Alert Logic regularly analyzes data collected
from its production system to det...
Upcoming SlideShare
Loading in …5

Alert Logic State of Cloud Security Update


Published on

Alert Logic's analysis of data collected from its production system confirms that infrastructure in both cloud hosting provider and enterprise data center environments is subject to broad range of attacks.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Alert Logic State of Cloud Security Update

  1. 1. STATE OF CLOUD SECURITY | Fall 2013 Update Alert Logic regularly analyzes data collected from its production system to determine the prevalence of a variety of threats. In this update to the Spring 2013 State of Cloud Security Report, the findings again confirm that infrastructure in both the cloud hosting provider (CHP) and enterprise data center (EDC) environments is subject to a broad range of attacks. While the findings were generally consistent with those of the previous study period, several changes occurred that bear watching: • In the prior study period, we observed a significant difference in occurrence of brute force attacks between the two environments, with EDC customers far more likely to experience this type of attack. In the latest period, this gap has narrowed (from 19% to less than 10%). • In both the CHP and EDC environments, there was a slight decrease in the occurrence of web application attacks (i.e., a smaller proportion of customers were affected). This may reflect a wider adoption of defensive technologies that render these easilylaunched attacks less successful. Optimism aside, web application attacks remain a major threat. • The occurrence of malware/botnet attacks increased in both environments, a possible indication of more customers experiencing targeted attacks. >>OCCURRENCE & FREQUENCY BY ENVIRONMENT & INCIDENT TYPE >>DATA SET 80% Organizations Observed among Alert Logic Customers Cloud Hosting Providers 42% 20% 10/01/12 29% Cloud Hosting Provider (CHP) Enterprise Data Center 9% 7.5 22.5 FREQUENCY 03/31/13 Observation Timeline 29% 34 48.3 42% ENTERPRISE DATA CENTER RECOMMENDATIONS 19% Brute Force 4 Malware/Botnet CLOUD HOSTING PROVIDER 4 Vulnerability Scan 0 3% 1.4 2.5 App Attack 52% 2 4 3% 1.8 31.0 26% Web App Attack 0 7.0 9.3 Recon 2 25.7 44.6 15% Enterprise Data Center (EDC) AVERAGE NUMBER OF UNIQUE ATTACK TYPES 35% 01 02 Web Application Security Monitoring of Network Traffic Incorporating secure development processes, identification of application vulnerabilities, and active defense against attacks. To identify attacks, reconnaissance activities, and traffic from known malicious hosts. 03 04 Identification of Suspicious Activity Regular Vulnerability Scanning Malware/Botnet Brute Force Vulnerability Scan To identify possible points of entry for attackers. Malicious software installed on a host and engaging in unscrupulous activity, data destruction, information gathering or creation of backdoors. Exploit attempts enumerating a large number of combinations, typically involving multiple redential c failures, in hopes of finding a weakness. Automated vulnerability discovery in applications, services or protocol implementations. Web App Attack Recon App Attack Attacks targeting the presentation, ogic or l database layer of web apps. Activity focused on ping sweeps, mapping networks, applications and/or services. Exploit attempts against applications or services not running over HTTP protocol. Incident Occurrence Incident Frequency Threat Diversity Percent of customers impacted. Average number of incidents per impacted customer. Average number of unique incident types experienced by customers. Through review of log data, appropriate use of malware and anti-virus products, and behavioral analysis. Recommendations for Cloud Host Providers Only 05 06 Following Rigorous, Fundamental IT Management Practices Understanding Security Posture of Their Service Provider Web Application Attack Vulnerabilities INCIDENT DESCRIPTIONS Such as keeping current with patch management and careful configuration management. And the lines of responsibility and accountability for securing different parts of the infrastructure stack. Recommendations for Enterprise Data Centers Only 07 08 Malware Botnet Activity IT Management Practices This activity may be part of a targeted attack. Adopting a service-provider level of rigor to basic practices that can eliminate vulnerabilities and points of entry for attackers. FACTORS © Copyright 2013 Alert Logic, Inc. All rights reserved.