compliance Configuration Processes
- 97. 1 min Aggregate information 1m, h, d, w, m Trends Evidence of compliance Configuration Processes Deployment data
- 98. 1 min Aggregate information 1m, h, d, w, m Trends Evidence of compliance Configuration Processes Deployment data Performance Debug
- 99. 1 min
- 100. 1 min SecOps
- 101. 1 min Aggregate Evidence Deployments SecOps
- 102. Get stuff done
- 103. © Trend Micro, 201660 Thank you! mark_nunnikhoven@trendmicro.com | @marknca