SlideShare a Scribd company logo

CSA Raleigh application security and deception in the cloud

Phillip Maddux
Phillip Maddux

Phillip Maddux gave a presentation on application security and deception in the cloud. He discussed the modern web landscape of microservices, APIs, and cloud platforms. He noted challenges with legacy security solutions like limited visibility, false positives, and lack of scalability. Maddux advocated for solutions that provide strategic and tactical visibility, dynamic detection without tuning, and leveraging cloud platform security features. He also discussed deception techniques like honeypots, lures, and automation to detect threats and collect intelligence on attackers in cloud environments. The goal is to make networks and clouds dangerous for attackers through deception.

1 of 44
Download to read offline
Application Security & Deception in the Cloud Cloud Security Alliance - Raleigh 01/17/2018
Who Am I? Phillip Maddux Principle AppSec Researcher & Advisor @SignalSciences https://signalsciences.com Career Summary AppSec in Financials, EY & GS (~9 yrs) WebDev, DBA, SA, IT Auditor (~7 yrs) Online Twitter: @foospidy Blog: http://pxmx.io LinkedIn: http://linkedin.pxmx.io Github: http://github.com/foospidy Honeypot Enthusiast HoneyDB.io HoneyPy
Deception ● What is deception? ● Honeypots 101 ● What does all this provide? ● Having a deception program ● Goal ● Making your cloud dangerous ● Cloud specific considerations Agenda AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
Describing the Modern Web Frameworks & Architecture ● Client side: Angular, React, etc. ● Server side: API gateways & Microservices - API driven Process ● Agile development cycles ● CI/CD ● DevOps Platforms ● Cloud, e.g. IaaS, PaaS, FaaS ● Containers and Container orchestration (e.g. Kubernetes) @foospidy
The modern web... ...is about services, frequent deployments, and scalability. @foospidy
AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
Secure SDLC Evolution @foospidy
ML4 - Ultimate Secure SDLC Fantasy... @foospidy
Agile! @foospidy Develop, test/verify, deploy to production. All developers… ● Can have a copy of etsy.com on their laptops. ● Have access to deploy to production. ● Can deploy to production whenever they need to. https://www.etsy.com
Agile! @foospidy
However, Agile! If we can deploy faster we can respond to threats faster. But, visibility of threats is required. A shift in thinking... RSA Conference (2017) - “Tidal Forces: The changes ripping apart security as we know it”, by Rich Mogull. @foospidy
AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
Shift Left! Shift Left? We’ve been doing that for years... @foospidy
Shift Right With the rapid adoption of cloud, it’s time we focused on shifting right. Read… Security’s Shift Right by James Wicket @foospidy
What happens after prod? @foospidy
Log Challenges @foospidy
WAF Challenges @foospidy
Summary of Challenges ● We operate in silos (security, development, operations) ● Limited visibility into what is actually happening (e.g. threats). ● Static signatures resulting in false positives and disrupting the development cycle, and even breaking production. ● Resource spend on maintaining/tuning, rather than on what is important - mitigating threats. ● Existing solutions don’t scale well, not architected for cloud, not built for the modern web. @foospidy
AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
To Shift Right in the Modern Web @foospidy
Visibility that is Strategic @foospidy ● What type of attack traffic are your apps experiencing? ● Which apps, and which parts of your apps are being targeted? ● What type of anomalous traffic are your apps experiencing? We need to be able to answer these questions as the answers are feedback for your AppSec program’s resources & priorities.
Visibility that is Tactical @foospidy We need the ability to expose security data to DevOps to foster involvement. ● Dashboards on display. ● Integration into devops tool chain. ● API for automation and integration into other monitoring solutions.
Detection & Blocking @foospidy We need detection that does not require tuning and enables agile development. ● Dynamic detection of attacks. ● Throttled blocking. ● Only block requests containing attacks. ● Complete decision transparency.
Business Risk @foospidy We need the ability to go above and beyond the typical OWASP injection attacks. ● Account Takeover. ● High Risk Transactions. ● Bots. We need to instrument our applications for security!
Instrumentation & Correlation @foospidy ● Attacks + anomalous responses ● Attacks + sensitive transactions ● Distinct changes in traffic patterns ● Automation (Bots) + user actions
Defending the Modern Web @foospidy We need… Visibility that enables defending applications in real time. You can’t defend against threats you can’t see.
Scalability @foospidy Any app layer security solution must… ● Be scalable across cloud, multi-cloud, and on-prem. ● Be a frictionless deployment. ● Work regardless of app stack or language. ● Be performant and reliable.
Modern Cloud Platforms @foospidy We should leverage security features of modern cloud platforms… Rotate, Repave, and Repair https://builttoadapt.io/the-three-r-s-of-enterprise-security-rotate-repave-and-repair-f64f6d6ba29d Cloud Foundry https://www.cloudfoundry.org/ We need to be agile in production, keep moving! Credentials Disable Persistence Patch Immediately
AppSec in the Modern Web @foospidy We need to continuously increase the cost for attackers.
Solution Options @foospidy Engineer application instrumentation. https://codeascraft.com/2011/02/15/measure-anything-measure-everything/ https://vimeo.com/54107692 Start with Open Source and engineer around it. https://github.com/nbs-system/naxsi http://appsensor.org/
Deception ● What is deception? ● Honeypots 101 ● What does all this provide? ● Having a deception program ● Goal ● Making your cloud dangerous ● Cloud specific considerations
What is deception? @foospidy Automation03 ● Deployment ● Configuration ● Management Lures a.k.a. breadcrumbs02 ● Files on endpoints w/server names or credentials ● Browser history / bookmarks ● Database connection strings Honeypot sensor01 ● Service emulation ● Application layer - feature emulation ● Honey tokens - files or data
Honeypots 101 @foospidy A networked system or application that appears to be of production use, but it’s actual purpose is to detect malicious actors on the network. ● Types ○ Production ○ Research ● Interaction Levels ○ Low - less risk to operate ○ Medium - less risk to operate ○ High - more risk to operate
What does all this provide? @foospidy Primarily: High fidelity alerts ● Additional layer in your defense-in-depth strategy ● Detect intruders in cases of ○ Control failures ○ Detection / response failures Secondarily: Intelligence ● Collect information on threat actor’s Techniques, Tactics & procedures. ● Motivation and targets.
Having a deception program @foospidy Considerations ● Scope - intruder vs. insider, or both? ● Output - alerts vs. intelligence, or both? ● Coverage - internal vs. external, or both? ● Assets - network, application, data? ● Validation - metrics and testing? ● Incident response - integration and prioritization? ● Audit & compliance?
Goal @foospidy Make your network dangerous, for the attacker. Desired Result
Making your cloud dangerous @foospidy
Making your cloud dangerous @foospidy Maturity Level 1: Dedicated deception instances.
Making your cloud dangerous @foospidy Maturity Level 2: Blend deception in with production.
Cloud VPC Example @foospidy ML 1
Cloud VPC Example @foospidy ML 2
Cloud Specific Deception Considerations @foospidy ○ App layer deception (taylored) ○ Legit services on non-standard ports, and deception services on standard ports. ○ Storage buckets ○ Honey token documents ○ Access Accounts ○ Cloud log monitoring for honey tokens & accounts Ultimately, think about instrumenting your cloud ecosystem for deception as that will be targeted just as much as your applications.
Questions? Twitter: @foospidy Blog: http://pxmx.io LinkedIn: http://linkedin.pxmx.io Github: http://github.com/foospidy Thank you!

Recommended

Shift Left. Wait, what? No, Shift Right!!!
Shift Left. Wait, what? No, Shift Right!!!Shift Left. Wait, what? No, Shift Right!!!
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux
 
The left is not wrong, just not right; It's time to shift right!
The left is not wrong, just not right; It's time to shift right!The left is not wrong, just not right; It's time to shift right!
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)
Phillip Maddux
 
SecOps Armageddon: A look into the future of security & operations
SecOps Armageddon: A look into the future of security & operationsSecOps Armageddon: A look into the future of security & operations
SecOps Armageddon: A look into the future of security & operations
Phillip Maddux
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Tom Stiehm
 
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDCShifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Tom Stiehm
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 Conference
Tom Stiehm
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
Priyanka Aash
 

Recommended

Shift Left. Wait, what? No, Shift Right!!!
Shift Left. Wait, what? No, Shift Right!!!Shift Left. Wait, what? No, Shift Right!!!
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux
 
The left is not wrong, just not right; It's time to shift right!
The left is not wrong, just not right; It's time to shift right!The left is not wrong, just not right; It's time to shift right!
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)
Phillip Maddux
 
SecOps Armageddon: A look into the future of security & operations
SecOps Armageddon: A look into the future of security & operationsSecOps Armageddon: A look into the future of security & operations
SecOps Armageddon: A look into the future of security & operations
Phillip Maddux
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Tom Stiehm
 
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDCShifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Tom Stiehm
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 Conference
Tom Stiehm
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
Priyanka Aash
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
Tom Stiehm
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security Solutions
SeniorStoryteller
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOps
SeniorStoryteller
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
Priyanka Aash
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
 
The R.O.A.D to DevOps
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOps
SeniorStoryteller
 
How to transform developers into security people
How to transform developers into security peopleHow to transform developers into security people
How to transform developers into security people
Priyanka Aash
 
New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)
Dinis Cruz
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
bugcrowd
 
Ops Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the WayOps Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the Way
SeniorStoryteller
 
Why does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline WongWhy does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline Wong
DevSecCon
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
Speaker0 session7874 1
Speaker0 session7874 1Speaker0 session7874 1
Speaker0 session7874 1
Shaveta Datta
 
The sooner the better but never too late
The sooner the better but never too lateThe sooner the better but never too late
The sooner the better but never too late
Vlad Styran
 
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QAFest
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
Priyanka Aash
 
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...
Vlad Styran
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOC
AlienVault
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
Adrian Sanabria
 
Application security for the modern web - ISSA South Texas Houston DevOps
Application security for the modern web - ISSA South Texas Houston DevOpsApplication security for the modern web - ISSA South Texas Houston DevOps
Application security for the modern web - ISSA South Texas Houston DevOps
Phillip Maddux
 
CheckPoint Software
CheckPoint SoftwareCheckPoint Software
CheckPoint Software
Janis Gloystein
 

More Related Content

What's hot

Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
Tom Stiehm
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security Solutions
SeniorStoryteller
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOps
SeniorStoryteller
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
Priyanka Aash
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
 
The R.O.A.D to DevOps
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOps
SeniorStoryteller
 
How to transform developers into security people
How to transform developers into security peopleHow to transform developers into security people
How to transform developers into security people
Priyanka Aash
 
New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)
Dinis Cruz
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
bugcrowd
 
Ops Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the WayOps Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the Way
SeniorStoryteller
 
Why does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline WongWhy does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline Wong
DevSecCon
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
Speaker0 session7874 1
Speaker0 session7874 1Speaker0 session7874 1
Speaker0 session7874 1
Shaveta Datta
 
The sooner the better but never too late
The sooner the better but never too lateThe sooner the better but never too late
The sooner the better but never too late
Vlad Styran
 
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QAFest
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
Priyanka Aash
 
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...
Vlad Styran
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOC
AlienVault
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
Adrian Sanabria
 

What's hot (20)

Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security Solutions
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOps
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
 
The R.O.A.D to DevOps
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOps
 
How to transform developers into security people
How to transform developers into security peopleHow to transform developers into security people
How to transform developers into security people
 
New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
 
Ops Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the WayOps Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the Way
 
Why does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline WongWhy does security matter for devops by Caroline Wong
Why does security matter for devops by Caroline Wong
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
 
Speaker0 session7874 1
Speaker0 session7874 1Speaker0 session7874 1
Speaker0 session7874 1
 
The sooner the better but never too late
The sooner the better but never too lateThe sooner the better but never too late
The sooner the better but never too late
 
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
 
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кі...
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOC
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
 

Similar to CSA Raleigh application security and deception in the cloud

Application security for the modern web - ISSA South Texas Houston DevOps
Application security for the modern web - ISSA South Texas Houston DevOpsApplication security for the modern web - ISSA South Texas Houston DevOps
Application security for the modern web - ISSA South Texas Houston DevOps
Phillip Maddux
 
CheckPoint Software
CheckPoint SoftwareCheckPoint Software
CheckPoint Software
Janis Gloystein
 
Year Zero
Year ZeroYear Zero
Year Zero
leifdreizler
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
Scalar Decisions
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
lior mazor
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
Scalar Decisions
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
Phillip Maddux
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
AppSense
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01
NiketNilay
 
Pivotal Overview: Canadian Team
Pivotal Overview: Canadian TeamPivotal Overview: Canadian Team
Pivotal Overview: Canadian Team
VMware Tanzu
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Rachel Wandishin
 
Making Network Security Relevant
Making Network Security RelevantMaking Network Security Relevant
Making Network Security Relevant
HP Enterprise Italia
 
Stu r35 a
Stu r35 aStu r35 a
Stu r35 a
SelectedPresentations
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
e-Xpert Solutions SA
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
Adrian Sanabria
 
Tenable_One_Sales_Presentation_for_Customers.pptx
Tenable_One_Sales_Presentation_for_Customers.pptxTenable_One_Sales_Presentation_for_Customers.pptx
Tenable_One_Sales_Presentation_for_Customers.pptx
alex hincapie
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
Imperva
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015
Splunk
 

Similar to CSA Raleigh application security and deception in the cloud (20)

Application security for the modern web - ISSA South Texas Houston DevOps
Application security for the modern web - ISSA South Texas Houston DevOpsApplication security for the modern web - ISSA South Texas Houston DevOps
Application security for the modern web - ISSA South Texas Houston DevOps
 
CheckPoint Software
CheckPoint SoftwareCheckPoint Software
CheckPoint Software
 
Year Zero
Year ZeroYear Zero
Year Zero
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01
 
Pivotal Overview: Canadian Team
Pivotal Overview: Canadian TeamPivotal Overview: Canadian Team
Pivotal Overview: Canadian Team
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
 
Making Network Security Relevant
Making Network Security RelevantMaking Network Security Relevant
Making Network Security Relevant
 
Stu r35 a
Stu r35 aStu r35 a
Stu r35 a
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Tenable_One_Sales_Presentation_for_Customers.pptx
Tenable_One_Sales_Presentation_for_Customers.pptxTenable_One_Sales_Presentation_for_Customers.pptx
Tenable_One_Sales_Presentation_for_Customers.pptx
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015
 

Recently uploaded

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 

Recently uploaded (20)

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 

CSA Raleigh application security and deception in the cloud

  • 1. Application Security & Deception in the Cloud Cloud Security Alliance - Raleigh 01/17/2018
  • 2. Who Am I? Phillip Maddux Principle AppSec Researcher & Advisor @SignalSciences https://signalsciences.com Career Summary AppSec in Financials, EY & GS (~9 yrs) WebDev, DBA, SA, IT Auditor (~7 yrs) Online Twitter: @foospidy Blog: http://pxmx.io LinkedIn: http://linkedin.pxmx.io Github: http://github.com/foospidy Honeypot Enthusiast HoneyDB.io HoneyPy
  • 3. Deception ● What is deception? ● Honeypots 101 ● What does all this provide? ● Having a deception program ● Goal ● Making your cloud dangerous ● Cloud specific considerations Agenda AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
  • 4. AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
  • 5. Describing the Modern Web Frameworks & Architecture ● Client side: Angular, React, etc. ● Server side: API gateways & Microservices - API driven Process ● Agile development cycles ● CI/CD ● DevOps Platforms ● Cloud, e.g. IaaS, PaaS, FaaS ● Containers and Container orchestration (e.g. Kubernetes) @foospidy
  • 6. The modern web... ...is about services, frequent deployments, and scalability. @foospidy
  • 7. AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
  • 9. ML4 - Ultimate Secure SDLC Fantasy... @foospidy
  • 10. Agile! @foospidy Develop, test/verify, deploy to production. All developers… ● Can have a copy of etsy.com on their laptops. ● Have access to deploy to production. ● Can deploy to production whenever they need to. https://www.etsy.com
  • 12. However, Agile! If we can deploy faster we can respond to threats faster. But, visibility of threats is required. A shift in thinking... RSA Conference (2017) - “Tidal Forces: The changes ripping apart security as we know it”, by Rich Mogull. @foospidy
  • 13. AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
  • 14. Shift Left! Shift Left? We’ve been doing that for years... @foospidy
  • 15. Shift Right With the rapid adoption of cloud, it’s time we focused on shifting right. Read… Security’s Shift Right by James Wicket @foospidy
  • 16. What happens after prod? @foospidy
  • 19. Summary of Challenges ● We operate in silos (security, development, operations) ● Limited visibility into what is actually happening (e.g. threats). ● Static signatures resulting in false positives and disrupting the development cycle, and even breaking production. ● Resource spend on maintaining/tuning, rather than on what is important - mitigating threats. ● Existing solutions don’t scale well, not architected for cloud, not built for the modern web. @foospidy
  • 20. AppSec ● Modern Web ● Observations of Secure SDLC ● Legacy Visibility ● Moving Forward in the Modern Web
  • 21. To Shift Right in the Modern Web @foospidy
  • 22. Visibility that is Strategic @foospidy ● What type of attack traffic are your apps experiencing? ● Which apps, and which parts of your apps are being targeted? ● What type of anomalous traffic are your apps experiencing? We need to be able to answer these questions as the answers are feedback for your AppSec program’s resources & priorities.
  • 23. Visibility that is Tactical @foospidy We need the ability to expose security data to DevOps to foster involvement. ● Dashboards on display. ● Integration into devops tool chain. ● API for automation and integration into other monitoring solutions.
  • 24. Detection & Blocking @foospidy We need detection that does not require tuning and enables agile development. ● Dynamic detection of attacks. ● Throttled blocking. ● Only block requests containing attacks. ● Complete decision transparency.
  • 25. Business Risk @foospidy We need the ability to go above and beyond the typical OWASP injection attacks. ● Account Takeover. ● High Risk Transactions. ● Bots. We need to instrument our applications for security!
  • 26. Instrumentation & Correlation @foospidy ● Attacks + anomalous responses ● Attacks + sensitive transactions ● Distinct changes in traffic patterns ● Automation (Bots) + user actions
  • 27. Defending the Modern Web @foospidy We need… Visibility that enables defending applications in real time. You can’t defend against threats you can’t see.
  • 28. Scalability @foospidy Any app layer security solution must… ● Be scalable across cloud, multi-cloud, and on-prem. ● Be a frictionless deployment. ● Work regardless of app stack or language. ● Be performant and reliable.
  • 29. Modern Cloud Platforms @foospidy We should leverage security features of modern cloud platforms… Rotate, Repave, and Repair https://builttoadapt.io/the-three-r-s-of-enterprise-security-rotate-repave-and-repair-f64f6d6ba29d Cloud Foundry https://www.cloudfoundry.org/ We need to be agile in production, keep moving! Credentials Disable Persistence Patch Immediately
  • 30. AppSec in the Modern Web @foospidy We need to continuously increase the cost for attackers.
  • 31. Solution Options @foospidy Engineer application instrumentation. https://codeascraft.com/2011/02/15/measure-anything-measure-everything/ https://vimeo.com/54107692 Start with Open Source and engineer around it. https://github.com/nbs-system/naxsi http://appsensor.org/
  • 32. Deception ● What is deception? ● Honeypots 101 ● What does all this provide? ● Having a deception program ● Goal ● Making your cloud dangerous ● Cloud specific considerations
  • 33. What is deception? @foospidy Automation03 ● Deployment ● Configuration ● Management Lures a.k.a. breadcrumbs02 ● Files on endpoints w/server names or credentials ● Browser history / bookmarks ● Database connection strings Honeypot sensor01 ● Service emulation ● Application layer - feature emulation ● Honey tokens - files or data
  • 34. Honeypots 101 @foospidy A networked system or application that appears to be of production use, but it’s actual purpose is to detect malicious actors on the network. ● Types ○ Production ○ Research ● Interaction Levels ○ Low - less risk to operate ○ Medium - less risk to operate ○ High - more risk to operate
  • 35. What does all this provide? @foospidy Primarily: High fidelity alerts ● Additional layer in your defense-in-depth strategy ● Detect intruders in cases of ○ Control failures ○ Detection / response failures Secondarily: Intelligence ● Collect information on threat actor’s Techniques, Tactics & procedures. ● Motivation and targets.
  • 36. Having a deception program @foospidy Considerations ● Scope - intruder vs. insider, or both? ● Output - alerts vs. intelligence, or both? ● Coverage - internal vs. external, or both? ● Assets - network, application, data? ● Validation - metrics and testing? ● Incident response - integration and prioritization? ● Audit & compliance?
  • 37. Goal @foospidy Make your network dangerous, for the attacker. Desired Result
  • 38. Making your cloud dangerous @foospidy
  • 39. Making your cloud dangerous @foospidy Maturity Level 1: Dedicated deception instances.
  • 40. Making your cloud dangerous @foospidy Maturity Level 2: Blend deception in with production.
  • 43. Cloud Specific Deception Considerations @foospidy ○ App layer deception (taylored) ○ Legit services on non-standard ports, and deception services on standard ports. ○ Storage buckets ○ Honey token documents ○ Access Accounts ○ Cloud log monitoring for honey tokens & accounts Ultimately, think about instrumenting your cloud ecosystem for deception as that will be targeted just as much as your applications.
  • 44. Questions? Twitter: @foospidy Blog: http://pxmx.io LinkedIn: http://linkedin.pxmx.io Github: http://github.com/foospidy Thank you!