Introduction
to Security
in the Cloud
Mark Brooks
VP, Solution Engineering, Alert Logic
SECURITY IS A CHALLENGE
Infrastructure Has Changed
EARLY 2000’s MID 2000’s NOW
Buying Hardware
Infrastructure Has Changed
EARLY 2000’s MID 2000’s NOW
Infrastructure As a ServiceBuying Hardware
Security Has Changed
Security Has Changed
Cybercrime Has Also Changed
Single Actors
EARLY 2000’s MID 2000’s NOW
Cybercrime Has Also Changed
Single Actors Highly Organized Groups
EARLY 2000’s MID 2000’s NOW
Cybercrime is Flourishing
508 is the average
number of applications
in an enterprise
Evolution of AdversariesExpanding Attack Surfaces Overwhelmed Defenses
37% of US companies
face 50,000+ alerts
per month
390,000 new malicious
programs every day with
a viable ecosystem
Forbes, 2014
FireEye, 2015
AV-TEST, 2016
Attack methods are evolving
• Security risks
-Perception of increased risk due to lack of control
-Blind spots: no way to connect on-premise and cloud attacks
-Increased threat surface
-Tuning tools for relevant notifications
Cloud Environment On Premise Environment
Source: Alert Logic CSR 2016
42%
25%
19%
8%
4% 2%
application-attack brute-force suspicious-activity
recon trojan-activity denial-of-service
51%
22%
18%
5% 3% 1%
brute-force suspicious-activity application-attack
trojan-activity recon denial-of-service
Today’s Attacks Have Several Stages
Who is being targeted? BIG
Who is being targeted? And Small
SECURITY IN THE CLOUD
The Cloud Can be Secure
“Public cloud workloads can be at least as
secure as those in your own data center,
likely better.”
Neil McDonald – Gartner Security and Risk Management Summit
London Sept 2015
Cloud has disrupted traditional security
DEPLOYMENT & MANAGEMENT PERFORMANCE & OPERATIONS
CUSTOMER APPLICATION
REQUIREMENTS
TRADITIONAL
SECURITY
CLOUD
DRIVERS
SLOW, COMPLEX
CONFIGURATIONS
AGILITY & AUTOMATION HYPER-SCALABILITY PRIORITY: WEB APPLICATIONS
SCALING CHOKEPOINTS
POOR DETECTION OF
WEB APP ATTACKS
vs vs vs
Challenges of being Secure in the Cloud
SECURITY TOOLS ARE
Complicated to use
Difficult to deploy
Expensive to manage
and tune
HUMAN EXPERTISE IS
Hard to find
Harder to keep
Very expensive
THREAT INTELLIGENCE
AND SECURITY CONTENT
Gets stale quickly
Requires specific
know-how
Validation required to avoid
false positives
Cloud Security – New Approach
The Principles of security do not change
but your Approach to security needs to
change:
• Security best practices are no different in the cloud
• You need to apply the same security standards to
cloud workloads as applied to on-premises
• Understand the Shared Responsibility of Cloud
Security
• Security Monitoring
• Log Analysis
• Vulnerability Scanning
• Network Threat Detection
• Security Monitoring
• Secure Coding and Best Practices
• Software and Virtual Patching
• Configuration Management
• Access Management (including multi-
factor authentication)
• Access Management
• Configuration Hardening
• Patch Management
• TLS/SSL Encryption
• Network Security
Configuration
• Web Application Firewall
• Vulnerability Scanning
• Application level attack monitoring
• Hypervisor Management
• System Image Library
• Root Access for Customers
• Managed Patching (PaaS, not IaaS)
• Logical Network Segmentation
• Perimeter Security Services
• External DDOS, spoofing, and
scanning monitored
APPS
CUSTOMER ALERT LOGICMICROSOFT
VIRTUAL MACHINES
NETWORKING
INFRASTRUCTURE
SERVICES
Cloud Security is a Shared, but not Equal, Responsibility
ALERT LOGIC HAS A SOLUTION
We protect cloud workloads & web applications
• Full-stack security
• Integrated analytics & experts
• Built for cloud
• Cost-effective outcomes
ASSESS
BLOCK COMPLY
DETECT
FULLY-MANAGED SECURITY, DELIVERED AS A SERVICE
Data
Center
Hosting
Your Data
Web App
Attacks
OWASP
Top 10
Platform /
Library
Attacks
System /
Network
Attacks
App Transactions
Log Data
Network Traffic
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Server OS
Hypervisor
Databases
Networking
Cloud Management
APP+CONFIG
ASSESMENT
COLLECTION
TECHNOLOGY
Signatures &
Rules
Anomaly
Detection
Machine
Learning
ANALYTICS
Integrated value chain delivering full stack security, experts included
Petabytes of normalized data from 4000+
customers
• Threat Intelligence
• Security Research
• Data Science
• Security Content
• Security Operations
Center
24/7 EXPERTS
& PROCESS
Web App
Attacks
OWASP
Top 10
Platform /
Library
Attacks
System /
Network
Attacks
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Server OS
Hypervisor
Databases
Networking
Cloud Management
CLOUD INSIGHT
Signatures &
Rules
Anomaly
Detection
Machine
Learning
Integrated value chain delivering full stack security, experts included
• Threat Intelligence
• Security Research
• Data Science
• Security Content
• Security Operations
Center
ACTIVEWATCHDETECTION &
PROTECTION
Web Security
Manager
Log
Manager
Threat
Manager
ALERT LOGIC CLOUD DEFENDER
We designed security for cloud and hybrid environments
GET STARTED IN MINUTES
MAINTAIN COVERAGE AT
CLOUD SCALE
KEEP PRODUCTION FLOWING
with modular services that
grow with you
Comply
with integration to cloud APIs
and DevOps automation
with auto-scaling support and
out-of-band detection
Single pane of glass for workload and application security
across cloud, hosted & on-premises
Leaders
28
8
6
4
10
25
3
5
5
11
8
10
15
24
Other
Amazon
Check Point
Chronicle Data
Cisco
Fortinet
Intel Security
Okta
Symantec
Barricade
JumpCloud
Evident.io
Palerra
Microsoft
CloudPassage
CloudCheckr
FortyCloud
ThreatStack
Alert Logic
A recognized security leader
“Alert Logic has a
head start in the cloud,
and it shows.”
PETER STEPHENSON
SC Magazine review
“…the depth and breadth
of the offering’s analytics
and threat management
process goes beyond
anything we’ve seen…”Who is your primary
in-use vendor for Cloud
Infrastructure Security?
Who are the top vendors
in consideration for Cloud
Infrastructure Security?
Alert Logic
Over 4,000 worldwide customers
AUTOMOTIVE HEALTHCARE
EDUCATION
FINANCIAL	SERVICES
MANUFACTURING
MEDIA/PUBLISHING
RETAIL/E-COMMERCE
ENERGY	&	CHEMICALS
TECHNOLOGY	&	SERVICES
GOV’T	/	NON-PROFIT
BEST PRACTICE & TAKEAWAYS
10 Cloud Security Best Practices
1. Secure your code
2. Create access management policies
3. Data Classification
4. Adopt a patch management approach
5. Review logs regularly
6. Build a security toolkit
7. Stay informed of the latest vulnerabilities that may affect you
8. Understand your cloud service providers security model
9. Understand the shared security responsibility
10. Know your adversaries
10 Cloud Security Best Practices
1. Secure your code
2. Create access management policies
3. Data Classification
4. Adopt a patch management approach
5. Review logs regularly
6. Build a security toolkit
7. Stay informed of the latest vulnerabilities that may affect you
8. Understand your cloud service providers security model
9. Understand the shared security responsibility
10. Know your adversaries
Top 3 Takeaways
1. Cyber Crime is flourishing – Big
and small companies
2. Security in the Cloud has similar
overall principles but new
complexity
3. Alert Logic provides full stack
security with experts included
Thank You.

CSS17: Houston - Introduction to Security in the Cloud

  • 1.
    Introduction to Security in theCloud Mark Brooks VP, Solution Engineering, Alert Logic
  • 2.
    SECURITY IS ACHALLENGE
  • 3.
    Infrastructure Has Changed EARLY2000’s MID 2000’s NOW Buying Hardware
  • 4.
    Infrastructure Has Changed EARLY2000’s MID 2000’s NOW Infrastructure As a ServiceBuying Hardware
  • 5.
  • 6.
  • 7.
    Cybercrime Has AlsoChanged Single Actors EARLY 2000’s MID 2000’s NOW
  • 8.
    Cybercrime Has AlsoChanged Single Actors Highly Organized Groups EARLY 2000’s MID 2000’s NOW
  • 9.
    Cybercrime is Flourishing 508is the average number of applications in an enterprise Evolution of AdversariesExpanding Attack Surfaces Overwhelmed Defenses 37% of US companies face 50,000+ alerts per month 390,000 new malicious programs every day with a viable ecosystem Forbes, 2014 FireEye, 2015 AV-TEST, 2016
  • 10.
    Attack methods areevolving • Security risks -Perception of increased risk due to lack of control -Blind spots: no way to connect on-premise and cloud attacks -Increased threat surface -Tuning tools for relevant notifications Cloud Environment On Premise Environment Source: Alert Logic CSR 2016 42% 25% 19% 8% 4% 2% application-attack brute-force suspicious-activity recon trojan-activity denial-of-service 51% 22% 18% 5% 3% 1% brute-force suspicious-activity application-attack trojan-activity recon denial-of-service
  • 11.
    Today’s Attacks HaveSeveral Stages
  • 12.
    Who is beingtargeted? BIG
  • 13.
    Who is beingtargeted? And Small
  • 14.
  • 15.
    The Cloud Canbe Secure “Public cloud workloads can be at least as secure as those in your own data center, likely better.” Neil McDonald – Gartner Security and Risk Management Summit London Sept 2015
  • 16.
    Cloud has disruptedtraditional security DEPLOYMENT & MANAGEMENT PERFORMANCE & OPERATIONS CUSTOMER APPLICATION REQUIREMENTS TRADITIONAL SECURITY CLOUD DRIVERS SLOW, COMPLEX CONFIGURATIONS AGILITY & AUTOMATION HYPER-SCALABILITY PRIORITY: WEB APPLICATIONS SCALING CHOKEPOINTS POOR DETECTION OF WEB APP ATTACKS vs vs vs
  • 17.
    Challenges of beingSecure in the Cloud SECURITY TOOLS ARE Complicated to use Difficult to deploy Expensive to manage and tune HUMAN EXPERTISE IS Hard to find Harder to keep Very expensive THREAT INTELLIGENCE AND SECURITY CONTENT Gets stale quickly Requires specific know-how Validation required to avoid false positives
  • 18.
    Cloud Security –New Approach The Principles of security do not change but your Approach to security needs to change: • Security best practices are no different in the cloud • You need to apply the same security standards to cloud workloads as applied to on-premises • Understand the Shared Responsibility of Cloud Security
  • 19.
    • Security Monitoring •Log Analysis • Vulnerability Scanning • Network Threat Detection • Security Monitoring • Secure Coding and Best Practices • Software and Virtual Patching • Configuration Management • Access Management (including multi- factor authentication) • Access Management • Configuration Hardening • Patch Management • TLS/SSL Encryption • Network Security Configuration • Web Application Firewall • Vulnerability Scanning • Application level attack monitoring • Hypervisor Management • System Image Library • Root Access for Customers • Managed Patching (PaaS, not IaaS) • Logical Network Segmentation • Perimeter Security Services • External DDOS, spoofing, and scanning monitored APPS CUSTOMER ALERT LOGICMICROSOFT VIRTUAL MACHINES NETWORKING INFRASTRUCTURE SERVICES Cloud Security is a Shared, but not Equal, Responsibility
  • 20.
    ALERT LOGIC HASA SOLUTION
  • 21.
    We protect cloudworkloads & web applications • Full-stack security • Integrated analytics & experts • Built for cloud • Cost-effective outcomes ASSESS BLOCK COMPLY DETECT FULLY-MANAGED SECURITY, DELIVERED AS A SERVICE Data Center Hosting
  • 22.
    Your Data Web App Attacks OWASP Top10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management APP+CONFIG ASSESMENT COLLECTION TECHNOLOGY Signatures & Rules Anomaly Detection Machine Learning ANALYTICS Integrated value chain delivering full stack security, experts included Petabytes of normalized data from 4000+ customers • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center 24/7 EXPERTS & PROCESS
  • 23.
    Web App Attacks OWASP Top 10 Platform/ Library Attacks System / Network Attacks Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management CLOUD INSIGHT Signatures & Rules Anomaly Detection Machine Learning Integrated value chain delivering full stack security, experts included • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center ACTIVEWATCHDETECTION & PROTECTION Web Security Manager Log Manager Threat Manager ALERT LOGIC CLOUD DEFENDER
  • 24.
    We designed securityfor cloud and hybrid environments GET STARTED IN MINUTES MAINTAIN COVERAGE AT CLOUD SCALE KEEP PRODUCTION FLOWING with modular services that grow with you Comply with integration to cloud APIs and DevOps automation with auto-scaling support and out-of-band detection Single pane of glass for workload and application security across cloud, hosted & on-premises
  • 25.
    Leaders 28 8 6 4 10 25 3 5 5 11 8 10 15 24 Other Amazon Check Point Chronicle Data Cisco Fortinet IntelSecurity Okta Symantec Barricade JumpCloud Evident.io Palerra Microsoft CloudPassage CloudCheckr FortyCloud ThreatStack Alert Logic A recognized security leader “Alert Logic has a head start in the cloud, and it shows.” PETER STEPHENSON SC Magazine review “…the depth and breadth of the offering’s analytics and threat management process goes beyond anything we’ve seen…”Who is your primary in-use vendor for Cloud Infrastructure Security? Who are the top vendors in consideration for Cloud Infrastructure Security? Alert Logic
  • 26.
    Over 4,000 worldwidecustomers AUTOMOTIVE HEALTHCARE EDUCATION FINANCIAL SERVICES MANUFACTURING MEDIA/PUBLISHING RETAIL/E-COMMERCE ENERGY & CHEMICALS TECHNOLOGY & SERVICES GOV’T / NON-PROFIT
  • 27.
    BEST PRACTICE &TAKEAWAYS
  • 28.
    10 Cloud SecurityBest Practices 1. Secure your code 2. Create access management policies 3. Data Classification 4. Adopt a patch management approach 5. Review logs regularly 6. Build a security toolkit 7. Stay informed of the latest vulnerabilities that may affect you 8. Understand your cloud service providers security model 9. Understand the shared security responsibility 10. Know your adversaries
  • 29.
    10 Cloud SecurityBest Practices 1. Secure your code 2. Create access management policies 3. Data Classification 4. Adopt a patch management approach 5. Review logs regularly 6. Build a security toolkit 7. Stay informed of the latest vulnerabilities that may affect you 8. Understand your cloud service providers security model 9. Understand the shared security responsibility 10. Know your adversaries
  • 30.
    Top 3 Takeaways 1.Cyber Crime is flourishing – Big and small companies 2. Security in the Cloud has similar overall principles but new complexity 3. Alert Logic provides full stack security with experts included
  • 31.