Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2015 Cloud Security Report

1,198 views

Published on

The 2015 Alert Logic Cloud Security Report (CSR) has been released! This year’s CSR provides new insights that can prove valuable to organizations who are in the process of building out their security framework. Join Johan Hybinette, HOSTING CISO, and Stephen Coty, Chief Security Evangelist at Alert Logic, for a discussion on the latest industry research findings, trends and best practices on protecting your organization’s IT infrastructure. We’ll discuss these three trends and their impact on the industry:

•Cloud adoption remains strong as cloud attacks grow.
•Industries and customers drive threat profile.
•Examining the kill chain construct drives understanding

Published in: Technology
  • Be the first to comment

2015 Cloud Security Report

  1. 1. 2015 CLOUD SECURITY REPORT Stephen Coty – Chief Security Evangelist @StephenCoty Johan Hybinette – HOSTING CISO
  2. 2. • This webinar is being recorded and an on-demand version will be available at the same URL at the conclusion of the webinar • Please submit questions via the button on the upper left of the viewer - If we don’t get to your question during the webinar, we will follow up with you via email • Download related resources via the “Attachments” button above the viewing panel • On Twitter? Join the conversation: @HOSTINGdotcom, @AlertLogic 2 Housekeeping
  3. 3. Hybrid Cloud Today
  4. 4. Data Breakdown
  5. 5. Cyber Kill Chain
  6. 6. Environments
  7. 7. Top 10 Industry Attacks
  8. 8. Threat Patterns 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% application-attack brute-force suspicious-activity trojan-activity recon denial-of-service info-leak log-policy misconfiguration policy-violation worm-activity
  9. 9. SECURITY BEST PRACTICES
  10. 10. 10 Best Practices for Security 1. Secure your code 2. Create access management policies 3. Data Classification 4. Adopt a patch management approach 5. Review logs regularly 6. Build a security toolkit 7. Stay informed of the latest vulnerabilities that may affect you 8. Understand your cloud service providers security model 9. Understand the shared security responsibility 10. Know your adversaries
  11. 11. 1. Secure Your Code • Test inputs that are open • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • Stay informed
  12. 12. 2. Create Access Management Policies • Identify data infrastructure that requires access • Define roles and responsibilities • Simplify access controls (KISS) • Continually audit access • Start with a least privilege access model
  13. 13. 3. Data Classification • Identify data repositories and mobile backups • Identify classification levels and requirements • Analyze data to determine classification • Build Access Management policy around classification • Monitor file modifications and users
  14. 14. 4. Adopt a Patch Management Approach • Inventory all production systems • Devise a plan for standardization, if possible • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC
  15. 15. 5. Importance of Log Management and Review • Monitoring for malicious activity • Forensic investigations • Compliance needs • System performance • All sources of log data is collected • Data types (Windows, Syslog) • Review process • Live monitoring • Correlation logic
  16. 16. 6. Build a Security Toolkit • Recommended Security Solutions • Antivirus • IP tables/Firewall • Backups • FIM • Intrusion Detection System • Malware Detection • Web Application Firewalls • Forensic Image of hardware remotely • Future Deep Packet Forensics • Web Filters • Mail Filters • Encryption Solutions • Proxies • Log collection • SIEM Monitoring and Escalation • Penetration Testing
  17. 17. 7. Stay Informed of the Latest Vulnerabilities • Websites to follow • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securityfocus.com • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat-report/ • http://www.thecyberwire.com/current.html
  18. 18. 8. Understand Your Cloud Providers Security Model • Understand the security offerings from your provider • Probe into the Security vendors to find their prime service • Questions to use when evaluating cloud service providers
  19. 19. 9. Service Provider & Customer Responsibility Summary Cloud Service Provider Responsibility Provider Services Hosts • Logical network segmentation • Perimeter security services • External DDoS, spoofing, and scanning prevented • Hardened hypervisor • System image library • Root access for customer • Access management • Patch management • Configuration hardening • Security monitoring • Log analysis Apps • Secure coding and best practices • Software and virtual patching • Configuration management • Access management • Application level attack monitoring • Network threat detection • Security monitoring Networks Customer Responsibility Compute Storage DB Network
  20. 20. 10. Understand your Adversaries
  21. 21. To Follow our Research • Twitter: - @AlertLogic - @StephenCoty - @_PaulFletcher • Blog: - https://www.alertlogic.com/resources/blog • Newsletter: - https://www.alertlogic.com/weekly-threat-report/ • Cloud Security Report - https://www.alertlogic.com/resources/cloud- security-report/ • Zero Day Magazine - http://www.alertlogic.com/zerodaymagazine/ • Websites to follow • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/
  22. 22. 22 Q&A Stephen Coty| Alert Logic Chief Security Evangelist Johan Hybinette | HOSTING CISO For more information about security solutions by HOSTING, please contact our team at 888.894.4678.

×