Download as PDF, PPTX
Uploaded byAlert Logic
Security Implications of the Cloud
Web application attacks are now the number one source of data breaches, accounting for over 30% of all breaches. However, less than 5% of security budgets are spent on application security. The risks are shifting to unprotected web applications and workloads due to a wide range of attacks at every layer of the stack, rapidly changing codebases that can introduce vulnerabilities, and a shortage of cloud and application security expertise. Perimeter and endpoint security tools fail to protect cloud attack surfaces, so a new approach is needed that can identify, tune, and permit known good traffic while blocking known bad and suspicious traffic across the entire application stack.
More Related Content
Similar to Security Implications of the Cloud
![OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]](https://cdn.slidesharecdn.com/ss_thumbnails/opensouthcode19-applicationsecurityfundamentals-210905095336-thumbnail.jpg?width=640&height=640&fit=bounds)
Security Implications of the Cloud
- 1. Thank you.Security Implicationsof the Cloud Charles Johnson – Director, Solutions Engineering, Alert Logic
- 2. 5 47 74 89 184 289 277 222 207 571 Denial of Service Crimeware PhysicalTheft / Loss Payment Card Skimmers Everything Else Cyber-espionage Privilege Misuse Miscellaneous Errors POS Intrusions Web App Attacks Web app attacks are now the #1 source of data breaches But less than 5% of data center security budgets are spent on app security Source: Verizon DBIR 2017 n= 1,935 UP 300% SINCE 2014 $23 to $1 Percentage of Breaches 10% 20% 30% Source: Gartner Web App Attacks Security risk is shifting to unprotected web applications
- 3. Vulnerabilities + Change + Shortage Complexityof defending web applications and workloads Risks are moving up the stack 1. Wide range of attacks at every layer of the stack 2. Rapidly changing codebase can introduces unknown vulnerabilities 3. Long tail of exposures inherited from 3rd party development tools 4. Extreme shortage of cloud and application security expertise Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Perimeter & end-point security tools fail to protect cloud attack surface Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
- 4. Tame the Beast IndustryChallenge: The Good, the Bad and the Ugly Known Good Known Bad Suspicious Allow Identify | Tune | Permit Block Drop | Reconfigure Application Stack Web Apps Server-side Apps App Frameworks Dev Platforms Databases Server OS Hypervisor Hardware Classification Action HUMAN EXPERT REQUIRED
- 5.
- 6. Customer X –Data Exfiltration Company Profile Textile Industry $65M Annual Revenue 500+ Employees 4 Branch Offices (NA) IT Dedicated Headcount – 14 Security Dedicated Headcount – 2 Hybrid Data Center (AWS & CoLo)
- 7. Customer X –Data Exfiltration Company Profile Textile Industry $65M Annual Revenue 500+ Employees 4 Branch Offices (NA) IT Dedicated Headcount – 14 Security Dedicated Headcount – 2 Hybrid Data Center (AWS & CoLo) Attack Progression Stalked company on LinkedIn and Google Gained entry through PHP (KNOWN) flaws Replaced PHP login to capture credentials Leveraged credentials to access critical system Stole Financial, Design data & Roadmap Undetected for 4 months – FBI Notification Cost of Breach - $1.8M
- 8.