Have some customers who have made decision to go for cloud, but lack controls. Here are some of the slides I used in an alignment session the other day.
NetStandard CTO John Leek presents 20 Critical Security Controls for the Cloud at Interface Kansas City. This presentation is based on controls set forth by the SANS Institute. Learn more at http://www.netstandard.com.
Extending the 20 critical security controls to gap assessments and security m...John M. Willis
Extending the 20 critical security controls to gap assessments and security maturity modeling.
Specifically, the controls are decomposed into Base Practices from a Process perspective.
Implementation approaches are viewed from a Robustness perspective.
The CIS Critical Security Controls the International Standard for DefenseEnclaveSecurity
The document discusses why organizations are implementing the Critical Security Controls (CSCs). It provides 7 key reasons: 1) organizations are experiencing breaches, 2) the CSCs were developed by hundreds of cybersecurity experts, 3) the CSCs provide comprehensive and practical guidance, 4) the CSCs can stop known attack techniques, 5) the CSCs define specific measures for assessing risk, 6) the CSCs are based on known current threats, and 7) implementing the CSCs helps organizations achieve compliance with other standards. The document uses a 2013 Java vulnerability as a case study to demonstrate how the CSCs could have prevented the attacks.
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
This document discusses security analytics and hunting maturity. It defines hunting as a proactive approach to identifying incidents by actively looking for patterns, intelligence or hunches, rather than waiting for notifications. It describes the "SIEM gap" where SIEM tools are designed for known threats and lack the tools and flexibility for human analysis and hunting of unknown threats. It outlines techniques used in security analytics like event clustering, association analysis, and visualization to help analyze large datasets and discover unknown threats. The document argues security analytics provides the data access, analysis techniques and workflows to help close the SIEM gap and improve an organization's hunting maturity over time.
Infocyte Mid-market Threat and Incident Response Report WebinarInfocyte
Join Infocyte's co-founder and Chief Product Officer, Chris Gerritz, as we review the findings from our 2019 Mid-market Threat Detection and Incident Response report.
In the first half of 2019, we completed over 550,000 digital forensic inspections across hundreds of customer and partner networks, exposing hidden and malicious threats, unknown vulnerabilities, and more.
Our Mid-market Report (and this webinar) shares the findings from our DFIR investigations, compromise assessments, and ongoing threat hunting activities.
AlienVault Threat Alerts are a simple yet powerful tool that comes built-in with Spiceworks. When a device on your network has been interacting with a known malicious host or suspicious IP, you’ll immediately get an alert in your feed and you’ll get an alert email.
Kill Chain Model for Use Cases Assist in Incident Response
1- Situational Awareness
Outbound Protocols
Outbound protocols by size
Top destination Countries
Top destination Countries by size
2- Reconnaissance
Port scan activity
ICMP query
3- Weaponization and Delivery
Injection
Cross Site Scripting
Cross Site Request Forgery
Failure to Restrict URL
Downloaded binaries
Top email subjects
Domains mismatching
Malicious or anomalous Office/Java/Adobe files
Suspicious Web pages (iframe + [pdf|html|js])
Get advice from security gurus on how to get up & running with SIEM quickly and painlessly. You'll learn about log collection, log management, log correlation, integrated data sources and how-to leverage threat intelligence into your SIEM implementation.
NetStandard CTO John Leek presents 20 Critical Security Controls for the Cloud at Interface Kansas City. This presentation is based on controls set forth by the SANS Institute. Learn more at http://www.netstandard.com.
Extending the 20 critical security controls to gap assessments and security m...John M. Willis
Extending the 20 critical security controls to gap assessments and security maturity modeling.
Specifically, the controls are decomposed into Base Practices from a Process perspective.
Implementation approaches are viewed from a Robustness perspective.
The CIS Critical Security Controls the International Standard for DefenseEnclaveSecurity
The document discusses why organizations are implementing the Critical Security Controls (CSCs). It provides 7 key reasons: 1) organizations are experiencing breaches, 2) the CSCs were developed by hundreds of cybersecurity experts, 3) the CSCs provide comprehensive and practical guidance, 4) the CSCs can stop known attack techniques, 5) the CSCs define specific measures for assessing risk, 6) the CSCs are based on known current threats, and 7) implementing the CSCs helps organizations achieve compliance with other standards. The document uses a 2013 Java vulnerability as a case study to demonstrate how the CSCs could have prevented the attacks.
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
This document discusses security analytics and hunting maturity. It defines hunting as a proactive approach to identifying incidents by actively looking for patterns, intelligence or hunches, rather than waiting for notifications. It describes the "SIEM gap" where SIEM tools are designed for known threats and lack the tools and flexibility for human analysis and hunting of unknown threats. It outlines techniques used in security analytics like event clustering, association analysis, and visualization to help analyze large datasets and discover unknown threats. The document argues security analytics provides the data access, analysis techniques and workflows to help close the SIEM gap and improve an organization's hunting maturity over time.
Infocyte Mid-market Threat and Incident Response Report WebinarInfocyte
Join Infocyte's co-founder and Chief Product Officer, Chris Gerritz, as we review the findings from our 2019 Mid-market Threat Detection and Incident Response report.
In the first half of 2019, we completed over 550,000 digital forensic inspections across hundreds of customer and partner networks, exposing hidden and malicious threats, unknown vulnerabilities, and more.
Our Mid-market Report (and this webinar) shares the findings from our DFIR investigations, compromise assessments, and ongoing threat hunting activities.
AlienVault Threat Alerts are a simple yet powerful tool that comes built-in with Spiceworks. When a device on your network has been interacting with a known malicious host or suspicious IP, you’ll immediately get an alert in your feed and you’ll get an alert email.
Kill Chain Model for Use Cases Assist in Incident Response
1- Situational Awareness
Outbound Protocols
Outbound protocols by size
Top destination Countries
Top destination Countries by size
2- Reconnaissance
Port scan activity
ICMP query
3- Weaponization and Delivery
Injection
Cross Site Scripting
Cross Site Request Forgery
Failure to Restrict URL
Downloaded binaries
Top email subjects
Domains mismatching
Malicious or anomalous Office/Java/Adobe files
Suspicious Web pages (iframe + [pdf|html|js])
Get advice from security gurus on how to get up & running with SIEM quickly and painlessly. You'll learn about log collection, log management, log correlation, integrated data sources and how-to leverage threat intelligence into your SIEM implementation.
QRadar is security software that analyzes log and network flow data to detect threats and offenses. It requires RHEL6 and uses PostgreSQL and Ariel databases. QRadar collects and correlates all log data to find potential attacks. It has a web console interface to view dashboards, offenses, network activity, assets, reports and administrative settings. Offenses show analyzed threats based on event and flow logs using updated IBM X-Force rules.
Incident response live demo slides finalAlienVault
So, you've got an alarm - or 400 alarms maybe, now what? Security incident investigations can take many paths leading to incident response, a false positive or something else entirely. Join this webcast to see security experts from AlienVault and Castra Consulting work on real security events (well, real at one point), and perform real investigations, using AlienVault USM as the investigative tool. Process or art form? Yes.
You'll learn:
Tips for assessing context for the investigation
How to spend your time doing the right things
How to to classify alarms, rule out false positives and improve tuning
The value of documentation for effective incident response and security controls
How to speed security incident investigation and response with AlienVault USM
20 Critical Controls for Effective Cyber Defense (A must read for security pr...Tahir Abbas
The document outlines 20 critical controls for effective cyber defense. It describes how the controls were developed based on lessons learned and expertise from government cybersecurity experts. It emphasizes prevention, detection, automated continuous monitoring, and prioritizing the most effective controls. The controls are designed to reduce cyber attacks and security breaches by strengthening defensive strategies.
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
In this SlideShare, we’ll share the AWS Security Best Practices for securing AWS environments, as well as some of the trends our research has shown with regard to attacks on those environments. We'll also introduce the key capabilities needed for a modern threat detection & incident response program customized for AWS, and other AWS Security Best Practices including:
-Asset Discovery - creating an inventory of running instances
-Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks
-Change Management - detect changes in your AWS environment and insecure network access control configurations
-S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance
-CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior
-Windows Event Monitoring - Analyze system level behavior to detect advanced threats
With more IT environments moving data and applications to AWS, the motivation for hackers to target AWS environments is also increasing. We believe these AWS Security Best Practices will be a valuable addition to every security practitioner’s playbook.
We'll finish up with a demo of NEW AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.
The document summarizes Symantec's endpoint security solution. It discusses the key ingredients for endpoint protection including antivirus, antispyware, firewall, intrusion prevention, device/application control, and network access control. It describes how these components work together through a single agent and management console to provide comprehensive endpoint security, compliance, and management capabilities. The solution aims to reduce costs, complexity, and risks while increasing protection, control, and manageability for organizations.
Today’s networks are larger and more complex than ever before, and
protecting them against malicious activity is a never-ending task.
Organizations seeking to safeguard their intellectual property, protect
their customer identities and avoid business disruptions need to do more
than monitor logs and network flow data; they need to leverage advanced
tools to detect these activities in a consumable manner.
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
This webinar and presentation outlines the Infocyte HUNT threat detection and incident response platform, and how it enables state and local government organizations:
- Reduce risk across local, off-network, and cloud IT assets
- Expose and eliminate hidden cyber threats and vulnerabilities
- Streamline your overall security operations
- Achieve and maintain compliance
Using Infocyte, TIG can provide their customers with cost-effective, easy-to-manage, and on-demand cybersecurity consulting services (e.g. compromise assessments, incident response) and managed security services (e.g. managed detection and response).
Visit https://www.infocyte.com/ to learn more and request a demo, or request a cybersecurity risk assessment (Compromise Assessment) using the link below:
https://www.infocyte.com/free-compromise-assessment/
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Open Source IDS Tools: A Beginner's GuideAlienVault
The document provides an overview of several open source intrusion detection tools, including Snort, Suricata, Bro, Kismet, OSSEC, Samhain, and OpenDLP. It discusses the types of detection each tool performs, such as signature-based detection for Snort and Suricata, and behavior analysis for Bro. It also outlines advantages of each tool, such as Suricata's ability to use hardware acceleration and multi-threading. Finally, it recommends the Security Onion distribution for testing various open source IDS tools together.
1) Security intelligence refers to the collection, normalization, and analysis of data from users, applications, and infrastructure across an enterprise to gain comprehensive insight into security risks and threats.
2) IBM Security Intelligence solutions provide security capabilities across the full timeline from protection to detection to remediation.
3) The IBM QRadar security intelligence platform collects both structured and unstructured data from multiple sources and performs automated analytics to identify and prioritize security and operational incidents.
Malware evolution and Endpoint Detection and Response Adrian Guthrie
As malware evolves into targeted Advance Persistent Threat the response has to change to more proactive security model.
Automated Prevention Block malware and exploits to prevent Automated Detection -Targeted and zero-day attack are block in real time
Automated Forensics - Forensic information for in-dept analysis of every attempted attack
Automated Remediation - Automated malware removal
all made possible by Big Data analytics and Collective Intelligence .
Panda Adaptive Defense 360 is the first and only product in the market to combine in a single solution Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) capabilities.
Do you want to get to know more about Adaptive Defense 360?
- Test a demo: http://bit.ly/21jl4Bi
- Talk to an expert: http://bit.ly/1Ouzvve
- Get more info: http://bit.ly/21jljMu
The document provides an overview of network security topics including SIEM, logs, NetFlow, web logs, and compliance standards. It discusses how SIEM systems aggregate and correlate log/event data from multiple sources to provide security monitoring, incident response, forensic analysis and compliance reporting capabilities. Specific topics covered include syslog, NetFlow for network monitoring, and examples of web server logs and the types of data that can be extracted from logs for security purposes. Compliance standards like PCI-DSS and SOX are also mentioned in relation to why log collection and monitoring is important for audit requirements.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
The Dynamic Nature of Virtualization SecurityRapid7
The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional “scan-and-patch” vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
This document discusses a security policy management maturity model with four levels - initial, emerging, advanced, and visionary. It provides recommendations for organizations at each level to improve their security policy management processes and tools. Level 1 focuses on basic documentation and risk analysis. Level 2 introduces some automation but change management is still manual. Level 3 has more automated processes but documentation and communication could be improved. The ideal level 4 provides fast, efficient security for applications through alignment of security, operations, and application teams. The document promotes the AlgoSec Security Management Suite as a tool to help organizations progress through the maturity levels.
The document discusses the OWASP Top 10 Proactive Controls for web application security. It summarizes 10 critical security areas that developers must address: 1) Verify security early and often, 2) Parameterize queries, 3) Encode data, 4) Validate all inputs, 5) Implement identity and authentication controls, 6) Implement access controls, 7) Protect data, 8) Implement logging and intrusion detection, 9) Leverage security frameworks and libraries, and 10) Handle errors and exceptions properly. For each area, it describes common vulnerabilities, example attacks, and recommended controls to implement for protection.
The document discusses the SANS Top 20 Critical Security Controls and how QualysGuard supports them. It provides an overview of the controls and their goals of effectively securing systems. It then describes how QualysGuard's Vulnerability Management, Policy Compliance, and Web Application Scanning modules support specific controls through features like continuous scanning, configuration auditing, vulnerability assessments, and automated remediation workflows.
The document discusses IBM QRadar Security Intelligence Platform. It describes how QRadar addresses challenges organizations face from increasingly sophisticated attacks and resource constraints. QRadar provides automated, integrated, and intelligent security through log management, security intelligence, network activity monitoring, risk management, vulnerability management, and network forensics. It allows organizations to identify and remediate threats faster through comprehensive security intelligence and incident forensics.
This document discusses compliance as a career path. It defines compliance as following rules such as legal, regulatory and standards. It outlines different compliance roles such as implementors and auditors. Implementors ensure security is implemented across functions, while auditors identify security process weaknesses. Requirements for these roles include certifications from ISACA and ISO. Experience in a current organization and clear understanding of standards can help get into compliance roles.
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1David Spinks
Cyber Security and Cloud Infrastructure as a Service (IaaS) – Legal & Regulatory
Acceptance of standard security policies and procedures. Better be prepared to compromise yet aware of potential legal issues. Contracts need to be reviewed early to understand potential gaps. Flexibility in contracts is required. Cloud infrastructure is still immature with limited experiences. Legal and regulatory issues around e-discovery need further development.
QRadar is security software that analyzes log and network flow data to detect threats and offenses. It requires RHEL6 and uses PostgreSQL and Ariel databases. QRadar collects and correlates all log data to find potential attacks. It has a web console interface to view dashboards, offenses, network activity, assets, reports and administrative settings. Offenses show analyzed threats based on event and flow logs using updated IBM X-Force rules.
Incident response live demo slides finalAlienVault
So, you've got an alarm - or 400 alarms maybe, now what? Security incident investigations can take many paths leading to incident response, a false positive or something else entirely. Join this webcast to see security experts from AlienVault and Castra Consulting work on real security events (well, real at one point), and perform real investigations, using AlienVault USM as the investigative tool. Process or art form? Yes.
You'll learn:
Tips for assessing context for the investigation
How to spend your time doing the right things
How to to classify alarms, rule out false positives and improve tuning
The value of documentation for effective incident response and security controls
How to speed security incident investigation and response with AlienVault USM
20 Critical Controls for Effective Cyber Defense (A must read for security pr...Tahir Abbas
The document outlines 20 critical controls for effective cyber defense. It describes how the controls were developed based on lessons learned and expertise from government cybersecurity experts. It emphasizes prevention, detection, automated continuous monitoring, and prioritizing the most effective controls. The controls are designed to reduce cyber attacks and security breaches by strengthening defensive strategies.
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
In this SlideShare, we’ll share the AWS Security Best Practices for securing AWS environments, as well as some of the trends our research has shown with regard to attacks on those environments. We'll also introduce the key capabilities needed for a modern threat detection & incident response program customized for AWS, and other AWS Security Best Practices including:
-Asset Discovery - creating an inventory of running instances
-Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks
-Change Management - detect changes in your AWS environment and insecure network access control configurations
-S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance
-CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior
-Windows Event Monitoring - Analyze system level behavior to detect advanced threats
With more IT environments moving data and applications to AWS, the motivation for hackers to target AWS environments is also increasing. We believe these AWS Security Best Practices will be a valuable addition to every security practitioner’s playbook.
We'll finish up with a demo of NEW AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.
The document summarizes Symantec's endpoint security solution. It discusses the key ingredients for endpoint protection including antivirus, antispyware, firewall, intrusion prevention, device/application control, and network access control. It describes how these components work together through a single agent and management console to provide comprehensive endpoint security, compliance, and management capabilities. The solution aims to reduce costs, complexity, and risks while increasing protection, control, and manageability for organizations.
Today’s networks are larger and more complex than ever before, and
protecting them against malicious activity is a never-ending task.
Organizations seeking to safeguard their intellectual property, protect
their customer identities and avoid business disruptions need to do more
than monitor logs and network flow data; they need to leverage advanced
tools to detect these activities in a consumable manner.
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
This webinar and presentation outlines the Infocyte HUNT threat detection and incident response platform, and how it enables state and local government organizations:
- Reduce risk across local, off-network, and cloud IT assets
- Expose and eliminate hidden cyber threats and vulnerabilities
- Streamline your overall security operations
- Achieve and maintain compliance
Using Infocyte, TIG can provide their customers with cost-effective, easy-to-manage, and on-demand cybersecurity consulting services (e.g. compromise assessments, incident response) and managed security services (e.g. managed detection and response).
Visit https://www.infocyte.com/ to learn more and request a demo, or request a cybersecurity risk assessment (Compromise Assessment) using the link below:
https://www.infocyte.com/free-compromise-assessment/
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Open Source IDS Tools: A Beginner's GuideAlienVault
The document provides an overview of several open source intrusion detection tools, including Snort, Suricata, Bro, Kismet, OSSEC, Samhain, and OpenDLP. It discusses the types of detection each tool performs, such as signature-based detection for Snort and Suricata, and behavior analysis for Bro. It also outlines advantages of each tool, such as Suricata's ability to use hardware acceleration and multi-threading. Finally, it recommends the Security Onion distribution for testing various open source IDS tools together.
1) Security intelligence refers to the collection, normalization, and analysis of data from users, applications, and infrastructure across an enterprise to gain comprehensive insight into security risks and threats.
2) IBM Security Intelligence solutions provide security capabilities across the full timeline from protection to detection to remediation.
3) The IBM QRadar security intelligence platform collects both structured and unstructured data from multiple sources and performs automated analytics to identify and prioritize security and operational incidents.
Malware evolution and Endpoint Detection and Response Adrian Guthrie
As malware evolves into targeted Advance Persistent Threat the response has to change to more proactive security model.
Automated Prevention Block malware and exploits to prevent Automated Detection -Targeted and zero-day attack are block in real time
Automated Forensics - Forensic information for in-dept analysis of every attempted attack
Automated Remediation - Automated malware removal
all made possible by Big Data analytics and Collective Intelligence .
Panda Adaptive Defense 360 is the first and only product in the market to combine in a single solution Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) capabilities.
Do you want to get to know more about Adaptive Defense 360?
- Test a demo: http://bit.ly/21jl4Bi
- Talk to an expert: http://bit.ly/1Ouzvve
- Get more info: http://bit.ly/21jljMu
The document provides an overview of network security topics including SIEM, logs, NetFlow, web logs, and compliance standards. It discusses how SIEM systems aggregate and correlate log/event data from multiple sources to provide security monitoring, incident response, forensic analysis and compliance reporting capabilities. Specific topics covered include syslog, NetFlow for network monitoring, and examples of web server logs and the types of data that can be extracted from logs for security purposes. Compliance standards like PCI-DSS and SOX are also mentioned in relation to why log collection and monitoring is important for audit requirements.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
The Dynamic Nature of Virtualization SecurityRapid7
The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional “scan-and-patch” vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
This document discusses a security policy management maturity model with four levels - initial, emerging, advanced, and visionary. It provides recommendations for organizations at each level to improve their security policy management processes and tools. Level 1 focuses on basic documentation and risk analysis. Level 2 introduces some automation but change management is still manual. Level 3 has more automated processes but documentation and communication could be improved. The ideal level 4 provides fast, efficient security for applications through alignment of security, operations, and application teams. The document promotes the AlgoSec Security Management Suite as a tool to help organizations progress through the maturity levels.
The document discusses the OWASP Top 10 Proactive Controls for web application security. It summarizes 10 critical security areas that developers must address: 1) Verify security early and often, 2) Parameterize queries, 3) Encode data, 4) Validate all inputs, 5) Implement identity and authentication controls, 6) Implement access controls, 7) Protect data, 8) Implement logging and intrusion detection, 9) Leverage security frameworks and libraries, and 10) Handle errors and exceptions properly. For each area, it describes common vulnerabilities, example attacks, and recommended controls to implement for protection.
The document discusses the SANS Top 20 Critical Security Controls and how QualysGuard supports them. It provides an overview of the controls and their goals of effectively securing systems. It then describes how QualysGuard's Vulnerability Management, Policy Compliance, and Web Application Scanning modules support specific controls through features like continuous scanning, configuration auditing, vulnerability assessments, and automated remediation workflows.
The document discusses IBM QRadar Security Intelligence Platform. It describes how QRadar addresses challenges organizations face from increasingly sophisticated attacks and resource constraints. QRadar provides automated, integrated, and intelligent security through log management, security intelligence, network activity monitoring, risk management, vulnerability management, and network forensics. It allows organizations to identify and remediate threats faster through comprehensive security intelligence and incident forensics.
This document discusses compliance as a career path. It defines compliance as following rules such as legal, regulatory and standards. It outlines different compliance roles such as implementors and auditors. Implementors ensure security is implemented across functions, while auditors identify security process weaknesses. Requirements for these roles include certifications from ISACA and ISO. Experience in a current organization and clear understanding of standards can help get into compliance roles.
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1David Spinks
Cyber Security and Cloud Infrastructure as a Service (IaaS) – Legal & Regulatory
Acceptance of standard security policies and procedures. Better be prepared to compromise yet aware of potential legal issues. Contracts need to be reviewed early to understand potential gaps. Flexibility in contracts is required. Cloud infrastructure is still immature with limited experiences. Legal and regulatory issues around e-discovery need further development.
Are your Cloud Services Secure and Compliant today?Sridhar Karnam
The cyber threat landscape is evolving faster than security teams can manage without dramatically increasing headcount. As IT organizations seek to achieve new levels of IT efficiency and value for the hybrid cloud, both security and compliance headaches increase in severity as well. See how HP is delivering advanced, data-driven security technologies designed to empower security operations to run more efficiently for the Hybrid Cloud.
Register for this webinar to learn how you can benefit from a new style of IT through the combined wealth of information assimilated from multiple sources to provide you valuable insights that impact your business. In addition you will learn how you can enjoy the use of secure compliant cloud services, that can be consolidated in one view and automated to the click of a button.
Casablanca a Cloud Security od HP – Miroslav KnapovskýCasablanca
The document discusses HP Enterprise Security Products (ESP) and HP TippingPoint. It highlights that HP ESP focuses on network security, application security, and security intelligence. It provides details on HP TippingPoint's threat protection capabilities including weekly digital vaccine filters, reputation feeds, and anti-malware filters. It also notes that HP TippingPoint had coverage for 50% of zero-day vulnerabilities on average 50 days before public disclosure in 2014.
This document summarizes security considerations related to cloud computing. It outlines some key benefits of cloud security such as rigorous audits and centralized monitoring. However, it also identifies challenges including governance, compliance, data privacy, availability and lock-in issues. The document then describes HP solutions that can help customers address these challenges across hardware, software, services and expertise. It provides an overview of HP's Secure Advantage program and portfolio of security products and services.
The document discusses HP's converged cloud solution, which provides enterprises with choice, confidence, and consistency across private, managed, and public clouds. It highlights key aspects of the solution such as hybrid delivery models, common architecture enabled by OpenStack, HP Cloud OS platform, and portfolio including CloudSystem, Cloud Services, and managed cloud offerings. HP's converged cloud aims to help enterprises consume and build cloud services with enterprise-grade security and support.
This document discusses the rise of cloud computing and the opportunities and challenges it presents for businesses and IT departments. It notes that businesses are increasingly adopting cloud technologies at a faster rate than IT can support due to the speed and agility benefits of the cloud. However, IT concerns around security, compliance, and control are slowing cloud adoption. The document proposes that providing trusted cloud services that address these IT concerns can help enable broader cloud usage and allow businesses to realize the economic and innovation benefits of the cloud while allowing IT to play a more strategic role.
The document discusses the evolution of cloud computing from the internet and web to the current cloud model. It defines cloud computing as scalable services delivered over the internet on a pay-per-use basis. The cloud provides benefits like flexibility, reduced costs, and increased capabilities to various stakeholders including businesses, IT departments, and developers. The document also discusses options for cloud infrastructure delivery and highlights benefits of secure cloud computing.
Capgemini Digital Reference Architecture with HPECapgemini
Digital Readiness Assessment Services delivers digital business initiatives by creating an actionable transformation roadmap. Through our joint partnership, Capgemini and HP have developed a Digital Reference Framework for IT solutions for the New Style of Business. Learn the strength of Capgemini-HP joint Digital Reference Architecture as it addresses client digital transformation business needs and helps you gain market share in Cloud, Big Data, Security and Mobility.
The document discusses HP CloudSystem Matrix, a private cloud solution. It provides an overview of key features such as provisioning infrastructure and applications in minutes, reducing TCO by up to 56%, and accelerating deployment with unified management. HP CloudSystem Matrix integrates with existing infrastructure and supports common virtualization, storage, and networking standards.
The document discusses security in cloud computing. It defines cloud computing security and outlines some key aspects like access control, system protection, and identity management. It then describes some common security issues in cloud computing such as data loss, account hijacking, and denial of service attacks. The document also discusses challenges around trusting cloud providers with data, potential data breaches, and how to design secure cloud architectures and implement security monitoring and incident response.
This document discusses moving startups to the cloud. It defines cloud computing and explains its benefits like scalability and elasticity. It discusses types of cloud services, a cloud readiness test, total cost of ownership analysis, and reasons to move to the cloud. It also covers cloud deployment models, how to migrate applications to the cloud through steps like code preparation and infrastructure architecture. Finally, it provides examples of cloud use cases and contact details for cloud consulting services.
This document discusses how cloud computing can help startups by providing scalable and elastic IT capabilities as a service over the internet. It defines cloud computing and describes how cloud services allow scaling resources up or down as needed. It then discusses different cloud service models, factors to consider for cloud readiness, how to evaluate total cost of ownership, benefits of moving to the cloud, types of cloud deployment models and their benefits/risks, steps for moving applications to the cloud, example cloud infrastructure architectures, and use cases where cloud computing could help startups.
This presentation provides information and tips to assist accountants and audits in introducing cloud technologies into their business. Auditflow - www.auditflow.com - offers a range of innovative audit compliance solutions. Mediasphere - www.mediasphere.com.au - builds websites and client portals for accountants and auditors globally.
Contact Tony Carrucan on tonyc@mediasphere.com.au for more information
Cloud migration involves moving digital assets like applications and databases from a company's on-premise infrastructure to cloud infrastructure. There are several steps to a successful cloud migration including forming a migration team, assessing organizational readiness, choosing a cloud vendor and designing the cloud environment, creating a roadmap, choosing a migration strategy, migrating data, testing, and switching to production. Key risks of cloud migration include cost, loss of control, vendor lock-in, and potential performance issues. People, finances, and legal/compliance issues are also important factors to consider.
The 4 Things You Need To Know Before Migrating Your Business To The CloudBright Technology
The proliferation of cloud services, from storage to software applications and more, presents businesses with a choice – if and when should they move to the cloud? And if they decide to make the move, how should they go about doing so?
This presentation discusses the conditions which make moving to the cloud an attractive option, and then cover the various steps necessary to enable a smooth transition process when the decision to move is made.
This document summarizes the key factors to consider when evaluating on-premise versus cloud-based law practice management software. It discusses cost in terms of upfront, ongoing, and long-term expenses. Security is addressed, noting advantages of both on-premise control and cloud vendor expertise. Functionality such as implementation, customization, and mobile access is also compared. Connectivity depends on location and internet capabilities. Ethical obligations to protect client data apply regardless of the system chosen. The presentation aims to help firms decide which approach best fits their needs and capabilities.
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
Lisa Abe-Oldenburg presented on securing apps and data in the cloud at the Toronto Board of Trade. She discussed an overview of cloud computing including essential characteristics and delivery models. She then covered issues and risks with cloud computing such as regulatory compliance, operational risks, and legal contract risks. She provided strategies for mitigating risks such as legal reviews of contracts and compliance with privacy and security policies. Finally, she discussed responding to data breaches and organizational practices around data and app security.
PowerPoint explaining cloud migration, benefits and risks of cloud migration as well as the legal and financial information associated with cloud migration
This document provides guidance on developing a cloud migration strategy for typical large enterprise customers. It recommends starting with a cohesive approach involving sales, partners, solutions architects, and support teams. Key steps include obtaining executive sponsorship, identifying cloud champions, presenting integrated solutions, and thinking big. It also provides tips on assessing applications and prioritizing migrations, including focusing first on underutilized assets and those needing immediate scaling. Proof of concepts are recommended to build support and validate the approach before full migrations. Success criteria should go beyond just costs to include factors like agility, time to market, and new opportunities.
The document discusses monitoring strategies for cloud infrastructure and applications. It notes that effective monitoring involves more than just collecting data and requires tiered escalation processes and incorporating lessons learned into policies. The document outlines key considerations for what to monitor including infrastructure, software services, and business processes. It also discusses challenges in monitoring cloud environments and strategies for adopting cloud-native monitoring tools.
Transforming cloud security into an advantageMoshe Ferber
- Moshe Ferber is an experienced information security professional who has founded and invested in several cloud security companies.
- The document discusses important concepts in cloud security including creating trust between cloud providers and customers, security best practices in development and operations, and compliance with standards and regulations.
- Key responsibilities in cloud security include securing data, applications, users and identities across the entire lifecycle from a shared responsibility model between providers and customers.
The document discusses various cloud computing deployment models including public, private, virtual private, community, and hybrid clouds. It provides an overview of the key characteristics of each model such as ownership, ease of setup, scalability, security, and costs. A public cloud is fully managed by a third-party provider while a private cloud is owned and operated solely by the organization. A hybrid cloud combines multiple cloud models to provide flexibility to meet different business needs.
This document provides tips and best practices for negotiating IT contracts in the mining industry, with a focus on software licensing, cloud computing, and IT outsourcing agreements. Some key points discussed include: doing due diligence on software licenses; understanding cloud computing risks around data location and security; and structuring outsourcing agreements to clearly define responsibilities, service level agreements, and allocation of risk. The document provides detailed recommendations in each of these areas to help mining companies negotiate successful IT contracts.
Cloud computing - Assessing the Security Risks - Jared Carstensenjaredcarst
This document summarizes the key security risks of cloud computing. It discusses how privileged user access poses risks if sensitive data is processed outside an organization without proper controls. Regulatory compliance responsibilities still fall on the customer. Data location and legal jurisdiction need to be clearly understood. Data segregation and investigative access are also security concerns, as most cloud data is commingled. Disaster recovery and long-term provider viability require thorough due diligence. Proper planning, flexible agreements, and well-defined roles are emphasized as part of a roadmap for successful cloud adoption.
Security & Compliance in the Cloud [2019]Tudor Damian
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked. While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
This document discusses various aspects of cloud security including cloud security challenges, areas of concern in cloud computing, how to evaluate risks, cloud computing categories, the cloud security alliance, security service boundaries, responsibilities by service models, securing data, auditing and compliance, identity management protocols, and Windows Azure identity standards. It provides information on policies, controls, and technologies used to secure cloud environments, applications, and data.
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Marc Vael, International Vice-President and Chair of the Cloud Computing Task Force, presented on cloud computing risks. The document discussed the definition of cloud computing, its characteristics and service models. It outlined lessons learned from cloud computing implementations including never outsourcing what cannot be properly managed internally, and that risk always exists regardless of detection. Specific technical, legal and organizational risks were also reviewed.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
2. Contents
Cloud Security controls
„ What cloud security controls are needed?
„ What are the characteristics of the controls?
Young people - their expectations of daily tools are different, much more smartphone,
tablets and collaboration. It is us the people in 40ies and 50ies who need to build the next
generation IT systems for these youngsters who come after us. I vote that most of these
new applications should be cloud-based.
2
3. How your cloud adoption process should go?
Push through the noise ‟ it’s quite simple ‟ start with a risk assessment
Step 1: Carry out a risk assessment (RA)
• Assess the cloud that way how it would affect the business on a bad day, uphill and the wind blowing against its face
• Many cloud discussions start and end with a legal discussion ‟ legal is one of your topics, not the only topic
• Apart from legal also think about provider longevity, reliance on network, design of your applications and how they would work in
cloud, the technical compatibility, how to transition
• It would help you if how much the cloud opportunity (or saving) would be in USD or EUR, and how the figures were reached
• Knowing the opportunity’s worth and its breakdown would make your work easier, and you could focus on the right things
• Try to convince the organization to accept it does need to release funds for cloud controls ‟ this way cloud adoption is treated like any
other substantial investment ‟ and not like someone just grabs something from the web
• Finally, look at the scenario without cloud services ‟ are you facing refresh investments to on-premise equipment, do you have access
to funds for them, what’s your risk if you don’t get the funds, and is it better to go for cloud because of that
• It is probably best to itemize the risks, value each identified risk in terms of impact to the business, and probability of each risk
• Recommendation Your RA outcome is a relatively simple spreadsheet document where you list and value each identified risk
3
4. How your cloud adoption process should go?
Push through the noise ‟ it’s quite simple ‟ then put in place the controls
Step 2: Put in place the controls
• Generally you need to focus on 4 x things
1.
How do you handle business data
2.
How do you handle PII personally identifiable information
3.
How do you actively prohibit certain usage or behavior
4.
How do you passively (afterwards) audit the usage or behavior
• You would have to prohibit certain behaviour (like uploading content with social security numbers or evident trade secrets to cloud)
• On many use cases and types of data you can rely on an audit or investigation afterwards , no active measures are required
• Admit that you would need some new technology/equipment to facilitate the controls
• I have drawn a flow chart how the decisions on cloud controls could be made (following slide)
• Recommendation Your document should include a topology drawing of the endstate of your environment (first make it work in
PowerPoint)
4
5. Cloud Security controls
4 x angles on it
RA
Policies
Regulation
Deployment of controls
2
1
Controls of content
Legal
4
3
Control of procurement
Control of ”cloud perimeter”
Control of externalities
Data classification
Active / Access
Passive / Audit
Data Loss Prevention, Log mgmt and SIEM
systems
encryption
Control of
automata in
the cloud
Control of
user-initiated
procurement
Active / Access
Testing tools
Change Mgmt
practises, helpdesk tools
IPS, Session Control,
Virtual environment
specific controls, 2FA
Forensics / Incident Response
5
May need additional tools or capabilities after cloud
Passive / Audit
Log mgmt and
SIEM systems
Reactive
2 x cloud providers,
reserve capacity on
premises
Proactive
Maybe some
financial info
service feed?
6. Controls of content
In another words, controls on which data can be sent / copied from cloud
The sub-area in practise
• Prevent business data and PII information from leaking into cloud or from the cloud (if it is not allowed by policy)
Control tools
• You need Classification document, schema or equivalent definition what is allowed on cloud (may not be trivial)
• Prepare that you do need the ”Active” control ‟ if you leak company information to cloud and it’s exploited, an audit function after 6
months would not help you, mistake already happened
• In absense of classification, then split data into very small number of categories (< 5)
−
If you split your company’s data into two categories, it would be: Category A: data with social security number Category B: data without it
−
Substitute your category item with ”credit card number”, ”street address”, ”phone number”, but plan for something simple which you know would work in a
control tool like DLP Data Loss Prevention
−
Some content can be classified while it’s created, a DLP system would put a marker onto the file, allowing / prohibiting upload to cloud, this might apply to
i.e. CAD drawings
Goal for the control
• If a user or a system tried to upload content onto cloud, the system would verify if it’s allowed, and provide a response, to some extent
the control should work on download as well (meaning cloud-based content download)
• If the control is prohibitive, then you should be able to provide the alternative or allowed solution, that might be an on-premise
6
arrangement or encryption before upload
7. Controls on content - encryption is key
Securing “data-in-process,” in addition to “at rest” and “in motion”
Advances
Alternatives
• Broadcast encryption: encryption for
• Tokenization. Data sent to the public cloud is
groups and memberships
• Searchable symmetric encryption:
securely search encrypted data
• Identity-based encryption: ad-hoc PKI,
user chooses his own public key
• Predicate encryption: fine-grained PKI
• Homomorphic encryption: emerging
techniques to compute on ciphertext
7
altered (tokenized) and contains a reference
to the data residing in the private cloud.
• Data anonymization. Personally identifiable
information (PII) is stripped before
processing. (Watch assumptions!)
• Utilizing cloud database controls. Using
(fine-grained) access controls at database
layer to provide segregation.
8. Controls on procurement
In another words, controls over non-excessive use of cloud services
The sub-area in practise
• Prevent a user or a system from signing on and using payable services beyond budget or other commercially reasonable limitation
• In an on-premise world, the server is bought, deployed and enjoyed, no additional expense after it’s installed
• In a cloud you pay more if you use more, that can result in budget overdrafts and additional expenses if not controlled
Control tools
• You need A cloud service with functionality to limit invoicing
−
If not possible, there might be possibilities to alert by SIEM or by IPS if certain traffic / addresses are in use ”longer than x period”
−
Tools like the HP ArcSight CloudConnector (a combination of technology and partnerships) possible, but are limited in coverage of supported cloud services
• Cloud services might be used for systems which require / provide scaling, for those you need
−
Need to limit reactive scaling to only be commercially reasonable, not what is technically available
−
Need to test any automata created with cloud scaler abilities may require additional testing tools or effort
−
May need to limit user / department from vertical / horizontal scaling if they are a function of the cloud service
Goal for the control
• Need to limit to what’s commercially reasonable or limit to certain budget
8
9. Control of the perimeter
In another words, prohibit attacking from the cloud and to the cloud
The sub-area in practise
• Technology and/or services to withstand possible attacks over the ”cloud perimeter border”
Control tools
• Different approaches exist for active (access) control
−
Network based protection, either in firewall or in an IPS device, may also be specific to advanced targeted malware
−
Tokenization, has been primarily used in securing the PCI DSS environments but technologies exist to control access to cloud in transparent fashion, useful
in hybrid arrangements
−
Session based methods, for controlling access to cloud services
−
2FA is recommended to be more immune to service hijacking
• The passive control is needed for audits, but also for possible forensics
−
Think about how you make ongoing audits on cloud usage, cloud is way too dynamic for annual or bi-annnual controls
−
Some services allow RESTful download of logs, use that where possible
−
It is likely log cannot be gathered from the cloud service per se, instead the evidence needs to be created as evidence from a number of devices’ logs
−
Deploy DVR (meaning the user’s screen is recorded) where logging is not feasible / possible
Goal for the control
• Prevent adversaries to attack you from the cloud, and prevent your network to be utilized in attacks to the cloud
9
10. Control of the externalities
In another words, manage the circumstances of noisy neighbours in the cloud
The sub-area in practise
• This is to manage the circumstances when customer procures from a multitenant infrastructure, and that provider then has other
customers who use the capacity so excessily that your services are affected (”noisy neighbour”)
Control tools
• Obvious control would be not allow procurement of multitenant services, but that would raise cost, and the cloud phenomen is driven
by efficiency of multitenant model
−
Watch your trust chain: externality event risk might be inside SaaS services if the ISV itself utilizes public cloud services
• Should an externality event occur, the action would be to move the services back to on-premise or to another cloud service provider
• You need
−
Define minimum cloud services in quantity‟ it might be practical to have two public cloud providers, and ensure transportability between them
−
Define decision criteria - under which cicrcumstances are the services transferred to another provider? Performance degradation? Something else?
−
Define migration priority - how is the actual fallback / migration carried out? By whom? Prioritized by what? Or laissez-faire?
−
Define reserve capacity if you want to keep something on-premises How much excess capacity is reserved for possible ”fallback from the clouds”
Goal for the control
• Users are provided with commercially reasonable service
10
11. Final comments
Have fun with your cloud controls
Yes – all this is absolutely doable
• The above describe your controls when you aim for public Amazon-like clouds
• If you have in your crosshairs more like a private cloud or a system where someone manages the cloud for you, you can axe most of
what was mentioned
Some say there should be additional legal control
• A customer pointed that they started with an outsourcing provider, and then gradually moved to cloud-like services, and then again
gradually moved to services delivered from outside of EU, and that the legal issues in terms of geopgraphy would need a separate
cloud control
• While sympathetic to the worry, it is likely there already was a control insisted by the customer in the outsourcing contract to prohibit
this behavior
• If not, and if according to the customer’s RA cloud services from outside of EU are not tolerated, a contract change would have to be
requested by the customer to facilitate this additional control
• In the end of the day, you might have requirements which are incompatible with some cloud providers or with some cloud use cases
11
12. Petteri Heino
Sales Specialist for ESS Enterprise Security Services Finland & Baltics
18 years in various sales jobs, last 6,5 years at HP , previously i.e. at Digital, Cisco Systems and Computer Associates
Author of 4 IT books
Email petteri.heino@hp.com
My fourth book:
Pilvipalvelut – cloud computing
While the phenomen was in 2010 still
in its infancy I wrote for publisher
Talentum a book on it. I have also been
a presenter in their seminars on ”cloud
for lawyers”. The book is widely
available in Finnish public libraries.
Everybody knows much more about
cloud nowadays, but I am still not
overly embarrased of the content.
Maybe some more punch into the
security and privacy chapters...
I am silently working with baby steps
on my next book, codename ”9X”.
12