Alert Logic: Realities of Security in the Cloud
•Download as PPTX, PDF•
1 like•443 views
James Brown, Alert Logic vice president of technology services, explains the realities of security in the cloud.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Alert Logic: Realities of Security in the Cloud
Similar to Alert Logic: Realities of Security in the Cloud (20)
More from Alert Logic
More from Alert Logic (20)
Recently uploaded
Recently uploaded (20)
Alert Logic: Realities of Security in the Cloud
- 1. Breach Stats
- 2. REALITIES OF SECURITY IN THE CLOUD James Brown Vice President of Technology Services
- 3. SECURITY IS A CHALLENGE
- 4. Infrastructure Has Changed EARLY 2000’s MID 2000’s NOW Buying Hardware
- 5. Infrastructure Has Changed EARLY 2000’s MID 2000’s NOW Infrastructure As a ServiceBuying Hardware
- 6. Cybercrime Has Also Changed Single Actors EARLY 2000’s MID 2000’s NOW
- 7. Cybercrime Has Also Changed Single Actors Highly Organized Groups EARLY 2000’s MID 2000’s NOW
- 8. Cybercrime is Flourishing 508 is the average number of applications in an enterprise Evolution of AdversariesExpanding Attack Surfaces Overwhelmed Defenses 37% of US companies face 50,000+ alerts per month 390,000 new malicious programs every day with a viable ecosystem Forbes, 2014 FireEye, 2015 AV-TEST, 2016
- 9. Who is being targeted?
- 10. Who is being targeted?
- 11. Today’s Attacks Have Several Stages
- 12. THE GOOD NEWS
- 13. The Cloud Can be Secure “Public cloud workloads can be at least as secure as those in your own data center, likely better.” Neil McDonald – Garter Security and Risk Management Summit London Sept 2015
- 14. Cloud Security – New Approach The Principles of security do not change but your Approach to security needs to change: • Security best practices are no different in the cloud • You need to apply the same security standards to cloud workloads as applied to on-premises • Understand the Shared Responsibility of Cloud Security
- 15. Security in the Cloud is a Shared Responsibility PROVIDES • Secure coding and best practices • Software and virtual patching • Configuration management • Access management • Application level attack monitoring • Access management • Patch management • Configuration hardening • Security monitoring • Log analysis • Network threat detection • Security monitoring • Logical network segmentation • Perimeter security services • External DDoS, spoofing, and scanning prevented • Hardened hypervisor • System image library • Root access for customer • Configuration best practices
- 16. Challenges of being Secure in the Cloud SECURITY TOOLS ARE Complicated to use Difficult to deploy Expensive to manage and tune HUMAN EXPERTISE IS Hard to find Harder to keep Very expensive THREAT INTELLIGENCE AND SECURITY CONTENT Gets stale quickly Requires specific know-how Validation required to avoid false positives
- 17. ALERT LOGIC HAS A SOLUTION
- 18. Alert Logic Provides Realtime Security Monitoring of Network and Logs Analytics Engine to find potential threats Review and Escalation by our Security Analysts Visibility of the AWS Environment AWS Best Practices Vulnerabilities on the Instances AWS Config / Inspector AWS CloudTrail Research into generic and AWS threats Audit and Compliance reporting
- 19. Alert Logic – a Leader in Forrester’s 2016 NA MSSP WAVETM “Alert Logic has a head start in the cloud, and it shows. Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations.” - Forrester WAVETM Report
- 20. How Cloud Defender Works in AWS AWS Service Log Collection Web and Network Security Events, Application & server logs Continuous Vulnerability Scanning Configuration Assessments, and Environment Visibility AWS SERVICES INSTANCES & APPLICATIONS Analytics Platform Threat Intel & Context Expert Analysis Threat Detection with Remediation Tactics YOUR TEAM Vulnerability & Configuration Issues
- 21. Vulnerability and AWS-Specific Checks Included AWS ACCOUNTS Passwords complexity Non-expiring passwords No users with API keys No MFA No key rotation Inactive user accounts EC2 instance not using IAM roles S3 BUCKETS Upload permissions not restricted Delete permissions not restricted Unrestricted list access AWS RDS Secure database settings Data encryption OVER 80,000 VULNERABILITY AND CONFIGURATION CHECKS NETWORK TOPOLOGY Unrestricted inbound/outbound Direct inbound/ outbound access to DB Insecure services open to Internet Multiple functions on a single host (Web and DB server) ELB SECURITY Insecure cipher or protocol Listener not using secure protocol Unapproved cipher Missing security groups Unapproved port access
- 22. Almost 4,000 Organizations Worldwide Trust Alert Logic MILLIONS of devices secured PETABYTES of log data under management HUNDREDS OF MILLIONS of security events correlated per month THOUSANDS of incidents identified and reviewed per month
- 23. Thank you.
Editor's Notes
- Reasons to be targeted
- Reasons to be targeted
- Reasons to be targeted
- 4 years ago in meetings we were being told the cloud was insecure, very boring Lets change this quote around “If you do it right, the public cloud can be more secure than your own datacentre” That is the key, that is what today is about – how do you do it right Issue is you can automate failure at scale
- Questions to the Audience – Hands Up - Basic Security – firewall etc - AWS environment - do you have IDS, Log, WAF etc - In-house - 24 x 7 Reasons why you are not doing it – tools on-prem to cloud
- And if you thought building a SOC on-premise sounds difficult, if you throw Cloud adoption by the business in to the mix you’ve got an ever more challenging situation. The vast majority of the technology you’ve invested in will not integrate with Cloud platforms or at best, will impact the dynamic, agile, efficient nature of the Cloud - often what business are looking to benefit from in the first place. Even if you manage to find tech that works (for now!!!), the likelihood is that it will be a version of a data center centric product that’s been adapted to Cloud, meaning the content and intelligence that drives the tool will mostly be irrelevant And finally you now need people with a whole set of Cloud expertise – given the hype surrounding Cloud these days, they will be expensive and in hot demand Article on Wired – job security – IT security Refer back to Forrester - challenges : 1 - managing security content 2 – mutli-vector attacks 3 - Costs 4 – threat intel skills 6 – staffing the SOC
- Cloud Defender is doing two things: First it will scan you AWS services looking for any configuration issues. At the same time it scans your instances and applications looking for known vulnerabilities. That information gets passed back to your team in the form of prioritized remediation actions so you take focus on the issues that will have the biggest positive impact with regards to your risk. While that is happening Cloud Defender is also collecting logs from your servers, apps, and AWS services, as well as network, web app events. This information is fed into an analytics platform. This platform analyzes the data, eliminating irrelevant events, and then, by applying threat intelligence and context generates actionable security events. These events are then vetted by a team of security experts, who have access to both the raw data that generated the event as well as a library of threat research that enables them to provide you with the context you need to understand the threat. You are then contacted about the incident and provided remediation recommendations. This helps you focus on eliminating the issues without having to become an expert in any one specific threat vector. Cloud Defender is always on, always working for you.
- Since Cloud Defender was built with AWS in mind you get AWS specific content included.
- Our massive scale is unmatched in the industry and we have proven that we can operated at scale. If you look at our scale, we currently are: Protecting over 2 millions of servers, applications, and networks worldwide Our analytics and correlation engine manages over 5PB of log data and processes 450 Million events and identifies 60K incidents that our Security Experts review and triage to escalate to the right issues to our customers An average of 3 incident escalations per customer per month – we reduce the noise and overhead a customer would have to support themselves by about 80% and most importantly, deliver them with actionable intelligence (attack details and remediation steps). This means that we can protect you at a lower cost than doing it in-house and we have the proven expertise to provide you with deep security insight into your environment, resulting in a safer overall IT environment.