SlideShare a Scribd company logo

Securing The Cloud: Top Down and Bottom Up

DevOps.com
DevOps.com

As organizations continue to move to the cloud for hosting applications and development, security teams must protect multiple attack surfaces, including the applications and cloud infrastructure. Additionally, attackers are automated and capable. While these attackers continuously probe and find access or vulnerabilities on many different levels, their success usually results from human error in code or infrastructure configurations, such as open admin ports and over privileged identity roles. Join DisruptOps and NetSPI for this webinar to learn how to better secure both the application layer and cloud infrastructure, using both automated tools and capable penetration testers to uncover logic flaws and other soft spots. We will share how to find and remediate your own vulnerabilities more efficiently, before the attackers do.

Technology
1 of 20
Download to read offline
Securing The Cloud: Top Down and Bottom Up Mike Rothman / President / DisruptOps Karl Fosaaen / Practice Director / NetSPI
Introductions
Karl Fosaaen, Practice Director - NetSPI • Joined NetSPI in 2011 • Leads the Cloud Pentesting Service • Leads the NetSPI Portland office • Creator of MicroBurst, a toolset for pentesting Azure • NetSPI was founded in 2001 and works with seven of the top 10 U.S. banks and two of the three largest global cloud providers. • NetSPI has completed over 10,000 engagements and reported more than 4 million vulnerabilities.
Mike Rothman, President - DisruptOps • Founded in 2014 • Raised $10M+ in funding • 2019 RSA Innovation Sandbox Top 10 Finalists • Pioneering pathways to accelerate cloud adoption • Helping organizations of all sizes embrace trustable cloud management and automation at scale • DisruptOps provides a SaaS-based, Detection and Response platform that automates assessment and remediation procedures of critical cloud security issues
Securing the Cloud from Top Down…
Common Pentest Requirements • Application Testing • Recently ported legacy applications • New applications • Recent or upcoming code pushes • Web / Mobile / Thick Client • Network Testing • Internal Network • External Network • Segmentation testing (PCI)
How do we pentest “The Cloud”? • With Permission… • Traditional Network / App testing • Traditional Vulnerability/Port scanners • Nessus, Nmap, Burp Suite, etc. • Cloud Configuration Review • Automated tools to dump configurations and find issues • Manual review of console/portal interfaces
What services do we care about? • Virtual Machines • Serverless Code • Platform Users and Groups • How permissions are applied (IAM) • Integrations with identity providers (IDPs/Federation/SSO) • (Potentially) Public-facing PaaS services • Web application services • Database services • Data storage
How to plan/scope your cloud pen test • Gather counts of resources • Numbers of: • Virtual Machines • Public IPs • PaaS services • Include public facing IPs in your external ranges • Beware of dynamic IPs • Include application testing as part of your scope • Complete a separate Cloud environment pen test • Scope should cover App/Network/Config
Securing the Cloud from Bottom Up
The Security Hamster Wheel of Pain
Why is Cloud Security at Scale Hard? • Complexity – hundreds of cloud services and tens of thousands of resources spread across multiple cloud accounts. • Speed of change – DevOps and agile approaches have led to frequent and even continuous change. • Human error – Lack of expertise and tools leave issues undetected and unresolved. • Automated attackers – Exposed cloud resources are rapidly discovered an exploited by automated attacks.
Get off the Hamster Wheel with a Cloud SecOps Platform Events API Hyperscale Automation Engine Governance Notifications and Reporting Remediation Issues Ac<ons Detec<on and Response Rules
Platform Critical Capabilities Event-Driven Internal architecture is completely event-driven, for both internal and external events SaaS DisruptOps is a fully multitenant SaaS application Secure by Design Security is baked in; including an advanced least-privilege provisioning system Serverless DisruptOps is fully cloud- native and serverless for cloud-scale support.
Use Case: Assessment and Remediation Assess: Find port 22 open to the Internet Action: Restrict to known IP addresses Issue: instance xxx exposes TCP/22 to 0.0.0.0/0 Notifications and Reporting Cloud Inventory Verify action and refresh resource in inventory
Use Case: Detection and Response Events Rules Cryptocurrency Miner Detected by GuardDuty Matched Guardrail Terminate Instance Action Decision Notifications and Reporting Process decision action response
The Key to Automation: Decisions • Human integrated automation puts the power in the hands of the administrators • Fully automated, UI Interaction, ChatOps – Delay/Wait actions
Top Down Meets Bottom Up Identify Issue Remediate Once Automate Continuous Assessment
Q&A NetSPI https://www.netspi.com/ sales@NetSPI.com Karl.Fosaaen@ NetSPI.com DisruptOps https://disruptops.com sales@disruptops.com mrothman@disruptops.com

Recommended

Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?DevOps.com
 
Reference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudReference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudNetskope
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Sebastian Taphanel CISSP-ISSEP
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipNetskope
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionSeniorStoryteller
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybSeniorStoryteller
 

Recommended

Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?Do You Trust Your DevSecOps Pipeline?
Do You Trust Your DevSecOps Pipeline?DevOps.com
 
Reference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudReference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudNetskope
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Sebastian Taphanel CISSP-ISSEP
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipNetskope
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionSeniorStoryteller
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybSeniorStoryteller
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceTom Stiehm
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev opsTom Stiehm
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope
 
Security as Code
Security as CodeSecurity as Code
Security as CodeEd Bellis
 
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXContinuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXDevOps.com
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...SeniorStoryteller
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsSeniorStoryteller
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...Netskope
 
Cloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionNetskope
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureDevSecOpsSg
 
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOpsOutpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOpsOutpost24
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureWhiteSource
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015Shannon Lietz
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owaspShannon Lietz
 
Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...WhiteSource
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsWhiteSource
 
Securing the Cloud Native stack
Securing the Cloud Native stackSecuring the Cloud Native stack
Securing the Cloud Native stackHector Tapia
 
Cisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformCisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformShashi Kiran
 

More Related Content

What's hot

Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceTom Stiehm
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev opsTom Stiehm
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope
 
Security as Code
Security as CodeSecurity as Code
Security as CodeEd Bellis
 
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXContinuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXDevOps.com
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...SeniorStoryteller
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsSeniorStoryteller
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...Netskope
 
Cloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionNetskope
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureDevSecOpsSg
 
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOpsOutpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOpsOutpost24
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureWhiteSource
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015Shannon Lietz
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owaspShannon Lietz
 
Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...WhiteSource
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsWhiteSource
 

What's hot (20)

Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 Conference
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good Thing
 
Security as Code
Security as CodeSecurity as Code
Security as Code
 
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXContinuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon Edwards
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
 
Cloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity Edition
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOpsOutpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure Culture
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owasp
 
Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOps
 

Similar to Securing The Cloud: Top Down and Bottom Up

Securing the Cloud Native stack
Securing the Cloud Native stackSecuring the Cloud Native stack
Securing the Cloud Native stackHector Tapia
 
Cisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformCisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformShashi Kiran
 
Securing the Cloud Native Stack
Securing the Cloud Native StackSecuring the Cloud Native Stack
Securing the Cloud Native StackApcera
 
Risc and velostrata 2 28 2018 lessons_in_cloud_migration
Risc and velostrata 2 28 2018 lessons_in_cloud_migrationRisc and velostrata 2 28 2018 lessons_in_cloud_migration
Risc and velostrata 2 28 2018 lessons_in_cloud_migrationRISC Networks
 
FLUX - Crash Course in Cloud 2.0
FLUX - Crash Course in Cloud 2.0 FLUX - Crash Course in Cloud 2.0
FLUX - Crash Course in Cloud 2.0 Mark Hinkle
 
Introduction to the Typesafe Reactive Platform
Introduction to the Typesafe Reactive PlatformIntroduction to the Typesafe Reactive Platform
Introduction to the Typesafe Reactive PlatformBoldRadius Solutions
 
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...Trivadis
 
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkCoding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkJames Wickett
 
Technology insights: Decision Science Platform
Technology insights: Decision Science PlatformTechnology insights: Decision Science Platform
Technology insights: Decision Science PlatformDecision Science Community
 
Turning up-the-heat
Turning up-the-heatTurning up-the-heat
Turning up-the-heatTim Pouyer
 
Webinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsWebinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsStorage Switzerland
 
Making Cloud Deployment A Reality For End-To-End Policy Administration
Making Cloud Deployment A Reality For End-To-End Policy AdministrationMaking Cloud Deployment A Reality For End-To-End Policy Administration
Making Cloud Deployment A Reality For End-To-End Policy AdministrationAccenture Insurance
 
Serverless & Microservices Architecture
Serverless & Microservices ArchitectureServerless & Microservices Architecture
Serverless & Microservices ArchitectureJason Woods
 
Adapting to a Hybrid World [Webinar on Demand]
Adapting to a Hybrid World [Webinar on Demand]Adapting to a Hybrid World [Webinar on Demand]
Adapting to a Hybrid World [Webinar on Demand]ServerCentral
 
State of the Cloud and Data Centers 2014
State of the Cloud and Data Centers 2014State of the Cloud and Data Centers 2014
State of the Cloud and Data Centers 2014Digital Realty
 
IW14 Session: webMethods World
IW14 Session: webMethods WorldIW14 Session: webMethods World
IW14 Session: webMethods WorldSoftware AG
 
Self-Driving Data Center
Self-Driving Data CenterSelf-Driving Data Center
Self-Driving Data CenterSergey A. Razin
 
Executive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersExecutive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersNVISIA
 
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabFlintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabTechWell
 

Similar to Securing The Cloud: Top Down and Bottom Up (20)

Securing the Cloud Native stack
Securing the Cloud Native stackSecuring the Cloud Native stack
Securing the Cloud Native stack
 
Cisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud PlatformCisco ACI for the Microsoft Cloud Platform
Cisco ACI for the Microsoft Cloud Platform
 
Securing the Cloud Native Stack
Securing the Cloud Native StackSecuring the Cloud Native Stack
Securing the Cloud Native Stack
 
Risc and velostrata 2 28 2018 lessons_in_cloud_migration
Risc and velostrata 2 28 2018 lessons_in_cloud_migrationRisc and velostrata 2 28 2018 lessons_in_cloud_migration
Risc and velostrata 2 28 2018 lessons_in_cloud_migration
 
FLUX - Crash Course in Cloud 2.0
FLUX - Crash Course in Cloud 2.0 FLUX - Crash Course in Cloud 2.0
FLUX - Crash Course in Cloud 2.0
 
Introduction to the Typesafe Reactive Platform
Introduction to the Typesafe Reactive PlatformIntroduction to the Typesafe Reactive Platform
Introduction to the Typesafe Reactive Platform
 
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
 
Coding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE frameworkCoding Secure Infrastructure in the Cloud using the PIE framework
Coding Secure Infrastructure in the Cloud using the PIE framework
 
Technology insights: Decision Science Platform
Technology insights: Decision Science PlatformTechnology insights: Decision Science Platform
Technology insights: Decision Science Platform
 
Turning up-the-heat
Turning up-the-heatTurning up-the-heat
Turning up-the-heat
 
Webinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsWebinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy Applications
 
Making Cloud Deployment A Reality For End-To-End Policy Administration
Making Cloud Deployment A Reality For End-To-End Policy AdministrationMaking Cloud Deployment A Reality For End-To-End Policy Administration
Making Cloud Deployment A Reality For End-To-End Policy Administration
 
What is DevOps?
What is DevOps?What is DevOps?
What is DevOps?
 
Serverless & Microservices Architecture
Serverless & Microservices ArchitectureServerless & Microservices Architecture
Serverless & Microservices Architecture
 
Adapting to a Hybrid World [Webinar on Demand]
Adapting to a Hybrid World [Webinar on Demand]Adapting to a Hybrid World [Webinar on Demand]
Adapting to a Hybrid World [Webinar on Demand]
 
State of the Cloud and Data Centers 2014
State of the Cloud and Data Centers 2014State of the Cloud and Data Centers 2014
State of the Cloud and Data Centers 2014
 
IW14 Session: webMethods World
IW14 Session: webMethods WorldIW14 Session: webMethods World
IW14 Session: webMethods World
 
Self-Driving Data Center
Self-Driving Data CenterSelf-Driving Data Center
Self-Driving Data Center
 
Executive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersExecutive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of Containers
 
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabFlintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Securing The Cloud: Top Down and Bottom Up

  • 1. Securing The Cloud: Top Down and Bottom Up Mike Rothman / President / DisruptOps Karl Fosaaen / Practice Director / NetSPI
  • 3. Karl Fosaaen, Practice Director - NetSPI • Joined NetSPI in 2011 • Leads the Cloud Pentesting Service • Leads the NetSPI Portland office • Creator of MicroBurst, a toolset for pentesting Azure • NetSPI was founded in 2001 and works with seven of the top 10 U.S. banks and two of the three largest global cloud providers. • NetSPI has completed over 10,000 engagements and reported more than 4 million vulnerabilities.
  • 4. Mike Rothman, President - DisruptOps • Founded in 2014 • Raised $10M+ in funding • 2019 RSA Innovation Sandbox Top 10 Finalists • Pioneering pathways to accelerate cloud adoption • Helping organizations of all sizes embrace trustable cloud management and automation at scale • DisruptOps provides a SaaS-based, Detection and Response platform that automates assessment and remediation procedures of critical cloud security issues
  • 6. Common Pentest Requirements • Application Testing • Recently ported legacy applications • New applications • Recent or upcoming code pushes • Web / Mobile / Thick Client • Network Testing • Internal Network • External Network • Segmentation testing (PCI)
  • 7. How do we pentest “The Cloud”? • With Permission… • Traditional Network / App testing • Traditional Vulnerability/Port scanners • Nessus, Nmap, Burp Suite, etc. • Cloud Configuration Review • Automated tools to dump configurations and find issues • Manual review of console/portal interfaces
  • 8. What services do we care about? • Virtual Machines • Serverless Code • Platform Users and Groups • How permissions are applied (IAM) • Integrations with identity providers (IDPs/Federation/SSO) • (Potentially) Public-facing PaaS services • Web application services • Database services • Data storage
  • 9. How to plan/scope your cloud pen test • Gather counts of resources • Numbers of: • Virtual Machines • Public IPs • PaaS services • Include public facing IPs in your external ranges • Beware of dynamic IPs • Include application testing as part of your scope • Complete a separate Cloud environment pen test • Scope should cover App/Network/Config
  • 11.
  • 12. The Security Hamster Wheel of Pain
  • 13. Why is Cloud Security at Scale Hard? • Complexity – hundreds of cloud services and tens of thousands of resources spread across multiple cloud accounts. • Speed of change – DevOps and agile approaches have led to frequent and even continuous change. • Human error – Lack of expertise and tools leave issues undetected and unresolved. • Automated attackers – Exposed cloud resources are rapidly discovered an exploited by automated attacks.
  • 14. Get off the Hamster Wheel with a Cloud SecOps Platform Events API Hyperscale Automation Engine Governance Notifications and Reporting Remediation Issues Ac<ons Detec<on and Response Rules
  • 15. Platform Critical Capabilities Event-Driven Internal architecture is completely event-driven, for both internal and external events SaaS DisruptOps is a fully multitenant SaaS application Secure by Design Security is baked in; including an advanced least-privilege provisioning system Serverless DisruptOps is fully cloud- native and serverless for cloud-scale support.
  • 16. Use Case: Assessment and Remediation Assess: Find port 22 open to the Internet Action: Restrict to known IP addresses Issue: instance xxx exposes TCP/22 to 0.0.0.0/0 Notifications and Reporting Cloud Inventory Verify action and refresh resource in inventory
  • 17. Use Case: Detection and Response Events Rules Cryptocurrency Miner Detected by GuardDuty Matched Guardrail Terminate Instance Action Decision Notifications and Reporting Process decision action response
  • 18. The Key to Automation: Decisions • Human integrated automation puts the power in the hands of the administrators • Fully automated, UI Interaction, ChatOps – Delay/Wait actions
  • 19. Top Down Meets Bottom Up Identify Issue Remediate Once Automate Continuous Assessment