Workshop on CASB Part 2
2 likes2,467 views
The document discusses the importance of a full lifecycle approach to security, emphasizing the need for effective threat analytics and incident response, particularly in cloud environments. It highlights challenges in threat detection and the necessity for automation in both threat detection and incident response to manage the evolving threat landscape. Additionally, various deployment models, including forward and reverse proxies and API modes, are analyzed for their pros and cons in ensuring security within cloud services.
Workshop on CASB Part 2
- 1. CASB – Architecture & Deployment Gaurav Bhatia gaurav@palerra.com Palerra
- 2. Aug 2015 Full Lifecycle Approach to Security Effective threat analytics is an important element of the security lifecycle But it is ineffective without incident response – the yin and the yang For security architectures to be effective, threat analytics and incident response must be tightly coupled to prevent any gaps Chase breach affects 76 million accounts, raises questions about detection failure SC Magazine – Oct 3, 2014 Target did not respond to FireEye security alerts prior to breach, according to report “We often see organizations ignoring alarms like this because they've become numb to them, receiving too many false positives, or because they're understaffed,” Chiu said. “You can have all the alarms you want, but unless you put security in a prominent position in the company and have enough staff to review them, those alarms don't mean anything.”
- 3. Aug 2015 The Yin: Threat Analytics for the Cloud Challenges with performing threat analytics for cloud services Static threat models cannot be applied to on-demand cloud infrastructure Non-uniform transparency across cloud providers for event logs and security metadata Consolidation of security data across SaaS, PaaS and IaaS is required for a holistic view Correlation of data across all cloud services is challenging due to the sheer volume of cloud usage A combination of approaches to threat analytics is required Detection: Define static rules and baselines to match known threats Prediction: Use data science and machine learning to discover unknown threats Automation of threat detection and prediction is necessary to keep up with the rapidly evolving threat landscape
- 4. Aug 2015 The Yang: Incident Response for the Cloud Comprehensive incident response entails Logging: ensures that all incidents are tracked Remediation: ensures that all incidents are addressed Two approaches to remediation Changes are made directly to the cloud service Changes are made via integrations with existing IT investments Automation of incident response is necessary to ensure that no incidents are lost in the shuffle
- 5. Aug 2015 CASB Deployment models
- 7. Aug 2015 Forward proxy Pros Can be used for all app types, incl client-server with hard-coded host names Cons Difficult to deploy especially for BYOD shops End-user privacy concerns as both corporate and personal traffic are sent via proxy Requires self-signed certificates at each point of use. CASB becomes SPOF
- 9. Aug 2015 Reverse proxy Pros Works for any device (managed and unmanaged) and from any location End-user privacy is intact – only corporate traffic is proxied Simple deployment – no configuration on mobile devices or firewalls Cons SSL/TLS is hard to handle CASB becomes SPOF
- 11. Aug 2015 API Pros Non-intrusive & light touch solution Can provide content based controls Supports BYOD Reliable information on what data is in the cloud, its permissions and the activity logs Cons Not all SaaS applications offer API support
- 12. Aug 2015 Thanks!