SlideShare a Scribd company logo

Cloud Security Automation Metrics

Priyanka Aash
Priyanka Aash

Much has been said about DevOps and SecDevOps for security automation and integration. However, to many in the security community, this is still a buzzword. There are many practical applications of automation in cloud security controls, however, across all security-related disciplines. This talk will delve into concrete examples of security automation in the cloud, with metrics examples, as well. (Source : RSA Conference USA 2017)

Technology
1 of 45
Download to read offline
SESSION ID:SESSION ID: #RSAC Dave Shackleford Cloud Security: Automate or Die CSV-F02 Sr. Faculty SANS Institute @daveshackleford
#RSAC Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation Where’s infosec? How do we secure DevOps and cloud deployments? Security needs to change how we work with operations and the business DevSecOps is one way to better automate and integrate security for the cloud 2
#RSAC This was your data center before… 3
#RSAC This is your data center soon… 4
#RSAC What is DevOps? An open dialogue and collaboration between development and operations teams The goal is “continuous integration” and/or “continuous delivery” DevOps goals: Automated provisioning No-downtime deployments Monitoring “Fail fast and often” Automated builds & testing 5
#RSAC DevSecOps Integrates Security DevSecOps strives to automate core security tasks by embedding security controls and processes into the DevOps workflow Originally focused primarily on automating code security and testing Primarily code analysis, unit tests Now also encompasses more operations-centric controls Logging and event monitoring Configuration and patch management User and privilege management, Vulnerability assessment 6
#RSAC Cloud Deployment: Internal vs. External
#RSAC Cloud Security: Where to Focus Internal: -Deployment pipeline -Data security External: -CSP security controls -Integrated controls/monitoring 8
#RSAC General: Start with Cloud Threat Modeling • Most likely threats • Data types and sensitivity • System builds and controls • Cloud environment security posture • Existing controls in place • Controls we “lose” in the cloud 9
#RSAC Where does our traditional model fail? Perimeter focused Rely on dedicated appliances Heavy footprints for endpoints Strict change controls and schedules Slow rate of change (again…schedules) Lack of automation No detection of lateral movement 10
#RSAC Security as Code? With DevOps and “Infrastructure as Code”, we define everything in a software-defined method: Servers (usually VMs) Containers Application stacks Networks Roles/Privileges/Access models Security needs to be defined in this way, as well 11
#RSAC Deployment Pipeline Security Focus on: Code security Code repositories Automation tools Orchestration platforms Gateways and network connectivity Authentication/Authorization and privileged user monitoring and management are critical 12
#RSAC Development/Deployment Integration • We need to integrate into deployment pipelines • Continuous Integration vs. Continuous Deployment • Early: Static and Dynamic code analysis • Early: Defined libraries and configs • Later: Monitoring and Control in instances 13
#RSAC Specific Control Examples Application-level security through CI/CD integration SAST (Veracode or Fortify on Demand is an example) — Trigger automated build upload to Fortify with Jenkins DAST — Trigger automated WebInspect or AppScan scan Deployment Infrastructure Automation/Orchestration tool lockdown Roles/Privileges/Keys – Ansible Vault or Tower Infrastructure-level security Configuration and hardening via Ansible or Puppet Docker security verification during CI/CD build 14
#RSAC Ansible Example: RHEL 7 STIG 15
#RSAC Map to Cloud Risk Considerations 16
#RSAC “In-Cloud” Security
#RSAC The key is change detection For true DevSecOps to take hold, security teams will need to embed automated tests and validation of controls into the deployment cycle Monitor continuously in production with “triggered” responses that can roll controls back to a known good state 18
#RSAC DevSecOps and configuration state • Define configuration items and baselines • Approve configuration templates and controls • Embed configuration standards in builds and automate patch management • Monitor everything! • Roll back if a “diff check” fails • This is easier said than done with some host-based solutions 19
#RSAC Vulnerability scanning • Continuous monitoring is critical to DevSecOps success • Check for scanning products that have been adapted to cloud • Some have strong API support and integration • Also consider host-based assessment • This can be automatically triggered in deployment and monitoring environments 20
#RSAC DevSecOps: Privilege management • Carefully limit and control the accounts and privileges assigned to resources • All users, groups, roles, and privileges should be carefully discussed and designated to resources on a “need to know” basis • Assign “least privilege” and monitor carefully • Embedded tokens and keys in code are common 21
#RSAC Just…no. 22
#RSAC Security as Code: Define Policies Define policies for components, networks, and more This might include: Configurations (Puppet, Chef) App deployment and automation (Ansible, Jenkins) Additional orchestration and automation tools Cloud providers may offer tools, too (CloudFormation in AWS, for example) 23
#RSAC Security as Code: Define security “stories” These will be specific use cases and requirements: Input validation for app X Use of TLS for all communications Hardening to CIS Benchmark standards These are then implemented IN code and vetted, or via policy files and language 24
#RSAC Security as Code: Internal Build and Deployment Security For the internal side of Security as Code, imagine the following: Automated code scans upon check-in Automated app scanning in test/staging Automated Server, Container, and Network configuration checks via policy Continuous monitoring of all core components in the Deployment Pipeline 25
#RSAC Security as Code: Test policies regularly Using build testing tools like Test Kitchen and Vagrant can simplify internal policy validation Coordinate penetration tests and routine checks to validate policies’ effectiveness Are only required ports open? Are credentials secured? Are encryption keys secured? Are privileges assigned properly? 26
#RSAC The Cloud Feedback Loop “Triggered” Security Automation
#RSAC Security as Code: Automate Production Feedback Loops That whole “continuous monitoring” thing? Yeah, it’s time. You need detection and response playbooks, too: Scheduled checks of X generates alert/log Alert triggers automated process Y All of this needs to be automated Some critical tasks may require a human sign-off 28
#RSAC Collect and analyze logs and events • Logs and events generated by services, applications, and operating systems within cloud instances should be automatically collected • Organizations implementing DevSecOps should: • Collect the appropriate logs • Send logs to secure central logging services or cloud-based event management platforms • Monitor events closely using SIEM and/or analytics tools 29
#RSAC Benefits of DevSecOps: Inventory Management • We need a sound view of what we have! • An effective, dynamic inventory must quickly and continuously discover and validate new assets • Scanners and host agents can report in to continually update inventory • Host agents can help with this, as can services like AWS Config 30
#RSAC Example 1: Scanning -> Remediation AWS Lambda Inspector Scan var AWS = require('aws-sdk'); var inspector = new AWS.Inspector({ region: 'us-east- 1' }); exports.handler = function(event, context, callback){ inspector.startAssessmentRun({ assessmentTemplateArn: 'arn:aws:inspector:us- east-1:ACCOUNTED:target/ID/template/ID' }, callback); } AWS CLI “Describe-Findings” "failedItems": {}, "findings": [ "arn": "arn:aws:inspector:us-east-1:INSTANCE", "assetType": "ec2-instance", "attributes": [], "createdAt": 1458680301.37, "description": "Amazon Inspector did not find any potential security issues during this assessment.", "indicatorOfCompromise": false, 31
#RSAC Example 2: Template/AMI Integrity+Rollback The describe-images CLI command can produce AMI information from AWS Parse the CreationDate output variable Compare to known “good” value + CloudFormation template Good? Cool. Bad? Update CloudFormation template with previous AMI. 32
#RSAC Example 3: Log Parsing to Quarantine Collect and parse all logs in the cloud In AWS, this would include CloudWatch and CloudTrail logging Depending on event type…enact scripted responses From: http://www.slideshare.net/AmazonWebServices/introduction-to-devsecops-on-aws 33
#RSAC The Big Picture: Automated Forensics 1. Detect a suspicious behavior on a cloud instance 2. Trigger an automated response workflow via APIs 3. Change instance network to a dedicated “quarantine” subnet 4. A local process begins disk and memory acquisition on the suspect instance 5. Evidence is copied to a forensic storage node in the cloud controlled by the security team and automatically protected with dedicated encryption 6. Instance is automatically rolled back and validated 34
#RSAC Sound far-fetched? Not so much. So many great projects out there now: AWS_IR: https://aws-ir.readthedocs.io/en/latest/ Margarita Shotgun (EC2 Memory Imaging): https://margaritashotgun.readthedocs.io/en/latest/ Cloud Custodian: https://github.com/capitalone/cloud-custodian FIDO: https://github.com/Netflix/Fido 35
#RSAC Security automation in AWS From: http://www.slideshare.net/AmazonWebServices/introduction-to-devsecops-on-aws 36
#RSAC Measuring DevSecOps
#RSAC Metrics For automation to really take hold in cloud deployments, you need DATA And that means metrics+reporting For in-house DevOps: Code flaws found in automated scans Code flaws remediated after scans Vulnerabilities in deployment instances Time to fix -> Time to promote: How many security issues are you able to detect and fix prior to a build, promoting from test to production, or in a specific period of time.
#RSAC Metrics Metrics in the cloud: Number of “anomalies” detected in builds and production changes Number of automated rollbacks Number of XYZ events in logs Cost in XYZ time period for security automation impacts These aren’t perfect…but metrics never are Equating these key variables are most impactful: Risk profiles over a time period Costs over a time period
#RSAC Wrapping Up
#RSAC What does this all mean? We have HUGE gaps in security involvement and knowledge for all of this Cloud-oriented threat modeling Understanding of DevOps processes and tools Ability to write roles or playbooks for Ansible and other platforms Understanding of software-defined tools, APIs, and integration capabilities 41
#RSAC It’s time to shift… From THIS: To THIS: Type: "AWS::EC2::SecurityGroupIngress" Properties: CidrIp: String CidrIpv6: String FromPort: Integer GroupId: String GroupName: String IpProtocol: String SourceSecurityGroupName: String SourceSecurityGroupId: String SourceSecurityGroupOwnerId: String ToPort: Integer 42
#RSAC Integrate DevSecOps into security operations • Leverage automation: • Salt • Puppet • Chef • Embedded agents and SecaaS options • Consider: • Defensible infrastructure • Operational discipline • Situational awareness • Countermeasures 43
#RSAC DevSecOps: A Checklist Ensure that periodic reviews of the overall risk posture within cloud environments are performed Keep system instances in the cloud as locked down as you can Pay careful attention to privilege allocation and user, group, and role management. Commit to a culture of continuous monitoring Discuss vulnerabilities detected in cloud deployments with all team members Ensure you are gathering adequate security and operations logs and event data, sending this to a remote monitoring and collection platform. Discuss the changing threat landscape with DevOps teams 44
#RSAC “Apply” Slide Next week you should: Discuss threat models with Dev and Ops teams In the first three months following this presentation you should: Determine how to secure the deployment pipeline and components Compare current controls versus “in cloud” control options Within six months you should: Integrate automated security tests for internal and external controls Develop automated responses and monitoring frameworks

Recommended

Pragmatic Security Automation for Cloud
Pragmatic Security Automation for CloudPragmatic Security Automation for Cloud
Pragmatic Security Automation for CloudPriyanka Aash
 
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...Priyanka Aash
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramPriyanka Aash
 
Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Priyanka Aash
 
Red Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSRed Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSPriyanka Aash
 
FIM and System Call Auditing at Scale in a Large Container Deployment
FIM and System Call Auditing at Scale in a Large Container DeploymentFIM and System Call Auditing at Scale in a Large Container Deployment
FIM and System Call Auditing at Scale in a Large Container DeploymentPriyanka Aash
 
Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security NinjaAmazon Web Services
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 

Recommended

Pragmatic Security Automation for Cloud
Pragmatic Security Automation for CloudPragmatic Security Automation for Cloud
Pragmatic Security Automation for CloudPriyanka Aash
 
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...Priyanka Aash
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramPriyanka Aash
 
Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Priyanka Aash
 
Red Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSRed Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSPriyanka Aash
 
FIM and System Call Auditing at Scale in a Large Container Deployment
FIM and System Call Auditing at Scale in a Large Container DeploymentFIM and System Call Auditing at Scale in a Large Container Deployment
FIM and System Call Auditing at Scale in a Large Container DeploymentPriyanka Aash
 
Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security NinjaAmazon Web Services
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsAmazon Web Services
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Defending Serverless Infrastructure in the Cloud RSAC 2020
Defending Serverless Infrastructure in the Cloud RSAC 2020Defending Serverless Infrastructure in the Cloud RSAC 2020
Defending Serverless Infrastructure in the Cloud RSAC 2020Puma Security, LLC
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingPriyanka Aash
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Alfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureAlfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureDevSecCon
 
Azure for Auditors
Azure for AuditorsAzure for Auditors
Azure for AuditorsTeri Radichel
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Teri Radichel
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityLibbySchulze
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
Red team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfaceRed team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfacePriyanka Aash
 
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondOffice 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondPriyanka Aash
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponsePriyanka Aash
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskPriyanka Aash
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSAShannon Lietz
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloudPriyanka Aash
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 

More Related Content

What's hot

Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsAmazon Web Services
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Defending Serverless Infrastructure in the Cloud RSAC 2020
Defending Serverless Infrastructure in the Cloud RSAC 2020Defending Serverless Infrastructure in the Cloud RSAC 2020
Defending Serverless Infrastructure in the Cloud RSAC 2020Puma Security, LLC
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingPriyanka Aash
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Alfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureAlfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureDevSecCon
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Teri Radichel
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityLibbySchulze
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
Red team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfaceRed team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfacePriyanka Aash
 
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondOffice 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondPriyanka Aash
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponsePriyanka Aash
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskPriyanka Aash
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSAShannon Lietz
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 

What's hot (20)

Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOps
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of Things
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Defending Serverless Infrastructure in the Cloud RSAC 2020
Defending Serverless Infrastructure in the Cloud RSAC 2020Defending Serverless Infrastructure in the Cloud RSAC 2020
Defending Serverless Infrastructure in the Cloud RSAC 2020
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos Testing
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Alfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureAlfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azure
 
Azure for Auditors
Azure for AuditorsAzure for Auditors
Azure for Auditors
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
Red team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfaceRed team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surface
 
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondOffice 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWS
 
Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and Response
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSA
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
 

Similar to Cloud Security Automation Metrics

Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloudPriyanka Aash
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityPriyanka Aash
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesPriyanka Aash
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsAleksandr Maklakov
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryPriyanka Aash
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
Practical Approaches to Cloud Native Security
Practical Approaches to Cloud Native SecurityPractical Approaches to Cloud Native Security
Practical Approaches to Cloud Native SecurityKarthik Gaekwad
 
Application Security from the Inside Out
Application Security from the Inside OutApplication Security from the Inside Out
Application Security from the Inside OutUlisses Albuquerque
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityScott Carlson
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Netflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open SourceNetflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open Sourceaspyker
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityFrank Kim
 
Why Implement DevSecOps with AWS? | The Enterprise World
Why Implement DevSecOps with AWS? | The Enterprise WorldWhy Implement DevSecOps with AWS? | The Enterprise World
Why Implement DevSecOps with AWS? | The Enterprise WorldTEWMAGAZINE
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSEric Smalling
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Kristana Kane
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 

Similar to Cloud Security Automation Metrics (20)

Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloud
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise Security
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security Headaches
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startups
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Practical Approaches to Cloud Native Security
Practical Approaches to Cloud Native SecurityPractical Approaches to Cloud Native Security
Practical Approaches to Cloud Native Security
 
Application Security from the Inside Out
Application Security from the Inside OutApplication Security from the Inside Out
Application Security from the Inside Out
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud Security
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the Cloud
 
Netflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open SourceNetflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open Source
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise Security
 
Why Implement DevSecOps with AWS? | The Enterprise World
Why Implement DevSecOps with AWS? | The Enterprise WorldWhy Implement DevSecOps with AWS? | The Enterprise World
Why Implement DevSecOps with AWS? | The Enterprise World
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Cloud Security Automation Metrics

  • 1. SESSION ID:SESSION ID: #RSAC Dave Shackleford Cloud Security: Automate or Die CSV-F02 Sr. Faculty SANS Institute @daveshackleford
  • 2. #RSAC Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation Where’s infosec? How do we secure DevOps and cloud deployments? Security needs to change how we work with operations and the business DevSecOps is one way to better automate and integrate security for the cloud 2
  • 3. #RSAC This was your data center before… 3
  • 4. #RSAC This is your data center soon… 4
  • 5. #RSAC What is DevOps? An open dialogue and collaboration between development and operations teams The goal is “continuous integration” and/or “continuous delivery” DevOps goals: Automated provisioning No-downtime deployments Monitoring “Fail fast and often” Automated builds & testing 5
  • 6. #RSAC DevSecOps Integrates Security DevSecOps strives to automate core security tasks by embedding security controls and processes into the DevOps workflow Originally focused primarily on automating code security and testing Primarily code analysis, unit tests Now also encompasses more operations-centric controls Logging and event monitoring Configuration and patch management User and privilege management, Vulnerability assessment 6
  • 8. #RSAC Cloud Security: Where to Focus Internal: -Deployment pipeline -Data security External: -CSP security controls -Integrated controls/monitoring 8
  • 9. #RSAC General: Start with Cloud Threat Modeling • Most likely threats • Data types and sensitivity • System builds and controls • Cloud environment security posture • Existing controls in place • Controls we “lose” in the cloud 9
  • 10. #RSAC Where does our traditional model fail? Perimeter focused Rely on dedicated appliances Heavy footprints for endpoints Strict change controls and schedules Slow rate of change (again…schedules) Lack of automation No detection of lateral movement 10
  • 11. #RSAC Security as Code? With DevOps and “Infrastructure as Code”, we define everything in a software-defined method: Servers (usually VMs) Containers Application stacks Networks Roles/Privileges/Access models Security needs to be defined in this way, as well 11
  • 12. #RSAC Deployment Pipeline Security Focus on: Code security Code repositories Automation tools Orchestration platforms Gateways and network connectivity Authentication/Authorization and privileged user monitoring and management are critical 12
  • 13. #RSAC Development/Deployment Integration • We need to integrate into deployment pipelines • Continuous Integration vs. Continuous Deployment • Early: Static and Dynamic code analysis • Early: Defined libraries and configs • Later: Monitoring and Control in instances 13
  • 14. #RSAC Specific Control Examples Application-level security through CI/CD integration SAST (Veracode or Fortify on Demand is an example) — Trigger automated build upload to Fortify with Jenkins DAST — Trigger automated WebInspect or AppScan scan Deployment Infrastructure Automation/Orchestration tool lockdown Roles/Privileges/Keys – Ansible Vault or Tower Infrastructure-level security Configuration and hardening via Ansible or Puppet Docker security verification during CI/CD build 14
  • 16. #RSAC Map to Cloud Risk Considerations 16
  • 18. #RSAC The key is change detection For true DevSecOps to take hold, security teams will need to embed automated tests and validation of controls into the deployment cycle Monitor continuously in production with “triggered” responses that can roll controls back to a known good state 18
  • 19. #RSAC DevSecOps and configuration state • Define configuration items and baselines • Approve configuration templates and controls • Embed configuration standards in builds and automate patch management • Monitor everything! • Roll back if a “diff check” fails • This is easier said than done with some host-based solutions 19
  • 20. #RSAC Vulnerability scanning • Continuous monitoring is critical to DevSecOps success • Check for scanning products that have been adapted to cloud • Some have strong API support and integration • Also consider host-based assessment • This can be automatically triggered in deployment and monitoring environments 20
  • 21. #RSAC DevSecOps: Privilege management • Carefully limit and control the accounts and privileges assigned to resources • All users, groups, roles, and privileges should be carefully discussed and designated to resources on a “need to know” basis • Assign “least privilege” and monitor carefully • Embedded tokens and keys in code are common 21
  • 23. #RSAC Security as Code: Define Policies Define policies for components, networks, and more This might include: Configurations (Puppet, Chef) App deployment and automation (Ansible, Jenkins) Additional orchestration and automation tools Cloud providers may offer tools, too (CloudFormation in AWS, for example) 23
  • 24. #RSAC Security as Code: Define security “stories” These will be specific use cases and requirements: Input validation for app X Use of TLS for all communications Hardening to CIS Benchmark standards These are then implemented IN code and vetted, or via policy files and language 24
  • 25. #RSAC Security as Code: Internal Build and Deployment Security For the internal side of Security as Code, imagine the following: Automated code scans upon check-in Automated app scanning in test/staging Automated Server, Container, and Network configuration checks via policy Continuous monitoring of all core components in the Deployment Pipeline 25
  • 26. #RSAC Security as Code: Test policies regularly Using build testing tools like Test Kitchen and Vagrant can simplify internal policy validation Coordinate penetration tests and routine checks to validate policies’ effectiveness Are only required ports open? Are credentials secured? Are encryption keys secured? Are privileges assigned properly? 26
  • 27. #RSAC The Cloud Feedback Loop “Triggered” Security Automation
  • 28. #RSAC Security as Code: Automate Production Feedback Loops That whole “continuous monitoring” thing? Yeah, it’s time. You need detection and response playbooks, too: Scheduled checks of X generates alert/log Alert triggers automated process Y All of this needs to be automated Some critical tasks may require a human sign-off 28
  • 29. #RSAC Collect and analyze logs and events • Logs and events generated by services, applications, and operating systems within cloud instances should be automatically collected • Organizations implementing DevSecOps should: • Collect the appropriate logs • Send logs to secure central logging services or cloud-based event management platforms • Monitor events closely using SIEM and/or analytics tools 29
  • 30. #RSAC Benefits of DevSecOps: Inventory Management • We need a sound view of what we have! • An effective, dynamic inventory must quickly and continuously discover and validate new assets • Scanners and host agents can report in to continually update inventory • Host agents can help with this, as can services like AWS Config 30
  • 31. #RSAC Example 1: Scanning -> Remediation AWS Lambda Inspector Scan var AWS = require('aws-sdk'); var inspector = new AWS.Inspector({ region: 'us-east- 1' }); exports.handler = function(event, context, callback){ inspector.startAssessmentRun({ assessmentTemplateArn: 'arn:aws:inspector:us- east-1:ACCOUNTED:target/ID/template/ID' }, callback); } AWS CLI “Describe-Findings” "failedItems": {}, "findings": [ "arn": "arn:aws:inspector:us-east-1:INSTANCE", "assetType": "ec2-instance", "attributes": [], "createdAt": 1458680301.37, "description": "Amazon Inspector did not find any potential security issues during this assessment.", "indicatorOfCompromise": false, 31
  • 32. #RSAC Example 2: Template/AMI Integrity+Rollback The describe-images CLI command can produce AMI information from AWS Parse the CreationDate output variable Compare to known “good” value + CloudFormation template Good? Cool. Bad? Update CloudFormation template with previous AMI. 32
  • 33. #RSAC Example 3: Log Parsing to Quarantine Collect and parse all logs in the cloud In AWS, this would include CloudWatch and CloudTrail logging Depending on event type…enact scripted responses From: http://www.slideshare.net/AmazonWebServices/introduction-to-devsecops-on-aws 33
  • 34. #RSAC The Big Picture: Automated Forensics 1. Detect a suspicious behavior on a cloud instance 2. Trigger an automated response workflow via APIs 3. Change instance network to a dedicated “quarantine” subnet 4. A local process begins disk and memory acquisition on the suspect instance 5. Evidence is copied to a forensic storage node in the cloud controlled by the security team and automatically protected with dedicated encryption 6. Instance is automatically rolled back and validated 34
  • 35. #RSAC Sound far-fetched? Not so much. So many great projects out there now: AWS_IR: https://aws-ir.readthedocs.io/en/latest/ Margarita Shotgun (EC2 Memory Imaging): https://margaritashotgun.readthedocs.io/en/latest/ Cloud Custodian: https://github.com/capitalone/cloud-custodian FIDO: https://github.com/Netflix/Fido 35
  • 36. #RSAC Security automation in AWS From: http://www.slideshare.net/AmazonWebServices/introduction-to-devsecops-on-aws 36
  • 38. #RSAC Metrics For automation to really take hold in cloud deployments, you need DATA And that means metrics+reporting For in-house DevOps: Code flaws found in automated scans Code flaws remediated after scans Vulnerabilities in deployment instances Time to fix -> Time to promote: How many security issues are you able to detect and fix prior to a build, promoting from test to production, or in a specific period of time.
  • 39. #RSAC Metrics Metrics in the cloud: Number of “anomalies” detected in builds and production changes Number of automated rollbacks Number of XYZ events in logs Cost in XYZ time period for security automation impacts These aren’t perfect…but metrics never are Equating these key variables are most impactful: Risk profiles over a time period Costs over a time period
  • 41. #RSAC What does this all mean? We have HUGE gaps in security involvement and knowledge for all of this Cloud-oriented threat modeling Understanding of DevOps processes and tools Ability to write roles or playbooks for Ansible and other platforms Understanding of software-defined tools, APIs, and integration capabilities 41
  • 42. #RSAC It’s time to shift… From THIS: To THIS: Type: "AWS::EC2::SecurityGroupIngress" Properties: CidrIp: String CidrIpv6: String FromPort: Integer GroupId: String GroupName: String IpProtocol: String SourceSecurityGroupName: String SourceSecurityGroupId: String SourceSecurityGroupOwnerId: String ToPort: Integer 42
  • 43. #RSAC Integrate DevSecOps into security operations • Leverage automation: • Salt • Puppet • Chef • Embedded agents and SecaaS options • Consider: • Defensible infrastructure • Operational discipline • Situational awareness • Countermeasures 43
  • 44. #RSAC DevSecOps: A Checklist Ensure that periodic reviews of the overall risk posture within cloud environments are performed Keep system instances in the cloud as locked down as you can Pay careful attention to privilege allocation and user, group, and role management. Commit to a culture of continuous monitoring Discuss vulnerabilities detected in cloud deployments with all team members Ensure you are gathering adequate security and operations logs and event data, sending this to a remote monitoring and collection platform. Discuss the changing threat landscape with DevOps teams 44
  • 45. #RSAC “Apply” Slide Next week you should: Discuss threat models with Dev and Ops teams In the first three months following this presentation you should: Determine how to secure the deployment pipeline and components Compare current controls versus “in cloud” control options Within six months you should: Integrate automated security tests for internal and external controls Develop automated responses and monitoring frameworks