This document discusses security in the cloud and provides recommendations. It summarizes that while the cloud provides tools to enhance security, customers are still responsible for 95% of security failures due to human error. It then outlines some key findings: 1) customers must secure their entire attack surface, 2) vulnerabilities can emerge from an organization's code, configurations, and inherited issues, and 3) hybrid environments see more security incidents than public cloud alone. The document recommends that organizations find and fix vulnerabilities across their platforms, block known bad traffic, remain vigilant through monitoring, and achieve compliance as an outcome rather than a box-checking exercise. It positions Alert Logic as a partner that can help with these recommendations through anomaly detection, leveraging multiple detection

1. Thank you.

2. REALITY CHECK:
SECURITY IN THE CLOUD
Charles Johnson
Director, Sales Engineering – US WEST

3. The Cloud Is Secure
AWS has all the tools you need to secure your cloud!
• AWS WAF
• CloudFront
• Security Groups
• AWS Artifact
• Certificate Manager
• AWS Cloud HSM
• Amazon Cognito
• AWS Firewall Manager
• Guardduty
• AWS IAM
• Inspector
• AWS KMS
• Amazon Macie
• AWS Shield
• AWS Secrets Manager
• AWS SSO

4. Sometimes…
• Through 2022, at least 95% of cloud security failures will be the customer’s
fault – Gartner
• More than 1.5 billion sensitive corporate and other files are visible on the
public internet due to human error – Digital Shadows
• 88% of Java applications had at least one component-based vulnerability,
56% of all PHP apps had at least one SQLi vulnerability - Veracode
• Attackers are outpacing enterprises with technology such as machine learning
and artificial intelligence (AI) – Ponemon/ServiceNow

5. Alert Logic Security Operations Center

6. Alert Logic Cloud Security Report 2017
CONFIDENTIAL
550 DAYS
AUG 1, 2015 –JAN 31 2017
3807 CUTOMERS
ANALYZED
452
SIC CODES ACROSS 3 CONTINENTS
32.5 MILLION
EVENTS DRIVING ESCALATED INCIDENTS
147 PETABYTES
OF DATA ANALYZED
2,207,795
TOTAL TRUE POSITIVE SECURITY INCIDENTS ANALYZED

7. Key Findings
1. Watch your whole Attack Surface
2. Vulnerabilities have Emergent Properties
3. The Hybrid Chasm is real
4. No one detection method is enough

8. WEB
APP…
Brute
Force
16%
Recon
5%
Server-side
Malware
2%
DoS / DDoS
1%
Other
1%
75
%
DOS/DDOS
1% OTHER
1%
SERVER-SIDE
MALWARE
2%
RECON
5%
Web App Attacks – King of the Hill
BRUTE
FORCE
5%
SQL INJECTION
55% REMOTE
CODE
EXECUTION
22%
XXE
3%
APACHE
STRUTS
RCE
6%
WEB APP
ATTACK
RECON
5%
FILE
UPLOAD
6%
OTHER
4%
SECURITY INCIDENT TYPES ESCALATED

9. Increasing vulnerabilities at every layer
Vulnerabilities in
YOUR CODE
Vulnerabilities in
YOUR CONFIGS
Vulnerabilities
YOU INHERIT

10. Workload Environments Impact Incident Volumes
2.5x
more security incidents
observed in Hybrid vs
Public Cloud
51%
higher rate of
security incidents in
on premises vs Cloud
AVERAGE PER CUSTOMER SECURITY INCIDENT COUNTS

11. Ok, Now what?
• Find the Vulnerabilities
- DON’T FORGET PLATFORM
• Block Known Bad
• Always Be Watching
• Compliance is an Outcome

12. Alert Logic can help!

13. Address Vulnerabilities
Source: SC Magazine: scmagazine.com/one-year-later-heartbleed-still-a-threat/article/407803/
SHELLSHOCK HEARTBLEED
% of Global 2000
Organizations
Vulnerable to
Heartbleed in
August 2014: 76%
April, 2015: 74%
359 of 6000 analyzed containers – Tenable, 2018

14. Leverage Multiple Detection Techniques

15. Anomaly Detection – Something Just Doesn’t Look Right

16. Multi-stage Application Attacks Appear As Noise

17. Enter Machine Learning
Over nine months :
8-10% of the customers we
monitored were targeted by
actors with better-than-average
levels of skill and determination
Each attack
had a High
degree of
complexity
Identified,
approx. 231
attacks

18. Multi-stage Attacks
Time: Day 1
Event: Early stage recon event
Criticality: Medium
Time: Day 19
Event: SQL Injection recon
Criticality: Medium
Time: Day 38
Event: SQL table enumeration
Criticality: High
Time: Day 71
Event: Injection
Criticality: Critica
Situation: Multiple address spaces and disparate unrelated events over days

19. Compliance without ComplexityCompliance is an outcome!

20. Best Practices
Know your Shared
Security
Responsibilities with
AWS
Attack surface
isn’t just where
your data resides
Continually assess for
exposures across all
environments
Understand impacts
from applicable
compliance mandates
Implement controls
built for cloud ,
containers, and
DevOps

21. We can help

22. Thank you.