Paulo Renato, profile picture
Uploaded byPaulo Renato
587 views

Azure 101: Shared responsibility in the Azure Cloud

The document discusses shared security responsibilities in Azure, emphasizing that while Microsoft secures much of the infrastructure, customers must manage security for their applications and data. It outlines various security best practices, threats such as web application attacks, and the shifting risk landscape. Additionally, it provides a comprehensive set of recommendations for securing cloud workloads, including understanding the shared responsibility model, adopting patch management, and regularly reviewing logs.

Embed presentation

Downloaded 33 times
SHARED SECURITY RESPONSIBILITY IN AZURE Speaker - Chris Camaclang
Agenda • Intro + Housecleaning + Surveys • Hybrid Cloud Landscape • Threat Landscape • Security Best Practices • Alert Logic Solutions and Value
Hybrid Cloud Today CLOUD FALLOVER (DIFFERENT GEOGRAPHY) INTERNALEXTERNAL PRIVATE CLOUD PUBLIC CLOUD DEMO SITES MOBILE PHONES PROSPECT CUSTOMER BIZ PARTNER MANAGER PM ARCHITECT DEVELOPER SUPPORT SMART PHONE SMART TV TABLET/iPAD DESKTOP CLOUDTOPNOTEBOOK NETBOOK PRODUCTION STAGING QA DEV/TEST DEMO SITESPERFORMANCE TESTING IT + DEV SUPP SERVICES OFFICE SERVICES TIM/TAM SERVICES DESKTOP SERVICES MONITORING SERVICES BIZ. SUPP. SERVICES TRANSFORMATION SERVICES ADOBE LC SERVICES MESSAGING SERVICES SECURITY SERVICES BIZ. INT. SERVICES CODE MANAGEMENT SERVICES TIM/TAM SERVICES MONITORING SERVICES SECURITY SERVICES PERFORMANCE TESTING SECURETUNNEL SECURETUNNEL SECURETUNNEL SECURE TUNNEL SECURE TUNNEL
The Impact of a Breach is Far-Reaching and Long-Lived THE CYBER KILL CHAIN¹ THE IMPACT Financial loss Harm brand and reputation Scrutiny from regulators IDENTIFY & RECON INITIAL ATTACK COMMAND & CONTROL DISCOVER & SPREAD EXTRACT & EXFILTRATE 1. http://cyber.lockheedmartin.com/cyber-kill-chain-lockheed-martin-poster COMPANIES OF ALL SIZES ARE IMPACTED
Global Analysis
Threats by Customer Industry Vertical Source: Alert Logic CSR 2016 29% 48% 10% 11% 2% Finance-Insurance-Real Estate APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 56%25% 17% 0% 2% Retail-Wholesale APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 54% 21% 22% 1% 2% Information Technology APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY
1 49 56 86 125 155 172 197 525 908 Denial of Service Crimeware Physical Theft / Loss Payment Card Skimmers Everything Else Cyber-espionage Privilege Misuse Miscellaneous Errors POS Intrusions Web App Attacks Security risk is shifting to unprotected web applications Web app attacks are now the #1 source of data breaches But less than 5% of data center security budgets are spent on app security Source: Verizon UP 500% SINCE 2014 $23 to $1 Percentage of Breaches 10% 20% 30% 40% Source: Gartner Web App Attacks
Cloud Security is a Shared, but not Equal, Responsibility • Security Monitoring • Log Analysis • Vulnerability Scanning • Network Threat Detection • Security Monitoring • Logical Network Segmentation • Perimeter Security Services • External DDOS, spoofing, and scanning monitored • Hypervisor Management • System Image Library • Root Access for Customers • Managed Patching (PaaS, not IaaS) • Web Application Firewall • Vulnerability Scanning • Secure Coding and Best Practices • Software and Virtual Patching • Configuration Management • Access Management (inc. Multi-factor Authentication) • Application level attack monitoring • Access Management • Configuration Hardening • Patch Management • TLS/SSL Encryption • Network Security Configuration CUSTOMER ALERT LOGICMICROSOFT
SECURITY BEST PRACTICES
10 Best Practices for Security 1. Understand the Cloud Providers Shared Responsibility Model 2. Secure your code 3. Create access management policies 4. Data Classification 5. Adopt a patch management approach 6. Review logs regularly 7. Build a security toolkit 8. Stay informed of the latest vulnerabilities that may affect you 9. Understand your cloud service providers security model 10. Know your adversaries
1. Understand the Cloud Providers Shared Responsibility Model The first step to securing cloud workloads is understanding the shared responsibility model Microsoft will secure most of the underlying infrastructure, including the physical access to the datacenters, the servers and hypervisors, and parts of the networking infrastructure…but the customer is responsible for the rest. Taken from the Shared Responsibility for Cloud Computing whitepaper, published by Microsoft in March 2016
2. Secure Your Code • Test inputs that are open to the Internet • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • DevSecOps
3. Create Secure Access Management Policies • Simplify access controls (KISS) • Lock down Admin account in Azure • Enable MFA (Azure, hardware/software token) • Identify data infrastructure that requires access (*Lock down AzureSQL) • Define roles and responsibilities (delegating service admins) • Azure NSG (private vs public) • Continually audit access (Azure Audit Logs) • Start with a least privilege access model (RBAC) *avoid owner role unless absolutely necessary • Don’t store keys in code (e.g. secret keys) • AAD Premium – (*Security analytics and alerting)
4. Data Classification • Identify data repositories and mobile backups • Identify classification levels and requirements • Analyze data to determine classification • Build Access Management policy around classification • Monitor file modifications and users
5. Adopt a Patch Management Approach • Use trusted images (*Prevent users from launching untrusted images) • Constantly scan all vulnerabilities in your images and patch them • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC
6. Log Management Strategy • Monitoring for malicious activity • Forensic investigations • Compliance needs • System performance • All sources of log data is collected and retained • Data types (Windows, Syslog) • Azure AD behavior • Azure Audit Logs (services, instances…activity, powershell) • Azure SQL Logs • Azure App Services Logs • Review process • Live monitoring • Correlation logic
7. Build a Security Toolkit • Recommended Security Solutions • Antivirus • IP tables/Firewall • Backups • FIM • Intrusion Detection System (VNET ingress/egress) • Malware Detection • Web Application Firewalls (inspection at Layer 7) • Forensic Image of hardware remotely • Future Deep Packet Forensics • Web Filters • Mail Filters • Encryption Solutions • Proxies • Log collection • SIEM Monitoring and Escalation • Penetration Testing
8. Stay Informed of the Latest Vulnerabilities • Websites to follow • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat-report/
9. Understand Your Service Providers Security Model • Understand the security offerings from your provider • Probe into the Security vendors to find their prime service • Hypervisor exploits are patched by the service provider • Questions to use when evaluating cloud service providers
10. Understand your Adversaries
Threats are 24x7 = Security Operations 24x7 Monitor intrusion detection and vulnerability scan activity Search for Industry trends and deliver intelligence on lost or stolen data Collect data from OSINT and Underground Sources to deliver Intelligence and Content Identify and implement required policy changes Escalate incidents and provide guidance to the response team to quickly mitigate Incidents Monitor for Zero-Day and New and Emerging attacks Cross product correlate data sources to find anomalies
ALERT LOGIC SOLUTIONS
Cloud Security is a Shared, but not Equal, Responsibility • Security Monitoring • Log Analysis • Vulnerability Scanning • Network Threat Detection • Security Monitoring • Logical Network Segmentation • Perimeter Security Services • External DDOS, spoofing, and scanning monitored • Hypervisor Management • System Image Library • Root Access for Customers • Managed Patching (PaaS, not IaaS) • Web Application Firewall • Vulnerability Scanning • Secure Coding and Best Practices • Software and Virtual Patching • Configuration Management • Access Management (inc. Multi-factor Authentication) • Application level attack monitoring • Access Management • Configuration Hardening • Patch Management • TLS/SSL Encryption • Network Security Configuration CUSTOMER ALERT LOGICMICROSOFT
Vulnerabilities + Change + Shortage Complexity of defending web applications and workloads Risks are moving up the stack 1. Wide range of attacks at every layer of the stack 2. Rapidly changing codebase can introduces unknown vulnerabilities 3. Long tail of exposures inherited from 3rd party development tools 4. Extreme shortage of cloud and application security expertise Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Perimeter & end-point security tools fail to protect cloud attack surface Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
Block Analyze Allow Your Data Focus requires full stack inspection…and complex analysis Known Good Known Bad Suspicious Security DecisionYour App Stack Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Threats App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
APP+CONFIG ASSESMENT Your Data Focus requires full stack inspection…and complex analysis Known Bad Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management COLLECTION TECHNOLOGY
Your Data Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management APP+CONFIG ASSESMENT COLLECTION TECHNOLOGY Integrated value chain delivering full stack security… Signatures & Rules Anomaly Detection Machine Learning ANALYTICS Petabytes of normalized data from 4000+ customers
Your Data Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management APP+CONFIG ASSESMENT COLLECTION TECHNOLOGY Signatures & Rules Anomaly Detection Machine Learning ANALYTICS Integrated value chain delivering full stack security, experts included Petabytes of normalized data from 4000+ customers • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center 24/7 EXPERTS & PROCESS
Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management CLOUD INSIGHT Signatures & Rules Anomaly Detection Machine Learning Integrated value chain delivering full stack security, experts included • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center ACTIVEWATCHDETECTION & PROTECTION Web Security Manager Log Manager Threat Manager ALERT LOGIC CLOUD DEFENDER
New capabilities focused on Web Attack Detection 1 Over 150 new web attack incidents 2 Improved OWASP Top 10 Coverage powered by Anomaly Detection 3 Advanced SQL Injection Detection powered by Machine Learning Web App Attacks OWASP top 10 Platform / library attacks App / System misconfig attacks Attacks Over 250 breaches detected in 2016
Alert Logic solutions are easy to deploy • Use a combination of host based agents and appliances to collect network and application traffic • Agents also collect logs from the VM • Azure Activity Logs are collected via the Azure Monitor API • Azure SQL or App Services Logs are collected from Azure storage accounts • Appliances can be used to do internal scanning, or we can do external and PCI scanning from our cloud
HOW IT WORKS: Alert Logic Threat Manager for 3 Tier Application Stack + Azure SQL VNET RESOURCE GROUP Alert Logic Web Traffic Threat Manager Appliance AutoScale AutoScale Azure SQL Database Tier Azure Storage Table SQL Logs Application Tier VM ScaleSets Web Tier VM ScaleSets Application Gateway VM
3-Tier applications using VMs only VNET RESOURCE GROUP Web Traffic Customer B Alert Logic Threat Manager Appliance VM AutoScale Application Tier VM ScaleSets AutoScale Web Tier VM ScaleSets Database Tier SQL VM AvailabilitySets VNET RESOURCE GROUP AutoScale Application Tier VM ScaleSets AutoScale Web Tier VM ScaleSets Database Tier SQL VM AvailabilitySets Web Traffic Customer A
ARM Template automate appliance deployments https://github.com/alertlogic/al-arm-templates
Agents can be baked into VM images, or automatically installed using DevOps toolsets https://supermarket.chef.io/cookbooks/al_agents
Alert Logic – a Leader in Forrester’s 2016 NA MSSP WAVETM “Alert Logic has a head start in the cloud, and it shows. Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations.” - Forrester WAVETM Report
Addressing Customers with Compliance Requirements Alert Logic Solution PCI DSS SOX HIPAA & HITECH Alert Logic Web Security Manager™ • 6.5.d Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others • 6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public- facing web applications. • DS 5.10 Network Security • AI 3.2 Infrastructure resource protection and availability • 164.308(a)(1) Security Management Process • 164.308(a)(6) Security Incident Procedures Alert Logic Log Manager™ • 10.2 Automated audit trails • 10.3 Capture audit trails • 10.5 Secure logs • 10.6 Review logs at least daily • 10.7 Maintain logs online for three months • 10.7 Retain audit trail for at least one year • DS 5.5 Security Testing, Surveillance and Monitoring • 164.308 (a)(1)(ii)(D) Information System Activity Review • 164.308 (a)(6)(i) Login Monitoring • 164.312 (b) Audit Controls Alert Logic Threat Manager™ • 5.1.1 Monitor zero day attacks not covered by anti-virus • 6.2 Identify newly discovered security vulnerabilities • 11.2 Perform network vulnerability scans quarterly by an ASV or after any significant network change • 11.4 Maintain IDS/IPS to monitor and alert personnel; keep engines up to date • DS5.9 Malicious Software Prevention, Detection and Correction • DS 5.6 Security Incident Definition • DS 5.10 Network Security • 164.308 (a)(1)(ii)(A) Risk Analysis • 164.308 (a)(1)(ii)(B) Risk Management • 164.308 (a)(5)(ii)(B) Protection from Malicious Software • 164.308 (a)(6)(iii) Response & Reporting Alert Logic Security Operations Center providing Monitoring, Protection, and Reporting
Scalable Threat Intel Process Delivers Relevant Content FUSIONNORMALIZATION ENTITY RESOLUTION LINK ANALYSIS CLUSTERING ANALYSIS COMPLEX ANALYSIS EXTRACTION HONEYNET 3RD-PARTY INTEL VULNERABILITIES WATCHLISTS RESEARCH TELEMETRY Big Data ReputationReputation BlacklistsBlacklists Content CoverageContent Coverage Incident ModelingIncident Modeling Intelligence GatheringIntelligence Gathering Relevant VulnerabilitiesRelevant Vulnerabilities Increased Contextual Awareness Increased Contextual Awareness Increase Incident Understanding Increase Incident Understanding Key Service CapabilitiesAnalysis TechniquesThreat Analytics PlatformInput Sources
Stopping Imminent Data Exfiltration INCIDENT ESCALATION Partner and customer notified with threat source information and remediation tactics 8 min FUTHER ANALYSIS Alert Logic Analyst confirms user IDs and password hashes leaked as part of initial attack 2 hours EXFILTRATION ATTEMPT PREVENTED Partner works with customer to mitigate compromised accounts 6 hours COMPROMISE ACTIVITY Discovered through inspection of 987 log messages indicative of a SQL injection attack Customer Type: Retail Threat Type: Advanced SQL Injection
Preventing Ransomware Spread INCIDENT ESCALATION Critical risk of lateral movement through shared drives identified 14 min LATERAL MALWARE MOVEMENT PREVENTED Analyst performs forensic review of additional 8,000 log messages and 1,400 events that identifies additional attack vectors through related events 6 hours SUSPICOUS ACTIVITY Cryptowall detected on key gateway server in over 1,400 events (6,000 Packets) Customer Type: Retail Threat Type: Ransomware
To Follow our Research & Contact Information Blog https://www.alertlogtic.com/resources/blog Newsletter https://www.alertlogic.com/weekly-threat-report/ Cloud Security Report https://www.alertlogic.com/resources/cloud-security-report/ Zero Day Magazine https://www.alertlogic.com/zerodaymagazine/ Twitter @AlertLogic For More Information on Alert Logic Solutions Chris Camaclnag ccamaclang@alertlogic.com 206-673-4387
Thank you.

More Related Content

PPTX
Shared Security Responsibility for the Azure Cloud
byAlert Logic
 
PDF
Microsoft Azure Security Overview
byAlert Logic
 
PDF
CSS17: Houston - Azure Shared Security Model Overview
byAlert Logic
 
PPTX
Trust No-One Architecture For Services And Data
byAidan Finn
 
PDF
Govern Your Cloud: The Foundation for Success
byAlert Logic
 
PDF
Security OF The Cloud
byMark Nunnikhoven
 
PPTX
CSS 17: NYC - Building Secure Solutions in AWS
byAlert Logic
 
PDF
Best Practices in Cloud Security
byAlert Logic
 
Shared Security Responsibility for the Azure Cloud
byAlert Logic
 
Microsoft Azure Security Overview
byAlert Logic
 
CSS17: Houston - Azure Shared Security Model Overview
byAlert Logic
 
Trust No-One Architecture For Services And Data
byAidan Finn
 
Govern Your Cloud: The Foundation for Success
byAlert Logic
 
Security OF The Cloud
byMark Nunnikhoven
 
CSS 17: NYC - Building Secure Solutions in AWS
byAlert Logic
 
Best Practices in Cloud Security
byAlert Logic
 

What's hot

PPTX
CSS 17: NYC - Protecting your Web Applications
byAlert Logic
 
PPTX
Securing virtual workload and cloud
byHimani Singh
 
PPTX
Azure Security Fundamentals
byLorenzo Barbieri
 
PPTX
Azure security
byLalit Rawat
 
PPTX
Azure Security and Management
byAllen Brokken
 
PDF
Tour to Azure Security Center
byLalit Rawat
 
PPTX
Azure Security Overview
byAllen Brokken
 
PDF
Azure Saturday: Security + DevOps + Azure = Awesomeness
byKarl Ots
 
PDF
Managed Threat Detection & Response for AWS Applications
byAlert Logic
 
PDF
Azure security architecture
byKarl Ots
 
PDF
Getting Started with Azure Security Center
byCheah Eng Soon
 
PDF
Azure Penetration Testing
byCheah Eng Soon
 
PPTX
AWS Security
byMagdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
PPTX
Azure Security Center- Zero to Hero
byKasun Rajapakse
 
PPTX
Cloud Security
byGiovanni Mazzeo
 
PPTX
Azure Networking - The First Technical Challenge
byAidan Finn
 
PPTX
Azure Operation Management Suite - security and compliance
byAsaf Nakash
 
PPTX
cloud security ppt
byDevyani Vaidya
 
PPTX
Azure Security Center
byUdaiappa Ramachandran
 
PPTX
Cloud Camp: Infrastructure as a service advance workloads
byAsaf Nakash
 
CSS 17: NYC - Protecting your Web Applications
byAlert Logic
 
Securing virtual workload and cloud
byHimani Singh
 
Azure Security Fundamentals
byLorenzo Barbieri
 
Azure security
byLalit Rawat
 
Azure Security and Management
byAllen Brokken
 
Tour to Azure Security Center
byLalit Rawat
 
Azure Security Overview
byAllen Brokken
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
byKarl Ots
 
Managed Threat Detection & Response for AWS Applications
byAlert Logic
 
Azure security architecture
byKarl Ots
 
Getting Started with Azure Security Center
byCheah Eng Soon
 
Azure Penetration Testing
byCheah Eng Soon
 
AWS Security
byMagdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Azure Security Center- Zero to Hero
byKasun Rajapakse
 
Cloud Security
byGiovanni Mazzeo
 
Azure Networking - The First Technical Challenge
byAidan Finn
 
Azure Operation Management Suite - security and compliance
byAsaf Nakash
 
cloud security ppt
byDevyani Vaidya
 
Azure Security Center
byUdaiappa Ramachandran
 
Cloud Camp: Infrastructure as a service advance workloads
byAsaf Nakash
 

Viewers also liked

PPTX
Baker 2 Vegas 2017 Medical Team Orientation
byTroy Pennington
 
PPTX
CULMINACION DE LA RELACION LABORAL
byJose Rodriguez
 
PDF
GITN maakt een merk sterk.....
byLouis Kester
 
PDF
Optics
byhamid raza
 
PPTX
Film trailer questionnaire with commentary
byafkbbs_
 
PPTX
Linear equations
byjessica gonzalez
 
PDF
Rhabdomyosarcoma Of head and neck
byProf. Ahmed Mohamed Badheeb
 
PPSX
A estrela perdida
byandreiasilva007
 
PPTX
THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...
byKonstantin Ivanovich Samoilov
 
PDF
Firma Sven De Ridder buigt verlies om in winst
byThierry Debels
 
PPTX
Windows Azure Security & Compliance
byNuno Godinho
 
PPTX
Windows Azure Security Features And Functionality
byvivekbhat
 
PPTX
Comportamientos digítales
byaolerlopezmariafernanda
 
DOCX
Primer clase geometria arigossi
bymoniprofe09
 
DOCX
2 sesion de aprendizaje cuarto grado
byMANUEL CONDORI QUISPE
 
PPT
Expert advisor brokerzy forex
byDariusz Partelski
 
PPTX
Adverts
byLaura Irazoqui
 
PPTX
6 betsy mineraleS
byFATIMA BETSABE VALENZUELA FLORES
 
PPT
O οδυσσέας στον ανεμόμυλο
bytheatropaizontas
 
PDF
LAK17 Reflective Writing Analytics
bySimon Buckingham Shum
 
Baker 2 Vegas 2017 Medical Team Orientation
byTroy Pennington
 
CULMINACION DE LA RELACION LABORAL
byJose Rodriguez
 
GITN maakt een merk sterk.....
byLouis Kester
 
Optics
byhamid raza
 
Film trailer questionnaire with commentary
byafkbbs_
 
Linear equations
byjessica gonzalez
 
Rhabdomyosarcoma Of head and neck
byProf. Ahmed Mohamed Badheeb
 
A estrela perdida
byandreiasilva007
 
THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...
byKonstantin Ivanovich Samoilov
 
Firma Sven De Ridder buigt verlies om in winst
byThierry Debels
 
Windows Azure Security & Compliance
byNuno Godinho
 
Windows Azure Security Features And Functionality
byvivekbhat
 
Comportamientos digítales
byaolerlopezmariafernanda
 
Primer clase geometria arigossi
bymoniprofe09
 
2 sesion de aprendizaje cuarto grado
byMANUEL CONDORI QUISPE
 
Expert advisor brokerzy forex
byDariusz Partelski
 
Adverts
byLaura Irazoqui
 
6 betsy mineraleS
byFATIMA BETSABE VALENZUELA FLORES
 
O οδυσσέας στον ανεμόμυλο
bytheatropaizontas
 
LAK17 Reflective Writing Analytics
bySimon Buckingham Shum
 

Similar to Azure 101: Shared responsibility in the Azure Cloud

PDF
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
byNorth Texas Chapter of the ISSA
 
PPTX
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
PPTX
Azure Security Compass v1.1 - Presentation.pptx
byZaheerEbrahim5
 
PDF
CSS17: Houston - Introduction to Security in the Cloud
byAlert Logic
 
PDF
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
byPriyanka Aash
 
PDF
How We Protect Our Business in the Cloud (The Smart Way)
byCyberShield IT
 
PPTX
CSS17: Atlanta - Realities of Security in the Cloud
byAlert Logic
 
PDF
ScotSecure Cyber Security Summit 2025 Edinburgh
byRay Bugg
 
PDF
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
byAlert Logic
 
PPTX
Softchoice & Microsoft: Public Cloud Security Webinar
bySoftchoice Corporation
 
PDF
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
byMSAdvAnalytics
 
PPTX
Top 10 Azure Security Best Practices (1).pptx
byHichamNiamane1
 
PPTX
Cloud-Architecture-Technology-Deovps-Eng
byGanesh Bhosale
 
PDF
Azure Security Overview
byDavid J Rosenthal
 
PDF
Microsoft Azure Security Techniquesand How Azure security can enhance your or...
byEric Amarasinghe
 
PDF
Unified Protection for Multi-Cloud Infrastructure
byMarketingArrowECS_CZ
 
PDF
Cloud Security Summit - InfoSec World 2014
byBill Burns
 
PDF
Presd1 10
byNiels Groeneveld
 
PDF
Journey to the Cloud: Securing Your AWS Applications - April 2015
byAlert Logic
 
PPTX
CSS 17: NYC - Realities of Security in the Cloud
byAlert Logic
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
byNorth Texas Chapter of the ISSA
 
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
Azure Security Compass v1.1 - Presentation.pptx
byZaheerEbrahim5
 
CSS17: Houston - Introduction to Security in the Cloud
byAlert Logic
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
byPriyanka Aash
 
How We Protect Our Business in the Cloud (The Smart Way)
byCyberShield IT
 
CSS17: Atlanta - Realities of Security in the Cloud
byAlert Logic
 
ScotSecure Cyber Security Summit 2025 Edinburgh
byRay Bugg
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
byAlert Logic
 
Softchoice & Microsoft: Public Cloud Security Webinar
bySoftchoice Corporation
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
byMSAdvAnalytics
 
Top 10 Azure Security Best Practices (1).pptx
byHichamNiamane1
 
Cloud-Architecture-Technology-Deovps-Eng
byGanesh Bhosale
 
Azure Security Overview
byDavid J Rosenthal
 
Microsoft Azure Security Techniquesand How Azure security can enhance your or...
byEric Amarasinghe
 
Unified Protection for Multi-Cloud Infrastructure
byMarketingArrowECS_CZ
 
Cloud Security Summit - InfoSec World 2014
byBill Burns
 
Presd1 10
byNiels Groeneveld
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
byAlert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
byAlert Logic
 

Recently uploaded

PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
AI in the Real World: From University to Industry
byDarvan Shvan
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
final.pdf
byomarbishtawi04
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
AI in the Real World: From University to Industry
byDarvan Shvan
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
final.pdf
byomarbishtawi04
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Workflow and decision Automation with Flowable
bychakib ch
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
apidays New York 2025 | AI in Application Security
byapidays
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 

Azure 101: Shared responsibility in the Azure Cloud

  • 1.
    SHARED SECURITY RESPONSIBILITY INAZURE Speaker - Chris Camaclang
  • 2.
    Agenda • Intro +Housecleaning + Surveys • Hybrid Cloud Landscape • Threat Landscape • Security Best Practices • Alert Logic Solutions and Value
  • 3.
    Hybrid Cloud Today CLOUDFALLOVER (DIFFERENT GEOGRAPHY) INTERNALEXTERNAL PRIVATE CLOUD PUBLIC CLOUD DEMO SITES MOBILE PHONES PROSPECT CUSTOMER BIZ PARTNER MANAGER PM ARCHITECT DEVELOPER SUPPORT SMART PHONE SMART TV TABLET/iPAD DESKTOP CLOUDTOPNOTEBOOK NETBOOK PRODUCTION STAGING QA DEV/TEST DEMO SITESPERFORMANCE TESTING IT + DEV SUPP SERVICES OFFICE SERVICES TIM/TAM SERVICES DESKTOP SERVICES MONITORING SERVICES BIZ. SUPP. SERVICES TRANSFORMATION SERVICES ADOBE LC SERVICES MESSAGING SERVICES SECURITY SERVICES BIZ. INT. SERVICES CODE MANAGEMENT SERVICES TIM/TAM SERVICES MONITORING SERVICES SECURITY SERVICES PERFORMANCE TESTING SECURETUNNEL SECURETUNNEL SECURETUNNEL SECURE TUNNEL SECURE TUNNEL
  • 4.
  • 5.
  • 6.
    Threats by CustomerIndustry Vertical Source: Alert Logic CSR 2016 29% 48% 10% 11% 2% Finance-Insurance-Real Estate APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 56%25% 17% 0% 2% Retail-Wholesale APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 54% 21% 22% 1% 2% Information Technology APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY
  • 7.
    1 49 56 86 125 155 172 197 525 908 Denial of Service Crimeware PhysicalTheft / Loss Payment Card Skimmers Everything Else Cyber-espionage Privilege Misuse Miscellaneous Errors POS Intrusions Web App Attacks Security risk is shifting to unprotected web applications Web app attacks are now the #1 source of data breaches But less than 5% of data center security budgets are spent on app security Source: Verizon UP 500% SINCE 2014 $23 to $1 Percentage of Breaches 10% 20% 30% 40% Source: Gartner Web App Attacks
  • 8.
    Cloud Security isa Shared, but not Equal, Responsibility • Security Monitoring • Log Analysis • Vulnerability Scanning • Network Threat Detection • Security Monitoring • Logical Network Segmentation • Perimeter Security Services • External DDOS, spoofing, and scanning monitored • Hypervisor Management • System Image Library • Root Access for Customers • Managed Patching (PaaS, not IaaS) • Web Application Firewall • Vulnerability Scanning • Secure Coding and Best Practices • Software and Virtual Patching • Configuration Management • Access Management (inc. Multi-factor Authentication) • Application level attack monitoring • Access Management • Configuration Hardening • Patch Management • TLS/SSL Encryption • Network Security Configuration CUSTOMER ALERT LOGICMICROSOFT
  • 9.
  • 10.
    10 Best Practicesfor Security 1. Understand the Cloud Providers Shared Responsibility Model 2. Secure your code 3. Create access management policies 4. Data Classification 5. Adopt a patch management approach 6. Review logs regularly 7. Build a security toolkit 8. Stay informed of the latest vulnerabilities that may affect you 9. Understand your cloud service providers security model 10. Know your adversaries
  • 11.
    1. Understand theCloud Providers Shared Responsibility Model The first step to securing cloud workloads is understanding the shared responsibility model Microsoft will secure most of the underlying infrastructure, including the physical access to the datacenters, the servers and hypervisors, and parts of the networking infrastructure…but the customer is responsible for the rest. Taken from the Shared Responsibility for Cloud Computing whitepaper, published by Microsoft in March 2016
  • 12.
    2. Secure YourCode • Test inputs that are open to the Internet • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • DevSecOps
  • 13.
    3. Create SecureAccess Management Policies • Simplify access controls (KISS) • Lock down Admin account in Azure • Enable MFA (Azure, hardware/software token) • Identify data infrastructure that requires access (*Lock down AzureSQL) • Define roles and responsibilities (delegating service admins) • Azure NSG (private vs public) • Continually audit access (Azure Audit Logs) • Start with a least privilege access model (RBAC) *avoid owner role unless absolutely necessary • Don’t store keys in code (e.g. secret keys) • AAD Premium – (*Security analytics and alerting)
  • 14.
    4. Data Classification •Identify data repositories and mobile backups • Identify classification levels and requirements • Analyze data to determine classification • Build Access Management policy around classification • Monitor file modifications and users
  • 15.
    5. Adopt aPatch Management Approach • Use trusted images (*Prevent users from launching untrusted images) • Constantly scan all vulnerabilities in your images and patch them • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC
  • 16.
    6. Log ManagementStrategy • Monitoring for malicious activity • Forensic investigations • Compliance needs • System performance • All sources of log data is collected and retained • Data types (Windows, Syslog) • Azure AD behavior • Azure Audit Logs (services, instances…activity, powershell) • Azure SQL Logs • Azure App Services Logs • Review process • Live monitoring • Correlation logic
  • 17.
    7. Build aSecurity Toolkit • Recommended Security Solutions • Antivirus • IP tables/Firewall • Backups • FIM • Intrusion Detection System (VNET ingress/egress) • Malware Detection • Web Application Firewalls (inspection at Layer 7) • Forensic Image of hardware remotely • Future Deep Packet Forensics • Web Filters • Mail Filters • Encryption Solutions • Proxies • Log collection • SIEM Monitoring and Escalation • Penetration Testing
  • 18.
    8. Stay Informedof the Latest Vulnerabilities • Websites to follow • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat-report/
  • 19.
    9. Understand YourService Providers Security Model • Understand the security offerings from your provider • Probe into the Security vendors to find their prime service • Hypervisor exploits are patched by the service provider • Questions to use when evaluating cloud service providers
  • 20.
  • 21.
    Threats are 24x7= Security Operations 24x7 Monitor intrusion detection and vulnerability scan activity Search for Industry trends and deliver intelligence on lost or stolen data Collect data from OSINT and Underground Sources to deliver Intelligence and Content Identify and implement required policy changes Escalate incidents and provide guidance to the response team to quickly mitigate Incidents Monitor for Zero-Day and New and Emerging attacks Cross product correlate data sources to find anomalies
  • 22.
  • 23.
    Cloud Security isa Shared, but not Equal, Responsibility • Security Monitoring • Log Analysis • Vulnerability Scanning • Network Threat Detection • Security Monitoring • Logical Network Segmentation • Perimeter Security Services • External DDOS, spoofing, and scanning monitored • Hypervisor Management • System Image Library • Root Access for Customers • Managed Patching (PaaS, not IaaS) • Web Application Firewall • Vulnerability Scanning • Secure Coding and Best Practices • Software and Virtual Patching • Configuration Management • Access Management (inc. Multi-factor Authentication) • Application level attack monitoring • Access Management • Configuration Hardening • Patch Management • TLS/SSL Encryption • Network Security Configuration CUSTOMER ALERT LOGICMICROSOFT
  • 24.
    Vulnerabilities + Change + Shortage Complexityof defending web applications and workloads Risks are moving up the stack 1. Wide range of attacks at every layer of the stack 2. Rapidly changing codebase can introduces unknown vulnerabilities 3. Long tail of exposures inherited from 3rd party development tools 4. Extreme shortage of cloud and application security expertise Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Perimeter & end-point security tools fail to protect cloud attack surface Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
  • 25.
    Block Analyze Allow Your Data Focus requiresfull stack inspection…and complex analysis Known Good Known Bad Suspicious Security DecisionYour App Stack Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Threats App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
  • 26.
    APP+CONFIG ASSESMENT Your Data Focus requiresfull stack inspection…and complex analysis Known Bad Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management COLLECTION TECHNOLOGY
  • 27.
    Your Data Web App Attacks OWASP Top10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management APP+CONFIG ASSESMENT COLLECTION TECHNOLOGY Integrated value chain delivering full stack security… Signatures & Rules Anomaly Detection Machine Learning ANALYTICS Petabytes of normalized data from 4000+ customers
  • 28.
    Your Data Web App Attacks OWASP Top10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management APP+CONFIG ASSESMENT COLLECTION TECHNOLOGY Signatures & Rules Anomaly Detection Machine Learning ANALYTICS Integrated value chain delivering full stack security, experts included Petabytes of normalized data from 4000+ customers • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center 24/7 EXPERTS & PROCESS
  • 29.
    Web App Attacks OWASP Top 10 Platform/ Library Attacks System / Network Attacks Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management CLOUD INSIGHT Signatures & Rules Anomaly Detection Machine Learning Integrated value chain delivering full stack security, experts included • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center ACTIVEWATCHDETECTION & PROTECTION Web Security Manager Log Manager Threat Manager ALERT LOGIC CLOUD DEFENDER
  • 30.
    New capabilities focusedon Web Attack Detection 1 Over 150 new web attack incidents 2 Improved OWASP Top 10 Coverage powered by Anomaly Detection 3 Advanced SQL Injection Detection powered by Machine Learning Web App Attacks OWASP top 10 Platform / library attacks App / System misconfig attacks Attacks Over 250 breaches detected in 2016
  • 31.
    Alert Logic solutionsare easy to deploy • Use a combination of host based agents and appliances to collect network and application traffic • Agents also collect logs from the VM • Azure Activity Logs are collected via the Azure Monitor API • Azure SQL or App Services Logs are collected from Azure storage accounts • Appliances can be used to do internal scanning, or we can do external and PCI scanning from our cloud
  • 32.
    HOW IT WORKS: AlertLogic Threat Manager for 3 Tier Application Stack + Azure SQL VNET RESOURCE GROUP Alert Logic Web Traffic Threat Manager Appliance AutoScale AutoScale Azure SQL Database Tier Azure Storage Table SQL Logs Application Tier VM ScaleSets Web Tier VM ScaleSets Application Gateway VM
  • 33.
    3-Tier applications usingVMs only VNET RESOURCE GROUP Web Traffic Customer B Alert Logic Threat Manager Appliance VM AutoScale Application Tier VM ScaleSets AutoScale Web Tier VM ScaleSets Database Tier SQL VM AvailabilitySets VNET RESOURCE GROUP AutoScale Application Tier VM ScaleSets AutoScale Web Tier VM ScaleSets Database Tier SQL VM AvailabilitySets Web Traffic Customer A
  • 34.
    ARM Template automateappliance deployments https://github.com/alertlogic/al-arm-templates
  • 35.
    Agents can bebaked into VM images, or automatically installed using DevOps toolsets https://supermarket.chef.io/cookbooks/al_agents
  • 36.
    Alert Logic –a Leader in Forrester’s 2016 NA MSSP WAVETM “Alert Logic has a head start in the cloud, and it shows. Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations.” - Forrester WAVETM Report
  • 37.
    Addressing Customers withCompliance Requirements Alert Logic Solution PCI DSS SOX HIPAA & HITECH Alert Logic Web Security Manager™ • 6.5.d Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others • 6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public- facing web applications. • DS 5.10 Network Security • AI 3.2 Infrastructure resource protection and availability • 164.308(a)(1) Security Management Process • 164.308(a)(6) Security Incident Procedures Alert Logic Log Manager™ • 10.2 Automated audit trails • 10.3 Capture audit trails • 10.5 Secure logs • 10.6 Review logs at least daily • 10.7 Maintain logs online for three months • 10.7 Retain audit trail for at least one year • DS 5.5 Security Testing, Surveillance and Monitoring • 164.308 (a)(1)(ii)(D) Information System Activity Review • 164.308 (a)(6)(i) Login Monitoring • 164.312 (b) Audit Controls Alert Logic Threat Manager™ • 5.1.1 Monitor zero day attacks not covered by anti-virus • 6.2 Identify newly discovered security vulnerabilities • 11.2 Perform network vulnerability scans quarterly by an ASV or after any significant network change • 11.4 Maintain IDS/IPS to monitor and alert personnel; keep engines up to date • DS5.9 Malicious Software Prevention, Detection and Correction • DS 5.6 Security Incident Definition • DS 5.10 Network Security • 164.308 (a)(1)(ii)(A) Risk Analysis • 164.308 (a)(1)(ii)(B) Risk Management • 164.308 (a)(5)(ii)(B) Protection from Malicious Software • 164.308 (a)(6)(iii) Response & Reporting Alert Logic Security Operations Center providing Monitoring, Protection, and Reporting
  • 38.
    Scalable Threat IntelProcess Delivers Relevant Content FUSIONNORMALIZATION ENTITY RESOLUTION LINK ANALYSIS CLUSTERING ANALYSIS COMPLEX ANALYSIS EXTRACTION HONEYNET 3RD-PARTY INTEL VULNERABILITIES WATCHLISTS RESEARCH TELEMETRY Big Data ReputationReputation BlacklistsBlacklists Content CoverageContent Coverage Incident ModelingIncident Modeling Intelligence GatheringIntelligence Gathering Relevant VulnerabilitiesRelevant Vulnerabilities Increased Contextual Awareness Increased Contextual Awareness Increase Incident Understanding Increase Incident Understanding Key Service CapabilitiesAnalysis TechniquesThreat Analytics PlatformInput Sources
  • 39.
    Stopping Imminent DataExfiltration INCIDENT ESCALATION Partner and customer notified with threat source information and remediation tactics 8 min FUTHER ANALYSIS Alert Logic Analyst confirms user IDs and password hashes leaked as part of initial attack 2 hours EXFILTRATION ATTEMPT PREVENTED Partner works with customer to mitigate compromised accounts 6 hours COMPROMISE ACTIVITY Discovered through inspection of 987 log messages indicative of a SQL injection attack Customer Type: Retail Threat Type: Advanced SQL Injection
  • 40.
    Preventing Ransomware Spread INCIDENTESCALATION Critical risk of lateral movement through shared drives identified 14 min LATERAL MALWARE MOVEMENT PREVENTED Analyst performs forensic review of additional 8,000 log messages and 1,400 events that identifies additional attack vectors through related events 6 hours SUSPICOUS ACTIVITY Cryptowall detected on key gateway server in over 1,400 events (6,000 Packets) Customer Type: Retail Threat Type: Ransomware
  • 41.
    To Follow ourResearch & Contact Information Blog https://www.alertlogtic.com/resources/blog Newsletter https://www.alertlogic.com/weekly-threat-report/ Cloud Security Report https://www.alertlogic.com/resources/cloud-security-report/ Zero Day Magazine https://www.alertlogic.com/zerodaymagazine/ Twitter @AlertLogic For More Information on Alert Logic Solutions Chris Camaclnag ccamaclang@alertlogic.com 206-673-4387
  • 42.