Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Nimbo/Alert Logic - Azure in the Cloud


Published on

Johnathan Norman
Nimbo/AL/Azure Event in a Box 01/27

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Nimbo/Alert Logic - Azure in the Cloud

  1. 1. Alert Logic – Azure Cloud Security Johnathan Norman Cloud Solutions Architect
  2. 2. Agenda • Key Findings: Cloud Security Report, Spring 2014 - Alert Logic Customer Data - Honeypot Research • Common Azure Security & Compliance Issues • Alert Logic for Azure - Log Manager - Threat Manager - Web Security Manager
  3. 3. Cloud Adoption is Gaining Momentum • Major Public cloud vendors predicted to eclipse $10B in revenue by 2015 • Oracle Cloud bookings increased by 35% in 2013 • Gartner predicts 60% of banking institutions to migrate to the cloud • Healthcare is expected to adopt cloud computing at a 21% year over year rate through 2017 • VDI (Desktop as a Service) market reached $13.4 billion in 2013
  4. 4. Over 2,800 Organizations Worldwide Trust Alert Logic Millions of devices secured 3.7 Petabytes of log data under management 8.5 Million security events correlated per day 40,000 incidents identified and reviewed per month
  5. 5. Threats in the Cloud are Increasing With Adoption • Increase in attack frequency • Traditional on-premises threats are now moving to the cloud • Majority of cloud incidents were related to web application attacks, brute force attacks, and vulnerability scans • Brute force attacks and vulnerability scans are now occurring at near-equivalent rates in both cloud and on-premises environments • Malware/Botnet is increasing year over year
  6. 6. Global Honeypot Network Why Honeypots? •Honeypots give us a unique data set •Simulates vulnerable systems without the risk of real data loss •Gives the ability to collect intelligence from malicious attackers •Allows for collection of various different attacks based on system •Helps identify what industry specific targets are out there
  7. 7. Honeypot Findings
  8. 8. Common Azure Compliance & Security Issues Secure your code Know your scope Instance Isolation Shared Responsibility Storage Key Management 1 2 3 4 5 6 7
  9. 9. 1- Secure Your Code – Implement SDL
  10. 10. 1- Secure Your Code – Sharing is bad…
  11. 11. 2- Know Your Scope Web Traffic Web Role Web Role Azure Website Azure Website Azure Storage Azure Storage Traffic Manager
  12. 12. 2 – Know your scope
  13. 13. 3 – Instance Isolation worker rolesweb roles service endpoint service endpoint Virtual NetworkVirtual Network Web Traffic
  14. 14. 4 - Storage Key Management storage blob Azure Mobile Services 1. Upload() 2. Path = 3. UploadToPath(Path);
  15. 15. 4 - Storage Key Management storage blob Azure Mobile Services 1. Upload() 2.) Return SAS (write/expires 5 min) and Path 3.) Authenticate & Upload
  16. 16. 5 - Security in the Cloud is a Shared Responsibility Customer Responsibilit y Foundation Services Hosts • Logical network segmentation • Perimeter security services • External DDoS, spoofing, and scanning prevented • Hardened hypervisor • System image library • Root access for customer • Access management • Patch management • Configuration hardening • Security monitoring • Log analysis Apps • Secure coding and best practices • Software and virtual patching • Configuration management • Access management • Application level attack monitoring • Network threat detection • Security monitoring Networks Cloud Service Provider Responsibilit y Compute Storage DB Network
  17. 17. Alert Logic –Security Solutions
  18. 18. Security and Compliance is Challenging Skilled security resources are in high demand and hard to find Moving to cloud and hybrid IT environments brings different threats and complexities Maintaining continuous security and compliance is expensive
  19. 19. Applications Systems Networks Building a Security and Compliance Solution IDS Vulnerability Scanning Web Application Firewall Log Management Threat Intelligence Feeds SIEM Staff capable of: •Provisioning •Monitoring •Configuration and tuning •Researching incidents, emerging threats, and defining remediation steps Big Data Analytics Products Automated Correlation and Analytics People & Process
  20. 20. Alert Logic Solutions Alert Logic Threat Manager™ Alert Logic Web Security Manager™ Alert Logic Log Manager™ Alert Logic Unified Web User Interface Intrusion Detection & Vulnerability Scanning Log Management & Compliance Reporting Active Protection for Web Applications
  21. 21. Thank you.