Cloud Security Engineering Education Materials prepared by Gokul Alex. It covers the essential tools and techniques to protect cloud enterprise architectures and cloud information systems.
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
Safeguarding the cloud with IBM Security solutions - Maintain visibility and control with proven security solutions for public, private and hybrid clouds.
Cloud Security - Emerging Facets and FrontiersGokul Alex
My session on Cloud Computing Security prepared for ISC2 Bangalore Chapter MeetUp. It is a walkthrough on the fundamental axioms of cloud security with reference to architecture standards, industry best practices and a coverage of some of the most pertinent attack vectors in the recent times. This presentation delves deeper into Cloud Security Reference Architectures, Cloud Security Operating Models, Cloud Firewalls, Cloud Identity Access Management Models, Cloud Malware Concepts etc.
The Cloud Security Rules on hour presentation as given at The Norwegian Developer Conference in Oslo, June 2012 (NDC Oslo 2012).
Targeting managers and decision makers, helping them to understand how to choose the best cloud supplier for their needs.
This presentation is on the basics of cyber security and cloud computing, where it also addresses the aspects ethical hacking in detail.
The url of the live presentation: http://syscolabs.lk/blog/cyber-security-and-cloud-computing/
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
Safeguarding the cloud with IBM Security solutions - Maintain visibility and control with proven security solutions for public, private and hybrid clouds.
Cloud Security - Emerging Facets and FrontiersGokul Alex
My session on Cloud Computing Security prepared for ISC2 Bangalore Chapter MeetUp. It is a walkthrough on the fundamental axioms of cloud security with reference to architecture standards, industry best practices and a coverage of some of the most pertinent attack vectors in the recent times. This presentation delves deeper into Cloud Security Reference Architectures, Cloud Security Operating Models, Cloud Firewalls, Cloud Identity Access Management Models, Cloud Malware Concepts etc.
The Cloud Security Rules on hour presentation as given at The Norwegian Developer Conference in Oslo, June 2012 (NDC Oslo 2012).
Targeting managers and decision makers, helping them to understand how to choose the best cloud supplier for their needs.
This presentation is on the basics of cyber security and cloud computing, where it also addresses the aspects ethical hacking in detail.
The url of the live presentation: http://syscolabs.lk/blog/cyber-security-and-cloud-computing/
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
Everything and anything is hackable and vulnerable in some ways. Even with all the security governance and check points, businesses are still being cyberattacked & hacked regularly.
Did you know, a public IP is attacked by a hacker after the first five minutes of life on the internet.
This presentation directly explores the 7 dangerous ways to Cyberattack Azure and provides countermeasures.
More importantly, provides some guidance to start protecting your business in the Cloud!
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
Cloud has many advantages over the traditional on-premise infrastructure; however, this does bring many new concerns around issues of system security, communication security, data security, privacy, latency and availability. When designing and developing Cloud SaaS application, these security issues need to be addressed in order to ensure regulatory compliance, security and trusted environment in AWS and Azure.
The presentation provides real-world cloud security scenarios (problem statements) and proposed solutions for each security design pattern. Also covers the different security aspects of system including, data security to privacy and GDPR related problems.
Cloud Security is critical to Data Security and Application Resilience against CyberAttacks. This talk looks at Security Best Practices that need to be practised.
This talk was presented at AWS Community Day Bengaluru 2019 by Amar Prusty, Cloud-Data Center Consultant Architect, DXC Technology
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
Managing Cloud Security Risks in Your OrganizationCharles Lim
Any Organization in the World need to prepare themselves before they move to the cloud, i.e. cloud security risk assessment. It is all about managing your risks if you accept to move to the cloud and understanding the risks and benefits should be essential part of any organization thinking to move to cloud infrastructure.
Slide on Cloud Security. This defines the possible aspects on Cloud Security. Images are taken from different Websites which are mentioned on references section.
Cloud Security or Cloud Computing Security refers to a set of policies, procedures, and controls to safeguard cloud-based systems, infrastructure, and data.
Cloud Security involves the policies and procedures that safeguard cloud computing environments against cyberattacks.
In the talk I speak about our year long journey of implementing a distributed system that needed to run on scale, and what mistakes we made and how we learnt from them. Talk also touches on a very interesting problem of ordering writes in a distributed environment without any locking. The takeaway for the audience would be around how to approach a problem when they are solving for scale.
This talk was presented at AWS Community Day Bengaluru 2019 by Manik Jindal, Computer Scientist, Adobe
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify.
You will learn and discuss the answers to these questions and more:
• What is the current state of Mirai and Mirai variants?
• What Distributed Denial of Service (DDoS) defenses do you have in place?
• How can you prepare to detect and defend against them botnet malware?
• What is recommended in the September 2018 NISTIR Draft,
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
Everything and anything is hackable and vulnerable in some ways. Even with all the security governance and check points, businesses are still being cyberattacked & hacked regularly.
Did you know, a public IP is attacked by a hacker after the first five minutes of life on the internet.
This presentation directly explores the 7 dangerous ways to Cyberattack Azure and provides countermeasures.
More importantly, provides some guidance to start protecting your business in the Cloud!
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
Cloud has many advantages over the traditional on-premise infrastructure; however, this does bring many new concerns around issues of system security, communication security, data security, privacy, latency and availability. When designing and developing Cloud SaaS application, these security issues need to be addressed in order to ensure regulatory compliance, security and trusted environment in AWS and Azure.
The presentation provides real-world cloud security scenarios (problem statements) and proposed solutions for each security design pattern. Also covers the different security aspects of system including, data security to privacy and GDPR related problems.
Cloud Security is critical to Data Security and Application Resilience against CyberAttacks. This talk looks at Security Best Practices that need to be practised.
This talk was presented at AWS Community Day Bengaluru 2019 by Amar Prusty, Cloud-Data Center Consultant Architect, DXC Technology
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
Managing Cloud Security Risks in Your OrganizationCharles Lim
Any Organization in the World need to prepare themselves before they move to the cloud, i.e. cloud security risk assessment. It is all about managing your risks if you accept to move to the cloud and understanding the risks and benefits should be essential part of any organization thinking to move to cloud infrastructure.
Slide on Cloud Security. This defines the possible aspects on Cloud Security. Images are taken from different Websites which are mentioned on references section.
Cloud Security or Cloud Computing Security refers to a set of policies, procedures, and controls to safeguard cloud-based systems, infrastructure, and data.
Cloud Security involves the policies and procedures that safeguard cloud computing environments against cyberattacks.
In the talk I speak about our year long journey of implementing a distributed system that needed to run on scale, and what mistakes we made and how we learnt from them. Talk also touches on a very interesting problem of ordering writes in a distributed environment without any locking. The takeaway for the audience would be around how to approach a problem when they are solving for scale.
This talk was presented at AWS Community Day Bengaluru 2019 by Manik Jindal, Computer Scientist, Adobe
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify.
You will learn and discuss the answers to these questions and more:
• What is the current state of Mirai and Mirai variants?
• What Distributed Denial of Service (DDoS) defenses do you have in place?
• How can you prepare to detect and defend against them botnet malware?
• What is recommended in the September 2018 NISTIR Draft,
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go.
Putting too much trust in security products alone can be the downfall of an organization. In the 2015 BSides Tampa talk “Pentest Apocalypse” Beau discussed 10 different pentesting techniques that allow attackers to easily compromise an organization. These techniques still work for many organizations but occasionally more advanced tactics and techniques are required. This talk will continue where “Pentest Apocalypse” left off and demonstrate a number of red team techniques that organizations need to be aware of in order to prevent a “Red Team Apocalypse” as described in the tabletop scenario above.
Secure Application Development in the Age of Continuous DeliveryTim Mackey
As delivered at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
HIPAA 101 Compliance Threat Landscape & Best PracticesHostway|HOSTING
The healthcare IT landscape is changing daily, and trying to keep up with requirements like HIPAA and HITECH can leave you and your clients extremely vulnerable. Register today to hear more about the current HIPAA threat landscape and learn best practices for protection.
Experts from Hostway and Alert Logic will keep you up-to-date on the latest trends in healthcare IT.
You'll learn about the following:
- The current state of the healthcare IT industry and the role of HIPAA
- Threats associated with the healthcare landscape
- How a security breach can impact your organization
- Security best practices for HIPAA compliant cloud hosting and more!
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...Priyanka Aash
Breaches are at all time high. In this webinar learn the do's and don't of handling breach disclosure. Best practices of how to set up a bounty program . How to respond to responsible disclosures? Do's and Don'ts and learning from the industry.
Key Points To Be Discussed:
-How to build a vulnerability disclosure program?
-What are various types of vulnerability disclosures programs?
-When and when NOT to have a bug bounty program?
-Do's and Don'ts for handling a breach disclosure
The vast majority of cloud security threats are from misconfigured IaaS instances, compromised accounts, and insider threats but there's emerging threats on the rise as well. And you’ll need deep visibility into your workloads and containers to fight back.
Join us for a live webinar with James Condon, Director of Research at Lacework on the current and emerging threats to public cloud and how best to automate security and compliance across AWS, Azure, and GCP, including:
Current and emerging threats to AWS, Azure, and Google Cloud environments
Recommendations on how to prevent, detect, analyze, and respond to cloud cyber attacks
How to move away from a network-centric mindset and adopt a cloud approach
How Lacework can help you automate security and compliance across AWS, Azure, GCP, and private clouds
Application security meetup k8_s security with zero trust_29072021lior mazor
The "K8S security with Zero Trust" Meetup is about K8s posture Management and runtime protection, ways to secure your software supply chain, Managing Attack Surface reduction, and How to secure K8s with Zero-Trust.
Outpost24 webinar - Understanding the 7 deadly web application attack vectorsOutpost24
Modern web applications are complex, it is often made up of many layers where potential flaws could appear making it hard to secure. That’s why it’s important to understand the key attack vectors hackers use to spot entry points and map your attack surface during reconnaissance and work back from there to protect your web application footprint.
Similar to Cloud Security Engineering - Tools and Techniques (20)
Blockchain Technology in Banking Services - A ReviewGokul Alex
My session for IIM Bengaluru for the Executive Leaders of Public Sector Banks in India about the principles, paradigms, platforms, protocols and potentials of Blockchain Technology in 2020.
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFGokul Alex
DEFCON is is one of the world's largest and most notable hacker conventions in the world. It an esoteric experience of an elusive kind. It is a daring dream to destroy the dystopian darkness of super surveillance states. Here we are presenting our passion for Blockchain Security in DEFCON 28, based on the theme - 'Preventing DDoS Attacks on Ethereum 2.0 using Verifiable Delay Function Powered Authentication Architectures'. When we teamed up together a month ago, we never ever imagined that we will march into the league of extraordinary hackers to present our beloved blockchain security models in-front of the pioneers and paragons in the security space. We are grateful to all our well wishers in Governments, Private Sector, Academic Institutions, Think Tanks, Research Organisations across the world who has inspired us to deep dive on the creative convergence of cryptography and consensus algorithms to weave this world together. Our session is part of the Block Village stream in the DEFCON 28. Please find further details of the event in the Block Village portal. https://www.blockchainvillage.net/schedule2020
#defcon2020 #defcon28 #cybersecurity #ethereum #blockvillage #blockchainsecurity #blockchainaudit
Digital Innovation and Dynamics of Entrepreneurship Gokul Alex
Presentation by Gokul Alex on the Dynamics of Entreprenship and how Digital Innovation powers the journey into business mastery. He has presented this session for the Career Guidance Unit of Sarabhai Institute of Science and Technology, Trivandrum.
Decentralised AI and Distributed Ledgers - An IntroductionGokul Alex
The presentation on Decentralised Machine Intelligence powered by Distributed Ledgers from Gokul Alex in the 3AI Association Thought Leadership Forum Webinar Series. An introduction to Ocean Protocol, Raven Protocol, SingularityNET and reference architectures of decentralised machine intelligence.
R3Corda - Architecture Overview - Concepts and ComponentsGokul Alex
All India Council for Technical Education AICTE India has organised a Short Term Training Program (STTP) on Blockchain Technology for Engineering Educators across India over in this week. It was an exciting event for us in working on the convergence of academia and industry. Thanks to the support from 'The Blockchain Network' (TBN), I could present a couple of protocol and platform deep dive sessions on Hyperledger Fabric and R3 Corda. Please find the compilation of concepts and components that we have discussed on R3 Corda in this session in the attached document. Request your views and comments!
Covid19 ContactTracing - Privacy Preserving Proximity ProtocolsGokul Alex
Presentation Session by Gokul Alex for Tamil Nadu Science Foundation on the Collection of Cryptographic Techniques for COVID-19 Contact Tracing in the framework of Privacy Preserving Proximity Protocols. This is a research report compiled in collaboration with EPIC Knowledge Society, RedTeam Hacker Academy, Beyond Identity, Semiot Protocols, Cyanaura Maps.
Cybersecurity Context in African Continent - Way ForwardGokul Alex
The slides from the presentation session by Gokul Alex on the Enigmatic Economy of Cyber Crimes and Cyber Attacks across the globe with the specific focus on African Continent ravaging countries such as South Africa, Nigeria, Kenya, etc. Cybersecurity issues are looming large and assuming larger significance in the post pandemic political economies. This presentation was delivered to the TAFFD Virtual Conference on Cybersecurity in July 2020 together with Red Team Hacker Academy and BeyondIdentity.
Creative Careers for Post Pandemic TimesGokul Alex
A lecture on the creative careers for the post-pandemic times by Gokul Alex, founder of EPIC Knowledge Society for the Webinar Organised by Teknowledge Edutainers with the focus on understanding the rise of societal technology infrastructure in the pandemic times and foreseeing the emerging trends in technology in the post-pandemic times in areas such as AI, Analytics, Blockchain, Privacy, Geospatial Analytics, Biohacking, Bioinformatics, Drones, Internet of Things, Privacy Preserving Protocols, Robotics etc. This presentation is envisioning a convergent and connected technology infrastructure with the focus of social entrepreneurship and digital health in recent times.
Imagining Intelligent Information Machines for 2020Gokul Alex
A Strategic Roadmap for Artificial Intelligence in Social Sector considering the challenges and constraints of 2020. A survey of global reference case studies, key pillars, maturity models, growth markets, revenue projections, use cases etc.
Blockchain Essentials for Business Leaders - Value Propositions and Advantage...Gokul Alex
This is an Executive Leadership Workshop Program by Gokul Alex on the fundamentals and frontiers of Blockchain which is a transformative technology covering key concepts such as value proposition design, competitive advantage, operating models, value streams, architecture frameworks etc. It is a distillation of essential concepts and emerging frontiers in the world of distributed ledger technologies.
A Concise Introduction to Cryptographic ConceptsGokul Alex
A Concise Introduction to Cryptographic Concepts by Gokul Alex in the ALTERED 2020 Virtual Conference Organised by IEEE Kerala Section in MBCET. This session covers the historic emergence of cryptographic schemes such as Ceaser Cipher, Substitution Cipher, Transposition Cipher, Vigenre Cipher, Vernam Cipher, One Time Pad, RSA, Diffie Hellman, Elliptic Curves, Hash Algorithms etc.
Applying Blockchain Technology for Digital TransformationGokul Alex
My virtual webinar session on applying Blockchain Technology for Digital Transformation of Contemporary Business Models in the UL Talks Series organised by ULTS, the IT Subsidiary of ULCCS. This presentation is a journey through the basic concepts of Blockchain Technology and a compilation of interesting business cases around Blockchain Technology.
Cognitive Commerce powered by Creative Convergence of AI, Analytics and Autom...Gokul Alex
Key Note Address by Gokul Alex in the Estuary 2020 Event organised by Indian Maritime University in Chennai on the theme of E-Commerce and Digital Technologies.
Decentralised AI through Distributed Ledger Technologies Gokul Alex
My seminar lecture session on Decentralised AI through Distributed Ledger Technologies in the second National Seminar on Machine Intelligence organised by University of Kerala, Department of Computer Science on 24th January 2020. I have covered the foundations of distributed ledger technologies, decentralisation roadmap, decentralised AI and decentralised data exchanges in this session.
Quantum Computing - A History in the Making Gokul Alex
Please find my key note lecture on Quantum Computing presented at the RedTeam Security Summit 2019 in North Kerala at Malabar in Calicut City. This session is a survey on the history of Quantum Computing from early 1960's to the recent Quantum Supremacy experiment done by Google along with University of Santa Barbara. It captures the history from conjugate coding to sycamore processor succinctly. It also captures the essence of post quantum cryptography and quantum algorithms.
Introduction to Blockchain Business ModelsGokul Alex
From my presentation on Blockchain Business Models delivered at World Trade Centre, Bengaluru. This session was a deep dive on Business Modelling Techniques and their relevance to Blockchain Projects and Platforms. Business Model Canvas is tailor made for various blockchain engagements. I have compiled a collection of 20 business models around blockchain in this deck.
A Deep Dive into the Interplay of Cryptographic Schemes and Algorithms powering the state of the art security models in Blockchain as manifested by the legendary Cryptocurrency Scheme Bitcoin. Presented in the IT Audit and Cybersecurity Conclave Organised by ISACA and Red Team Hacker Academy in Kochi, Kerala.
Introduction to Blockchain Governance ModelsGokul Alex
The presentation on the history and emergence of distributed consensus and the contemporary aspects of Blockchain Governance presented for the Global FinTech and Blockchain Forum organised by Pyramid Learning Platforms.
Generational Adversarial Neural Networks - Essential ReferenceGokul Alex
My presentation on Generational Adversarial Neural Networks and the Challenges of Adversarial Learning Conditions in Neural Networks presented during the National Symposium on Machine Intelligence organised by Kerala University in 2017 in Thiruvananthapuram.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Let us look at the
Cloud Security Insights Report
https://www.isc2.org/-/media/ISC2/Landing-
Pages/2019-Cloud-Security-Report-ISC2.ashx
3. Top Cloud security Findings
of 2019
• The top cloud security concern of
cybersecurity professionals is data loss
and leakage (64%)
• The top cloud security vulnerability is
unauthorised access through misuse of
employee credentials and improper
access controls
• Insecure interfaces and APIs is also top
cloud security vulnerability
• Misconfiguration of cloud platforms
comes as the second most severe cloud
vulnerability
5. Cloud Security Concerns
• Data Loss (64%)
• Data Privacy (62%)
• Compliance Concerns (39%)
• Exposure of Credentials (39%)
• Data Sovereignty (35%)
• Incident Response (29%)
6. Important concepts of this
chapter are the following
• Data loss and leakage (64%)
• Unauthorised access
• Insecure interfaces and APIs
• Misconfiguration of cloud platforms
8. Top data breaches
• Cambridge Analytica
• Accenture
• Verizon
• Booz Allen Hamilton
• Republican National Committee
• Election System & Software
9. CAMBRDIGE ANALYTICA
• Data of up to 87 million users was
compromised in this data leak which
included information such as found in the
Facebook public profile, page likes,
birthday and current city.
• Some Facebook users were found to have
granted app permissions to their news
feeds, timelines, and messages.
• All of the information gleaned from the
leaked data allowed Cambridge Analytica
to build political profiles of each Facebook
user and target specific political
advertisements to influence them in a
particular way.
10. Accenture
• World’s first Cyber Resilience startup
UpGuard discovered in its Cyber Risk
survey that Accenture left at least 4 AWS
S3 storage buckets unsecured.
• As a result of this flaw, the data on these
storage media was available for
download.
• The data exposed in this security goof-up
were authentication credentials, secret
API data, digital certificates, decryption
keys, customer data, and other meta info
which could be easily used by cyber
crooks to mint money.
11. Verizon
• Nice Systems, which is a 3rd party
vendor working for Verizon, committed a
configuration blunder on an AWS S3
bucket which exposed names,
addresses, account details, and pin
numbers of millions of US-based Verizon
customers.
• ‘Nice’ agreed that the mistake was
committed by one of its engineers who
reportedly created a cloud-based file
repository for storing customers call data
which is used by Verizon for backend
office and call center operations.
12. Booz Allen Hamilton
60,000 files were on a public access
on AWS S3 bucket owned by an
intelligence and defence contract of
Booz Allen.
The cache is said to have exposed
28GB of data and this includes
credentials of senior engineers,
passwords of US Government
systems, and over half a dozen of files
containing unencrypted passwords of
government contractors holding top
Secret Facility Clearance.
13. Republican National
Committee
• A 3rd party investigation commissioned
by Deep Root Analytics confirmed that
personal details of more than 198 million
American voters were exposed by a
security flaw on AWS S3 bucket owned
by Republican National Committee
(RNC).
• The exposed data includes birth dates,
phone numbers; self-reported racial
background, home & mailing address,
and party affiliation. This blunder was
committed by an engineer working for
Deep Root Analytics which was providing
data storage services for RNC.
14. Election Systems and
Software (ESS)
Virtually every registered voter information from
Chicago was available for public access when
the engineer working for ES&S left the AWS S3
bucket for public access.
The data was in downloadable format and is
said to have compromised personal info of more
than 1.8 million Chicago voters so far.
The data includes names, addresses, phone
numbers, driver’s license, and social security
numbers.
Moreover, the exposed database is reported to
have created at the time of US 2016 general
elections by the Chicago Board of Election
Commissioners.
16. Publicly Accessible Resources
• The exposure of sensitive data or resources
through misconfigurations or similar modes
• Exposed DBs
• MongoDB
• ElasticSearch
• Redis
• Exposed Storage
• S3
• Google Cloud Storage
17. Risk Mitigations for
Publicly Accessible Resources
• Visibility to Internet facing configurations
• Continuous auditing for open storage and
ports
• Integrate network configuration tests pre-
deployment through CI/CD
• Enforce authentication for DBs
• Encrypt sensitive data at rest
18. Leaked Access Keys
• Programmable IaaS + APIs = need for keys
in many places
• Keys leaked in many ways
• Hardcoded keys
• Code repo misconfigurations
• Code repo hacked
• Phishing
• Exploits
19. Case Study : Uber Breach
• In October 2016, two hackers
compromised Uber’s Github
• Github contained access keys to AWS
• Hackers stole PII on 57 million individuals
• Held data for ransom
• Publicly disclosed late 2017
20. Leaked Access Keys
Risk Mitigations
• Don’t hard code keys
• Build tests in CI/CD to search for keys
• Use key management solutions and SDKs
from cloud providers
• Audit code repositories for
misconfigurations
• Practice least privileges in code
repositories
21. Case Study : Malicious Insider
• IT employee terminated after four weeks
• Use former colleagues credentials to
access company AWS account
• Terminated 23 servers
• Estimated $700,000 is lose to the business
• Deleted data was unable to be recovered
22. Insider Threat Mitigations
• Internal training & awareness
• Practice least privileges
• Use of multi factor authentication
• Exit plan when employees leave
• Physical access removal
• Account access removal
• Disaster recovery plan
• Incident management plan
23. Brute Force Attacks
• Repeated attempts to guess username and
password combinations in an attempt to
gain unauthorised access
• SSH most common service to brute force
on public cloud workloads
• Popular infection vector and propagation
method for linux malware
24. Example -
Bread and Butter Attacks
• Recent malware campaigns
• Begins with Brute Force SSH
• Add user ‘butter’
• Downloads RAT
• RAT communicates with CNC
• RAT downloads XMR miner
• Reported by Gaurdicore
25. Example -
Bread and Butter Attacks
• Strong Passwords
• Monitor for repeated access attempts
• Key based auth when possible
• Restrict service port access
• WAF for internet facing apps
26. Remote Code Execution
• A vulnerability that allows code to be
executed from a remote attacker
• A frequent occurrence with so many
technology stacks, new CVEs every week
• Year old vulnerabilities still a major issue
• Very common infection vector in the cloud
27. Remote Code Execution
• A vulnerability that allows code to be
executed from a remote attacker
• A frequent occurrence with so many
technology stacks, new CVEs every week
• Year old vulnerabilities still a major issue
• Very common infection vector in the cloud
28. Redis Exploit Example
• Honeypot running Redis 2.8.4 on Ubuntu
14.0.4
• Redis exposed to open internet (TCP port
6379)
• Redis quickly exploited by LUA vulnerability
CVE-2015-4335
• Exploit contains payload to download
install script
• Install script downloads backdoor, miner,
kills competitive miners, and setup
persistence.
29. RCE Mitigations
• Patch early and often
• Control network access to services
• Have incident response plans in place for
0-days ( there will always be new exploits )
• Reduce size of attack surface
• Minimal code base and OS foot print
30. Container Escapes
• A vulnerability that allows escape from a
sandbox or a container can mean access to
the host operating system or hypervisor.
• Biggest concern since popularisation of
containers
• Occurs from both misconfigurations and
exploits
• Containerised applications share host
resources, escape can lead to attacks on
other containers
• Container is not a full sandbox
31. Example : RUNC
Container Escape Vulnerability
• CVE - 2019 - 5736 : Execution of malicious
containers allow for container escape and
access to the host file system
• First major container escape of its kind
• Root user in the container or specially
crafted container could overwrite runc
binary with new binary of their choosing
• Runc used in most container platforms,
most notably Docker
32. Container Escape Mitigations
• Follow container best practices to minimise
the chance of successful escape
• Privileged container policy
• Read only root filesystem
• Prepare for rapid response to updating
container platforms and operating systems
33. Supplychain Compromise
• Trusted software is compromised
• Common vectors
• Container image repos
• Third party applications
• Open Source Projects
34. Docker Hub Image Backdoors
• May’ 17 - Feb’ 18 : 17 malicious images
uploaded to Docker Hub
• Images containing crypto jacking
capabilities
• Images downloaded over 5 million times
• First reported in September 2017, removed
in May 2018
• Attackers earned $90k
35. Supplychain
Compromise Mitigations
• Container Images
• Build Your Own
• Use official images if needed
• Control access to the repos
• Image Scanning
• Use least privileges
• Git Signing
• Image Verification
• Understand security of third party vendors
36. Malware
• Any software designed to damage a
computer, server, client, or network
• RATs, Trojans, Backdoors, Downloaders,
Ransomware etc.
• Recent Linux malware is modular in nature,
typically containing a backdoor,
propagation and mining modules
• Typically its a chain of events
• Shell scripts and binaries for Linux
37. Xbash combines BotNet, Ransomeware
in Worm that targets Linux and Windows
• Prolific malware family reported in 2018
• Ransomware, coin mining, propagation and
botnet capabilities
• Self propagation by attacking weak
password and application vulnerabilities
• Ransomware is actually data destroying
and it attacks databases in Linux
• Developed in Python
38. Cloud Security Resistant
Malware
• Malware samples associated with threat actor
Rocke Group are now capable of uninstalling
cloud security products
• Rocke Group's modus operandi is exploiting
vulnerabilities in web services including Apache
Struts 2, Oracle WebLogic, and Adobe
ColdFusion, providing a backdoor for the
attacker to gain shell access
• The newly-discovered samples include
additional instructions to block popular security
products used on Alibaba and Tencent cloud
platforms, including Alibaba Threat Detection
Service, Alibaba CloudMonitor, Alibaba Cloud
Assistant, Tencent Host Security, and Tencent
Cloud Monitor.
39. Let us talk about
Cloud Security Standards
Following are the important standards
ISO / IEC 27017 : 2015
MTCS SS 584
CCM
NIST 800-53
40. Cloud Control Matrix (CCM)
• The Cloud Security Alliance Cloud
Controls Matrix (CCM) is specifically
designed to provide fundamental
security principles to guide cloud
vendors and to assist prospective
cloud customers in assessing the
overall security risk of a cloud
provider.
• Cloud Control Matrix Info Sheet
• Cloud Control Matrix Audit
• Cloud Control Matrix Gap Analysis
41. NIST SP 800-53
NIST Special Publication 800-53
covers the steps in the Risk
Management Framework that
address security control selection
for federal information systems in
accordance with the security
requirements in Federal
Information Processing
Standard (FIPS) 200.
42. ISO / IEC 27017: 2015
• ISO/IEC 27017:2015 gives guidelines for
information security controls applicable to the
provision and use of cloud services by
providing:
• Additional implementation guidance for
relevant controls specified in ISO/IEC
27002;
• Additional controls with implementation
guidance that specifically relate to cloud
services.
• This Recommendation | International Standard
provides controls and implementation
guidance for both cloud service providers and
cloud service customers.
43. Important concepts of this
chapter are the following
• The ISO 27017 : 2015
• NIST 800 SP 53
• Cloud Control Matrix
44. Best Practices
To prevent data breaches
To prevent mis configurations
To build a cloud security ecosystem
45. Best practices for a
Cloud Security Ecosystem
• Shared Responsibility Model
• Policy Definition
• CMDB Audit
• SIEM / Logging / Auditing
• IdP
• Configuration Management
• Orchestration Workflows
• Web Application Firewalls
• File Integrity Monitoring
• Continuous Integration
• Source Code Repositories
46. Best practices for avoiding
data breaches in cloud
• Audit for misconfiguration in cloud
• Patch for known security vulnerabilities
• Enabling least privilege user permissions
and access
• Proactively monitor security events in the
cloud
• Using CASB and Machine Learning
Techniques for cloud monitoring
47. Best practices for mitigate cloud
attacks with configuration hardening
• Misconfiguration cloud result in typical attack
scenarios including several kill chain steps such
as reconnaissance, lateral movement, privilege
escalation, data acquisition, persistence and
data exfiltration
• For example, the private data of six million
Verizon users was exposed when maintenance
work changed a configuration and made an S3
bucket public.
• In practice, cloud providers provide tools that
enterprises can use to secure hosted assets.
While cloud providers must be vigilant in how
they protect their data centers, responsibility for
securing access to apps, services, data
repositories and databases falls on the
enterprises.
48. Best practices for securing
and hardening OS in Cloud
Hardening provides layers of security at the host level,
application level, operating system level, physical level,
user level, and all the sub levels. Following are some of
the important OS hardening steps.
Change SSH Default Port
• By default, SSH daemon listen on port 22 which
means if anyone figures out your IP address, an
attempt to connect to your server.
• You may avoid this using strong password, but still,
they can launch brute force attacks and disturb the
servers.
• The possible solution to this is changing the SSH
port so that even if someone knows the IP address,
they cant attempt to connect using the default SS
port.
49. Best practices for securing
and hardening OS in Cloud
Protection from brute force attacks
• Initiating the brute force is the common method used
by a hacker to take control of your web applications
such as WordPress, Joomla etc.
• You can use one of the two programs to harden your
Linux system from brute force that is SSHGuard and
Fail2Ban.
• SSHGuard continuously monitors the service from the
system and blocks recurring unsuccessful attempts.
• Fail2Ban is another alternative program to protect
your SSH port.
• They automatically update the iptables rule if it detects
any unsuccessful login attempts after reaching a
certain threshold.
50. Best practices for securing
and hardening OS in Cloud
Disabling Password Based Authentication
• If you’ve many users who often log in from public
computers, it might be cumbersome to exchange the
key every time. We recommend disabling password-
based authentication to avoid this condition
Protection from DDoS attacks
• Use the load balancers by configuring it to internet-
facing, such that server IP is not exposed to the internet.
• Use CDN to improve the performance and the security of
the server. By using the CDN, you are exposing the IP
address of the CDN provider and your Origin IP remains
unexposed.
• Leverage the IPTables to block suspicious requests,
bogus TCP flag, private subnet etc.Use either hardware-
based firewall or software-based firewall.
51. Best practices for securing
and hardening OS in Cloud
• Take Regular Backup
• Taking regular back saves you when the breach occurs. All
the cloud providers offer the daily backup feature. If you are
using AWS, Azure or Google Cloud then make sure to
enable daily snapshot. Using backup, you can restore the
entire VM and you will be back in business with a small
downtime.
• Update the OS Regularly
• OS should be regally updated whenever the new update is
released to make sure the servers are not exposed to the
latest security vulnerabilities.
• Keep the Ports Closed
• To run a website in Virtual Machine, you need to only keep
the ports 80 (HTTP) or 442 (HTTPS) open. AWS cloud
offers security group which allows you to open the required
ports. And for the more refined control you can use the
network ACL. Similarly, Google Cloud offers Firewall rules
to make the necessary changes to ports.
52. Best practices for Cloud
Infrastructure Security
• Operating System Security
• Increase the security measures of
the underlying operating systems
using specific security hardening
tools. For example, Microsoft
Baseline Security Analyzer
(MBSA), Bastille Linux, etc.
• Install an Intrusion Detection
System (IDS), such as Open
Source Security (OSSEC) and
CISCO Security Agent (CSA), at
the operating system level.
53. Best practices for Cloud
Infrastructure Security
• Network Management
• Use customer RSA security
tokens or client SSL certificates
instead of access passwords in
the console mode.
• Limit the number of network ports
to the minimum. Except for public
services like HTTP/HTTPS, limit
the number of source IP
addresses authorised to connect,
especially to administrative remote
accesses services.
55. Scout Suite
• https://github.com/nccgroup/ScoutSuite
• Multi-Cloud Security auditing tool for AWS,
Google Cloud and Azure environments
• Scout Suite is an open source multi-cloud
security-auditing tool, which enables security
posture assessment of cloud environments.
• Using the APIs exposed by cloud providers,
Scout Suite gathers configuration data for
manual inspection and highlights risk areas.
• Rather than going through dozens of pages
on the web consoles, Scout Suite presents a
clear view of the attack surface automatically.
56. Prowler
• Prowler is a command line tool for AWS
Security Best Practices Assessment,
Auditing, Hardening and Forensics
Readiness Tool.
• It follows guidelines of the CIS Amazon
Web Services Foundations Benchmark
(49 checks) and has 40 additional
checks including related to GDPR and
HIPAA.
• It covers best practices related to AWS
such as IAM, logging, monitoring,
networking, CIS level 1&2, Forensics,
GDPR, HIPAA etc.
57. CloudSploit
• CloudSploit scans is an open-source
project designed to allow detection of
security risks in an AWS account.
• These scripts are designed to run
against an AWS account and return a
series of potential misconfigurations and
security risks.
• CloudSploit provides free and paid
hosted versions of the cloud security
scanner with numerous additional
features:
• https://github.com/cloudsploit/scans
58. Cloud Mapper
• CloudMapper helps you analyze your Amazon Web
Services (AWS) environments.
• The original purpose was to generate network
diagrams and display them in your browser.
• It now contains much more functionality, including
auditing for security issues.
• Network Mapping Demo
• Report Demo
• Intro Post
• Post to show spotting misconfiguration in networks
• Post to perform continuous auditing
• https://github.com/duo-labs/cloudmapper
59. SkyArk
• SkyArk is a cloud security project with two main scanning
modules: AWS Stealth and Azure Stealth
• SkyArk currently focuses on mitigating the new threat of Cloud
Shadow Admins, and helps organisations to discover, assess
and protect cloud privileged entities.
• Stealthy and undercover cloud admins may reside in every
public cloud platform and SkyArk helps mitigating the risk in
AWS and Azure.
• In defensive/pentest/risk assessment procedures - make sure
to address the threat and validate that those privileged entities
are indeed well secured.
• SkyArk deals with the new uprising threat of Cloud Shadow
Admins - how attackers can find and abuse non-trivial and so-
called “limited” permissions to still make it through and escalate
their privileges and become full cloud admins.
• Furthermore, attackers can easily use those tricky specific
permissions to hide stealthy admin entities that will wait for
them as an undercover persistence technique.
60. Komiser
• Cloud Environment Inspector
• Analyze and manage cloud cost, usage,
security, and governance in one place.
• Control your usage and create visibility across
all used services to achieve maximum cost-
effectiveness.
• Detect potential vulnerabilities that could put
your cloud environment at risk.
• Get a deep understanding of how you spend
on the AWS, GCP, OVH, DigitalOcean and
Azure.
• https://github.com/mlabouardy/komiser
61. Perimeterator
• Perimeterator is a small project intended to allow for
continuous auditing of internet facing AWS services.
• It can be quickly deployed into AWS and will
periodically enumerate internet-facing IP addresses
for a number of commonly misconfigured AWS
resources.
• The results from this enumeration process are pushed
into a work queue for scanning by external scanner
'workers' in order to locate open network services.
• Scanner 'workers' can be deployed anywhere, and
are intended to be deployed into non-trusted
networks in order to provide a representation of
access to services from the "general internet”.
• All communication between Perimeterator
components occurs asynchronously through the use
of AWS SQS queues.
62. Pacu
• The AWS exploitation framework, designed for testing the
security of Amazon Web Services environments.
• Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud
environments.
• Pacu allows penetration testers to exploit configuration flaws
within an AWS account, using modules to easily expand its
functionality. Current modules enable a range of attacks,
including user privilege escalation, backdooring of IAM users,
attacking vulnerable Lambda functions, and much more.
• Pacu is a fairly lightweight program, as it requires only
Python3.5+ and pip3 to install a handful of Python libraries.
• Pacu uses a range of plug-in modules to assist an attacker in
enumeration, privilege escalation, data exfiltration, service
exploitation, and log manipulation within AWS environments.
• https://github.com/RhinoSecurityLabs/pacu
63. CloudTracker
• CloudTracker helps you find over-privileged IAM
users and roles by comparing CloudTrail logs
with current IAM policies.
• new open-source tool from Duo Security for
easily analyzing CloudTrail logs from Amazon
Web Services (AWS)!
• CloudTracker reviews CloudTrail logs to identify
the API calls made by an actor and compares
this with the IAM privileges that the actor has
been granted to identify privileges that can be
removed.
• CloudTracker requires you to have loaded your
CloudTrail logs into ElasticSearch.
• https://github.com/duo-labs/cloudtracker
64. Lunar
• This scripts generates a scored audit
report of a Unix host's security. It is
based on the CIS and other frameworks.
• Where possible there are references to
the CIS and other benchmarks in the
code documentation.
• It can also can perform a lockdown.
Unlike some other scripts it has
capability to backout changes. Files are
backed up using cpio to a directory
based on the date.
• https://github.com/lateralblast/lunar
65. Pacbot
• Policy as Code Bot (PacBot) is a platform for continuous
compliance monitoring, compliance reporting and security
automation for the cloud.
• In PacBot, security and compliance policies are implemented
as code.
• All resources discovered by PacBot are evaluated against
these policies to gauge policy conformance. The PacBot
auto-fix framework provides the ability to automatically
respond to policy violations by taking predefined actions.
• PacBot packs in powerful visualization features, giving a
simplified view of compliance and making it easy to analyze
and remediate policy violations.
• PacBot is more than a tool to manage cloud
misconfiguration, it is a generic platform that can be used to
do continuous compliance monitoring and reporting for any
domain.
• https://github.com/tmobile/pacbot
67. Azure Sentinel
• Cloud-native SIEM for intelligent security analytics and
Security Orchestration Automated Response Tool
(SOAR).
• https://github.com/Azure/Azure-Sentinel
• Azure Sentinel makes it easy to collect security data
across your entire hybrid organization from devices, to
users, to apps, to servers on any cloud.
• It uses the power of artificial intelligence to ensure you
are identifying real threats quickly and unleashes you
from the burden of traditional SIEMs by eliminating the
need to spend time on setting up, maintaining, and
scaling infrastructure.
• Sentinel is built on Azure Log Analytics. It collects
information from various security logs and turns the
information into a manageable form. The strongest
initial emphasis is on Microsoft 365.
68. Azure Sentinel
• Sentinel makes information more manageable
with machine learning, including built-in ML and
an optional module called Fusion. Third parties
can add “build-your-own” ML.
• They recognize patterns which are especially
suspicious, such as logging in from an unusual
IP address followed by a massive file download.
• Using these features, Sentinel takes its large
volume of incoming information and correlates it
into cases. A “case” is a group of related alerts
that all point to the same problem.
• Thus, presenting information as cases reduces
“alert fatigue”, where administrators receive
many redundant alerts.
69. Azure Sentinel
• An exciting feature of Sentinel is the ability to do
“hunting” and deep investigations of issues. The
process starts from the Cases page on the dashboard.
• Cases can be filtered by criteria such as status and
severity. The page for a single case gives information
about the alerts it’s built out of. It shows triggered
alerts reasonings.
• Thus, the administrator looking at it can assign the
case to someone or click the “Investigate” button to
get more information. It’s also possible to run a
playbook to initiate a standardised procedure for
processing the case.
• The investigation page shows the information as a
graph. The nodes on the graph identify entities, such
as incidents, computers, and users. The admin can
click on any entity to get more information about it and
see connections to related entities.
70. AWS Web Application
Firewall (WAF)
• AWS WAF is a web application firewall that lets you monitor the
HTTP and HTTPS requests that are forwarded to CloudFront, and
lets you control access to your content.
• Based on conditions that you specify, such as the IP addresses
that requests originate from or the values of query strings,
CloudFront responds to requests either with the requested content
or with an HTTP 403 status code (Forbidden).
• WAF can be setup with the Application Load Balancer. WAF can
be connected to CloudFront (AWS’s CDN), which in turn can direct
traffic to the Application Load Balancer.
• If your application servers more of content that can be cached,
then having AWS CloudFront along with WAF. If your application
cluster needs to scale but most of it is dynamic content then going
for ALB is more reasonable.
• There is an added fixed cost for ALB (In addition to the variable
cost which is not significant though) for each month while
CloudFront cost is variable and consumption driven.
• It is also possible to have both CloudFront and ALB together
where you can add the WAF to CloudFront only.
71. AWS Web Application
Firewall (WAF)
• Protecting web applications is any Web
Application Firewall primary purpose.
• A powerful WAF should be able to protect
applications, data, APIs, and mobile app
backends from common cyber attacks such as
OWASP Top 10, zero-day threats, data leakage,
and DDoS attacks.
• Traffic filtering is one of the most practical and
important operations performed by a Web
Application Firewall.
• By filtering traffic based on a factors such as
HTTP headers, keywords, IP addresses, and
even URI strings, the Web Application Firewall
can prevent harmful interactions before they
reach an application.
72. AWS Network Firewall
• Network Firewalls (most predominantly
NextGen Firewalls) on AWS offer
network protection that compliment
the application protection provided by
Web Application Firewalls.
• While there is some overlap between
what a Network Firewall and Web
Application FIrewall protect (most
notably data), Network Firewalls
provide security over the entire
network perimeter which includes the
highly vulnerable port and protocol
levels.
73. AWS Network Firewall
• Packet Filtering: By monitoring all incoming and outgoing packets
the firewall can regulate which applications and hosts are allowed to
interact with the network.
• Virtual Private Network (VPN): Many modern firewalls offer VPN
technology to allow virtual point-to-point links between two nodes
through a safe and regulated source.
• Deep Packet Inspection (DPI): DPI is a method that inspects not
only the packet’s multiple headers, but also the actual data content
of the packet. In this way the firewall can filter protocol non-
compliances, viruses, spam, intrusions, or other defined criteria.
• Antivirus Inspection: Antivirus inspection checks packets for virus
that travel through the network to infect endpoint devices.
• Website Filtering: Website filtering is a technique used to check
incoming web pages to see if the page needs to be censored or
declined to show at all. Reasons for blockage could be advertising,
pornographic content, spyware, viruses and other unsafe content.
• DNS Reputation Filtering: By filtering content against a database
which records the reputation and validity of an IP address, firewalls
can block harmful content more easily.
74. AWS Cloud Watch
• Amazon CloudWatch is a monitoring and observability
service built for DevOps engineers, developers, site
reliability engineers (SREs), and IT managers.
• CloudWatch provides you with data and actionable
insights to monitor your applications, respond to
system-wide performance changes, optimise resource
utilisation, and get a unified view of operational health.
• CloudWatch collects monitoring and operational data
in the form of logs, metrics, and events, providing you
with a unified view of AWS resources, applications, and
services that run on AWS and on-premises servers.
• You can use CloudWatch to detect anomalous
behaviour in your environments, set alarms, visualise
logs and metrics side by side, take automated actions,
troubleshoot issues, and discover insights to keep your
applications running smoothly.
75. AWS Cloud Watch
Amazon CloudWatch is basically a
metrics repository. An AWS service
—such as Amazon EC2—puts
metrics into the repository, and you
retrieve statistics based on those
metrics.
If you put your own custom metrics
into the repository, you can retrieve
statistics on these metrics as well.
77. AWS Cloud Watch
Amazon CloudWatch is basically a
metrics repository. An AWS service
—such as Amazon EC2—puts
metrics into the repository, and you
retrieve statistics based on those
metrics.
If you put your own custom metrics
into the repository, you can retrieve
statistics on these metrics as well.
78. AWS Cloud Watch
Amazon CloudWatch is basically a
metrics repository. An AWS service
—such as Amazon EC2—puts
metrics into the repository, and you
retrieve statistics based on those
metrics.
If you put your own custom metrics
into the repository, you can retrieve
statistics on these metrics as well.
79. AWS Security Hub
• AWS Security Hub gives you a comprehensive view of your
high-priority security alerts and compliance status across AWS
accounts.
• There are a range of powerful security tools at your disposal,
from firewalls and endpoint protection to vulnerability and
compliance scanners.
• But oftentimes this leaves your team switching back-and-forth
between these tools to deal with hundreds, and sometimes
thousands, of security alerts every day.
• With Security Hub, you now have a single place that
aggregates, organizes, and prioritizes your security alerts, or
findings, from multiple AWS services, such as Amazon
GuardDuty, Amazon Inspector, and Amazon Macie, as well as
from AWS Partner solutions.
• Your findings are visually summarized on integrated dashboards
with actionable graphs and tables. You can also continuously
monitor your environment using automated compliance checks
based on the AWS best practices and industry standards your
organization follows.
80. AWS Cloud Trail
• AWS CloudTrail is a service that enables
governance, compliance, operational auditing,
and risk auditing of your AWS account.
• With CloudTrail, you can log, continuously
monitor, and retain account activity related to
actions across your AWS infrastructure.
• CloudTrail provides event history of your AWS
account activity, including actions taken
through the AWS Management Console, AWS
SDKs, command line tools, and other AWS
services.
• This event history simplifies security analysis,
resource change tracking, and
troubleshooting.
81. AWS Guard Duty
• Amazon GuardDuty is a threat detection service that continuously
monitors for malicious activity and unauthorised behaviour to
protect your AWS accounts and workloads.
• With the cloud, the collection and aggregation of account and
network activities is simplified, but it can be time consuming for
security teams to continuously analyze event log data for potential
threats.
• With GuardDuty, you now have an intelligent and cost-effective
option for continuous threat detection in the AWS Cloud. The
service uses machine learning, anomaly detection, and integrated
threat intelligence to identify and prioritise potential threats.
• GuardDuty analyses tens of billions of events across multiple AWS
data sources, such as AWS CloudTrail, Amazon VPC Flow Logs,
and DNS logs. With a few clicks in the AWS Management
Console, GuardDuty can be enabled with no software or hardware
to deploy or maintain.
• By integrating with AWS CloudWatch Events, GuardDuty alerts are
actionable, easy to aggregate across multiple accounts, and
straightforward to push into existing event management and
workflow systems.
82. AWS Cognito
• Amazon Cognito is an Amazon Web Services (AWS) product that
controls user authentication and access for mobile applications on
internet-connected devices.
• The service saves and synchronises end-user data, which enables an
application developer to focus on writing code instead of building and
managing the back-end infrastructure. This can accelerate the mobile
application development process.
• Amazon Cognito collects a user's profile attributes into directories
called user pools that a mobile app or web app uses to configure
limited access to AWS resources.
• An identity pool consolidates end-user information, which client
access platforms, devices and operating systems receive to organize
federated identity groups.
• Data synchronises with AWS when a device is online, allowing an end
user to access the same information on another device. Data can
also be saved locally to a SQLite database while offline before
reconnecting.
• Amazon Cognito associates data sets with identities and saves
encrypted information as key or value pairs in the Amazon Cognito
sync store.
83. Netflix Diffy
• Diffy is a triage tool used during cloud-centric security
incidents, to help digital forensics and incident
response (DFIR) teams quickly identify suspicious
hosts on which to focus their response.
• Diffy is a digital forensics and incident response (DFIR)
tool developed by Netflix's Security Intelligence and
Response Team (SIRT).
• Diffy allows a forensic investigator to quickly scope a
compromise across cloud instances during an
incident, and triage those instances for followup
actions.
• Diffy is currently focused on Linux instances running
within Amazon Web Services (AWS), but owing to our
plugin structure, could support multiple platforms and
cloud providers.
• https://github.com/Netflix-Skunkworks/diffy
84. Netflix Aardvark
• Aardvark is a multi-account AWS IAM Access Advisor API
(and caching layer).
• AWS provides a service named Access Advisor that shows
all of the various AWS services that the policies of an IAM
Role permit access to and when (if at all) they were last
accessed.
• Today Access Advisor data is only available in the console,
so we created Aardvark to make it easy to retrieve at scale.
• Aardvark uses PhantomJS to log into the AWS console
and retrieve Access Advisor data for all of the IAM Roles in
an account. Aardvark stores the latest Access Advisor data
in a database and exposes a RESTful API.
• Aardvark supports threading to retrieve data for multiple
accounts simultaneously, and in practice refreshes data for
our environment daily in less than 20 minutes.
• https://github.com/Netflix-Skunkworks/aardvark
86. Netflix Repokid
• Repokid uses Access Advisor provided by Aardvark to remove permissions
granting access to unused services from the inline policies of IAM roles in an
AWS account.
• Repokid uses the data about services used (or not) by a role to remove
permissions that a role doesn’t need.
• It does so by keeping a DynamoDB table with data about each role that it
has seen including: policies, count of permissions (total and unused),
whether a role is eligible for repo or if it is filtered, and when it was last
repoed
• (“repo” is shortened from repossess — our verb for the act of taking back
unused permissions).
• Filters can be used to exclude a role from repoing if, for example, if it is too
young to have been accurately profiled or it is on a user-defined blacklist.
• Once a role has been sufficiently profiled, Repokid’s repo feature revises
inline policies attached to a role to exclude unused permissions.
• Repokid also maintains a cache of previous policy versions in case a role
needs to be restored to a previous state. The repo feature can be applied to
a single role, but is more commonly used to target every eligible role in an
account.
• https://github.com/Netflix/repokid
88. Virtual Machine Security
On-premise data centers typically rely on
physical, perimeter, and endpoint controls to
secure data stores.
In contrast, virtual data centers eliminate those
traditional entrance and egress points, forcing
organizations to take a new approach to security.
More problems arise because some of the virtual
machines are likely to be dormant (not running) at
some point in time.
These virtual machines cannot be easily kept up-
to-date, because typically this would require the
virtual machines to be started, updated and shut
down again, which is not only time-consuming,
but may also be a tedious process.
89. VM Security Concerns
• Multi Tenancy related Issues related to
different users within a cloud sharing the
same applications and the physical hardware
to run their VMs.
• This sharing can enable information leakage
exploitation and increases the attack surface
and the risk of VM-to-VM or VM-to
hypervisor compromise
• Virtualised servers have a limited number of
access points (NICs) available to all VMs.
This represents a critical security vulnerability
where compromising these access points
opens the door to compromise the VCI
including VMs, hypervisor or the vSwitch.
90. Virtual Machine Security
• Having differing scopes and requirements in their workloads,
organizations use virtualization technologies according to their
respective needs.
• For example, virtual machines (VMs) are a better fit for developers
and enterprises looking for flexibility in running multiple
applications, while containers are better for those requiring
scalable applications.
• Containers and VMs both offer means by which applications can
be run multiple times or isolated within a single platform, but they
differ in how they do it.
• Containers virtualize an operating system (OS) to run various
workloads in a single OS instance, while VMs virtualize hardware
to run instances of the OS.
• Thus, every instance of applications running on containers and
VMs poses a potential attack vector if it is vulnerable or
misconfigured.
• An instance running with unnecessary ports still set up on the
container or VM, for example, can be exploited to let hackers
sneak into the application’s server.
91. Hypervisor Security
Recommendations
The hypervisor manages how guest OSs access resources such as the central
processing unit (CPU), memory, network, and storage. It partitions the resources
to prevent the instances from intruding into one another’s resources.
The hypervisor is the underlying infrastructure behind applications running on
VMs, which makes their security of paramount importance. The U.S. National
Institute of Standards and Technology has detailed recommendations for
securing the hypervisor:
• Disable unused and unnecessary virtual hardware or services (e.g., clipboard
and file sharing) to lessen the attack surface.
• Keep an eye on the hypervisor for anomalous activities.
• Actively monitor the traffic between VMs; visibility to them should be explicitly
enabled.
• Track the instances and restrict the creation of VMs and virtual servers to
prevent virtualization sprawl, in which too many instances running lead to
inefficient management of physical and software resources.
• Use secure and encrypted communication protocols (e.g., Secure Sockets
Layer) to mitigate man-in-the-middle attacks or to protect data when
performing migration or storing VM images.
• Authenticate and ensure the integrity of the VM images stored in the server or
library.
92. Virtual Machine Security &
Isolation Models
• Fault Isolation: If one virtual machine contains a
buggy operating system, that OS can start
scribbling all over physical memory. These wild
rights must be contained within the VM
boundaries.
• Performance Isolation: Ideally VMs performance
would be independent of the activity going-on on
the hardware. This must be accomplished by
smart scheduling and resource allocation policies
in the monitor.
• Software Isolation: Most of the issues with
computers today are complex software
configurations. DLL hell on PCs, operating system
and library versions, viruses, and other security
threats. VMs are naturally isolated for each other
by running in separate software environments.
93. Cloud Container security
Image Level Security
Security Orchestration
Container Level Security
Operating System Control
Automation Measures
94. Container Vulnerabilities
Images are the blueprint of containers,
which use them to spin or run applications.
A vulnerable image begets a malware- or
hacking-prone container, and consequently,
the application itself becomes prone to
malware or hacking as well.
Identifying security gaps pre-runtime and
fixing them accordingly before the image is
scheduled in an orchestration environment
will significantly save time and effort
reworking on builds, as well as reduce
overhead and disruptions in the
application’s life cycle:
95. Container Security Measures
• Ensure that the container images are signed, authenticated,
and drawn from a trusted registry; when scanning images,
consider scanning the registries as well since registries can
be compromised and their images tampered with.
• Secure the daemon; restrict access to it or employ encrypted
communication protocols when exposing it in the network.
• Enforce the principle of least privilege; unlike with a
hypervisor, which acts as a central point of management, any
user, service, or application with access to the container’s
root account can get into other containers sharing the kernel.
• Isolate resources; properly configure control groups and
namespaces, that is, what and how much resources a
container is allowed to use.
• Bake security in to further reduce the need for extra builds;
Docker, for instance, has its own documentation on the built-
in security features of its engine that can serve as a reference
96. NIST Special Publication 800-190:
Application Container Security Guide
• Perhaps the most obvious source of security issues in a
containerized environment is problems lurking within
application images themselves.
• These can include outdated, insecure versions of software or
libraries; buggy applications; or even hidden malware.
• Tools that can scan for these vulnerabilities are essential, but
the NIST guidelines caution that these should be container-
aware, including the ability to scan all layers of a multilayer
containerized application.
• Flawed or malicious software isn’t the only threat. Poorly
configured images can also be a source of vulnerabilities.
• For example, an image might launch an extraneous daemon
or service that allows unwanted access from the network, or
it might be configured to run with more user privileges than
are necessary.
• Secrets stored within images, such as authentication keys or
certificates, are another danger to watch out for.
97. NIST Special Publication 800-190:
Application Container Security Guide
NIST recommends pulling images only from
trusted sources, such as private container
registries, but a poorly configured registry can
also be a security issue.
Access to the registry should require encrypted
and authenticated connections, preferably using
credentials that are federated with existing
network security controls.
Any efforts to secure container images can be
rendered meaningless if the registry can be
easily compromised.
Also, the registry should undergo frequent
maintenance to ensure that it doesn’t contain
stale images with lingering vulnerabilities.
98. NIST Special Publication 800-190:
Application Container Security Guide
• Container orchestration tools—of which
Kubernetes has become the leading example
—are another potential target of attack.
• Pay strict attention to securing the
administrative interface, especially in
scenarios where a single orchestrator
manages multiple applications.
• This may include such measures as strong,
two-factor authentication and at-rest
encryption of data.
• If you don't strictly scope access, a careless
or malicious user could potentially do all sorts
of mischief, from taking down apps to
launching rogue ones.
99. NIST Special Publication 800-190:
Application Container Security Guide
NIST also recommends configuring orchestrators
to separate network traffic into discrete virtual
networks, based on the sensitivity of the traffic
being transmitted.
The idea is that low-sensitivity workloads, such as
public-facing web apps, should be isolated from
high-sensitivity workloads, such as tax-reporting
software.
In addition, workloads should be distributed such
that each host runs containers only of a given
security level.
These measures make it much more difficult for a
malicious actor to gain access to sensitive data
when a low-sensitivity application such as a blog is
compromised.
100. NIST Special Publication 800-190:
Application Container Security Guide
• In general, NIST recommends deploying
and orchestrating clusters in ways that are secure
by default.
• Examples include end-to-end encryption of all
network traffic between cluster nodes and mutually
authenticated network connections between cluster
members.
• The orchestrator should be able to introduce nodes
to the cluster securely, maintain a persistent identity
for each node throughout its lifecycle, and isolate
and remove compromised nodes without affecting
the overall security of the cluster.
• These measures are especially important in large-
scale environments that span multiple network
organizations and scale to hundreds of hosts and
thousands of containers.
101. NIST Special Publication 800-190:
Application Container Security Guide
In addition to container images and the
applications within them, containers themselves
can potentially become security issues.
One of the more serious concerns arises when
the container runtimes that launch and manage
containers—software such as containerd, CRI-
O, and rkt—themselves contain vulnerabilities.
NIST cautions that, left unpatched, such flaws
can lead to “container escape” scenarios where
an attacker could potentially gain access to
other containers or the host operating system
itself, so admins should make installing runtime
security patches a high priority.
102. NIST Special Publication 800-190:
Application Container Security Guide
• Beyond this, administrators must pay
special attention to the many
configurable options available with
container runtimes.
• A misconfigured container might be able
to access too many devices, for
example, which could potentially affect all
containers running on the host.
• Other runtime options could allow a
container to make unsafe system calls,
mount sensitive directories in read-write
mode, and even compromise the host
OS.
103. NIST Special Publication 800-190:
Application Container Security Guide
• Containerized infrastructure also makes
scanning network traffic for security
threats more challenging.
• Containers deployed on multiple hosts
typically communicate over a virtual,
encrypted network, and they are
assigned dynamic IP addresses that
change continuously as applications are
scaled and load balanced by the
orchestrator.
• Detecting network traffic anomalies in
such an environment requires specialized,
application-aware network filtering tools.
104. NIST Special Publication 800-190:
Application Container Security Guide
• At the lowest level of the containerized
stack, the host OS represents the most
critical target for attacks. If compromised,
it can expose all of the containers running
on it.
• For this reason, NIST recommends
running a pared-down, container-specific
OS that limits the number of installed
components to the bare minimum of
software required to create and manage
containers.
• Fewer components means fewer potential
vulnerabilities that can be exploited.
105. NIST Special Publication 800-190:
Application Container Security Guide
• Even a minimised OS, however, will
not be immune to security
vulnerabilities.
• As they would with any software, it is
critical that administrators keep up
with OS security patches and apply
them promptly to all host instances in
the cluster.
• This includes not just the OS kernel,
but also the container runtime and any
other system services or components
recommended by the OS vendor.
106. NIST Special Publication 800-190:
Application Container Security Guide
• Proper OS configuration is also essential.
In addition to mounting sensitive file
systems as read-only, NIST recommends
running the host OS as immutable
infrastructure, with no data stored
uniquely and persistently on the host.
• In addition, the host should not provide
any application-level dependencies
except those that have been packaged
and deployed as containers.
• These measures make the OS a more
trustworthy environment, with far fewer
avenues for attack.
107. NIST Special Publication 800-190:
Application Container Security Guide
• A persistent theme throughout the
NIST guidelines is the need for
automation of security processes,
particularly as the environment
scales to hundreds of hosts and
thousands of containers.
• Container orchestrators provide
some of this automation, but
container admins should also
seek to automate such functions
as vulnerability scanning and
software updates.
108. NIST Special Publication 800-190:
Application Container Security Guide
• Another lesson learned is that software
alone cannot guarantee security.
Containerization also requires that
organizations examine their processes and
teams and potentially adjust to the new
operational model.
• The ephemeral nature of containers may
call for different procedures than those
used with traditional servers.
• For example, incident response teams will
need awareness of the roles, owners, and
sensitivity levels of deployed containers
before they can know the proper steps to
take in the event of an ongoing attack.
109. Cloud Data Privacy Policies
Global Context
Main Challenges
Madrid Resolution
110. Global Context
• Policies on the creation of privacy legislation in
the European Union and the United States
differ. The United States favor a more laissez-
faire approach.
• Industry self regulation is favoured over federal
law.It is believed that businesses shape their
policies according to consumer preferences,
following economic theory.
• This theory implies that consumer preferences
determine market share, and that a higher
market share leads to higher profits.
• The Payment Card Industry Data Security
Standards (PCI-DSS), discussed below, is an
example of a self regulation policy.
111. Main Challenges
• Complexity of risk assessment
in a cloud environment
• Emergence of new business
models and their implications
for consumer privacy
• Achieving regulatory
compliance.
112. Complexity of
Risk Assessment
• The complexity of cloud services
introduces a number of unknown
parameters.
• Service providers and consumers are
cautious, respectively, about offering
guarantees for compliance-ready
services and adopting the services.
• With service providers promoting a
simple way to flow personal data
irrespective of national boundaries, a real
challenge arises in terms of checking the
data processing life cycle and its
compliance with legal frameworks.
113. Complexity of
Risk Assessment
• In a cloud service, there are many questions
needing to be addressed in order to determine
the risks to information privacy and security:
• Who are the stakeholders involved in the
operation?
• What are their roles and responsibilities?
• Where is the data kept?
• How is the data replicated?
• What are the relevant legal rules for data
processing?
• How will the service provider meet the
expected level of security and privacy?
114. Madrid Resolution
• To address these issues, the Madrid
Resolution states that every responsible
person shall have transparent policies with
regard to the processing of personal data.
• Stakeholders need to specify requirements for
cloud computing that meet the expected level
of security and privacy.
• In Europe, the European Network and
Information Security Agency (ENISA) provides
recommendations to facilitate understanding
of the shift in the balance of responsibility and
accountability for key functions such as
governance and control over data and IT
operations and compliance with laws and
regulations.
116. Cloud IAM features
• Single Access Control Interface. Cloud
IAM solutions provide a clean and
consistent access control interface for all
cloud platform services. The same
interface can be used for all cloud
services.
• Enhanced Security. You can define
increased security for critical
applications.
• Resource-level Access Control. You can
define roles and grant permissions to
users to access resources at different
granularity levels.
117. A Paradigm Shift in Identity
Access Management Models
• Cloud application delivery of Identity
and Access Management Systems is
a paradigm shift from legacy models
• As a result of this shift, developers
will be primarily responsible for
Identity and Access Management
activities
• In cloud environments, IAM is
a commonly accepted best practice,
since there's no practical way to
secure resources without identity
management.
118. Cloud and Economics of IAM
The well-known benefits of cloud
computing such as adaptive
pricing structure and faster, easier
deployment are also the drivers of
the cloud IAM market.
As the primary pattern for
security and governance in the
cloud, IAM SaaS is growing in
tandem with the increasing
migrations to cloud applications.
119. Cloud enabled Identities
• Modern cloud applications
are identity-enabled to provide
the security and governance
services that enterprises need.
• This is a major shift for many
organizations. It means that
instead of sysadmins and
operations, developers will need
to build the bulk of these
organizations' security and
governance features.
120. Cloud IAM Activities
• Have cloud applications check the IAM
system to determine access rights before
proceeding with operations
• Filter through data that applications are
allowed to use based on the identities of the
data, the application, and the application user
• Encrypt data communications as needed,
regardless of whether an authorised identity is
accessing it or not
• Encrypt data storage as needed
• Dynamically determine access rights and
limits while the application is running
121. Cloud IAM Workflow
• Process start
• Identity retrieval
• Identity validation
• Resource access using identity
• Identity validation and understanding of
limitations
• Resource access with authentication and
limitations
• Release of resources
• Process end
123. A Multi Cloud Strategy
According to Gartner, a multi-cloud strategy
will be the common approach taken by 70
percent of enterprises by the end of this year.
With this being said, the adoption and
execution of a multi-cloud initiative can be a
daunting prospect, and the process itself can
be fairly complex.
It involves numerous focus areas -
automation and orchestration, cloud
connectivity, DevOps enablement and, of
course, cloud security – all requiring intensive
and specified technology, processes and
cultural innovation.
124. Understanding How
Shared Models Work
• Make sure that your organization’s business
partners and other stakeholders
understand how the shared security model
applies to you and your cloud vendors.
• Usually, cloud providers are responsible for
the security of their own infrastructure, and
they should be able to provide your
organization with some of the capabilities
you need in order to protect your data while
it’s in their infrastructure.
• Those capabilities include multi-factor
authentication vectors, encryption
technologies, and identity and access
management.
125. Understanding Accounts and
Deployment Zones
• Upholding the responsibilities of
your organization’s part of the
shared security model requires that
you understand the accounts and
deployment zones where you need
visibility to monitor for vulnerabilities.
• With that understanding, you can
properly deploy IDS and IPS devices
and analyze their logs or have a
trusted third party take care of that
for you while being informed as to
what’s going on in your network.
126. Attack Surface in a
Multi Cloud
• When integrating multicloud, companies
significantly expand their attack surface,
so security posture must be placed firmly
at the forefront of their minds.
• Applying a holistic approach will ensure
the agility afforded by adopting
multicloud architecture can be safely
utilized.
• As new technologies emerge, the
multicloud needs to provide the flexibility
to quickly and securely switch from one
service to another, regardless of the
service’s geography and topology
127. Data Strategy for Multi-Cloud
• In a multicloud architecture, it can be easy to
lose sight of data and where it resides. Often it’s
the case that IT staff may have visibility into
individual clouds through cloud-specific tools but
are unable to identify or correlate threats to data
across multiple cloud platforms.
• The best way to increase data visibility and
secure the multicloud environment is to ensure
security capabilities can be managed and
orchestrated from within the enterprise through a
single point of control.
• Any security tools that are put in place to secure
a business’ IT infrastructure need to seamlessly
share security control information, as well as
work harmoniously addressing cyber dangers
wherever they occur.