The document discusses critical changes needed to security for cloud environments. As applications migrate to cloud-native architectures and continuous deployment pipelines, traditional security methods are no longer adequate. Attacks now happen across multiple layers and stages. Standardization of cloud platforms allows security tools to better leverage analytics across large datasets to detect threats. The impacts of breaches are far-reaching and long-lived, affecting companies of all sizes. Resources are provided to further understand these trends.
Insurers' journeys to build a mastery in the IoT usage
Critical Changes to Cloud Security Environments
1. CRITICAL CHANGES TO
SECURITY FOR CLOUD
ENVIRONMENTS
Richard Cassidy: Security Evangelist &
Global Technical Product Marketing
2. Standardizing cloud security
Housing
Metaphor
Cloud
Application
Element
House Neighborhood City
Virtual Server or
Virtual Machine, (i.e.
Instance in AWS)
A collection of Virtual
Servers or Instances
that are used for a
specific purpose
such as running
an application
A dynamic, robust and
secure cloud platform
from Amazon Web
Services
3. The number of
neighborhoods
in each city and
the number of
houses in each
neighborhood is
continuously
changing
The New Reality
• As applications are migrated to the Cloud, they
are migrating to Cloud native architectures.
• Even traditional application architectures
generate continuous change when put into
continuous deployment pipeline.
The Critical Impact
• Traditional methods of discovery no longer
adequate.
• Streams not snapshots!
• Addresses no longer adequate identity.
Cloud Architecture – Adopting Security Change
6. The Impact of a Breach is Far Reaching and Long Lived
Initial
Attack
Identify &
Recon
Command
& Control
Discover &
Spread
Extract &
Exfiltrate
Latest Industry “News”
7. Attacks Happen at Multiple Layers of the Application Stack
SQL Injection
Identify &
Recon
Command &
Control
Worm
Outbreak
Extract &
Exfiltrate
Malware
Brute Force
Identify &
Recon
THE IMPACT
• Every layer of the application
stack is under attack
• Attacks are multi-stage using
multiple threat vectors
• Web applications are #1
vector in the cloud
• Security must be cloud-
native, cover every layer of
application stack, and
identify attacks at every
stage.
15. Industry Attack Trends – Attack Classes
Application Attack: An attack that
targets a specific application weakness
or vulnerability to gain access to the
target server
Brute Force: An attack that targets
hosts, servers or devices to gain admin
access through password combination
authentication attempts
DoS Attack: An attack that targets
multiple hosts to saturate resources
and bandwidth availability, normally
from a single source
DDoS Attack: An attack that targets
multiple hosts to saturate resources
and bandwidth availability from multiple
sources at higher attack rates
Infrastructure Profiling: A targeted
attempt to enumerate network
information on hosts, servers and
edge, distribution or core devices
Malware Attack: A malicious payload
or link, leading to installation or
download of infected files to gain
access to a target host or network.v
Successful Brute Force: A successful
unauthorized authentication to a host,
server or network device for nefarious
purposes.
Successful Malware Attack: Data
leakage or host infiltration as a result of
an unpatched vulnerability or infected
payload being executed against the
target host, server or network device.
SQLi Attack: An attack against an web
application or DB, to gain access to
customer or company data.
16. Finance – Q2FY2016
IndustryRank(0-22)
Attack Class
1
22
APR
MAY
JUN
10
Attacks types and Industry Ranking out of 22 Industry groups, based on AL’s 2016 Incident data for: Finance
17. Finance – Industry Attack Trends
Finance – Q2FY20161
APR
MAY
JUN
DDoS Attack
Successful Brute
Force
Brute Force
DoS Attack
22
10
SQLi Attack
Attacks types and Industry Ranking out of 22 Industry groups, based on AL’s 2016 Incident data for: Finance
19. Neighborhoods
and house
exteriors are
standardizing
The New Reality
• The APIs of cloud platforms represent a
radical simplification and standardization of
controlling and monitoring IT assets.
• AWS has rolled up all new housing activity and
neighborhood configuration into an easily
consumed stream of data.
The Critical Impact
• Additional context available to better detect
and assess threats.
• The standardization across customers enables
Security-as-a-Service to better leverage
analytics across larger data sets.
AWS Cloud – The Security Enabler
20. The Impact of a Breach is Far Reaching and Long Lived
COMPANIES OF ALL SIZES ARE IMPACTED
Initial
Attack
Identify &
Recon
Command
& Control
Discover &
Spread
Extract &
Exfiltrate
Initial
Attack
Identify &
Recon
Command
& Control
Discover &
Spread
Extract &
Exfiltrate
THE CYBER KILL CHAIN1
The Cyber Kill Chain - Enhancing Cloud Security