This document discusses the security implications of cloud computing and summarizes a presentation by Ben Masino of Alert Logic. It notes that web application attacks are now the number one source of data breaches, but less than 5% of security budgets are spent on application security. It also outlines some of the challenges in defending applications and workloads in the cloud, including a wide range of attacks at every layer of the stack and vulnerabilities introduced through rapidly changing code and third party tools. The document then provides an example of a data exfiltration attack against a textile company, where the attacker was able to access critical systems and steal financial and design data by exploiting known PHP flaws and leveraging captured credentials.

1. Thank you.

2. SECURITY
IMPLICATIONS
OF THE CLOUD.
Ben Masino
Territory Director, Alert Logic

3. 5
47
74
89
184
289
277
222
207
571
Denial of Service
Crimeware
Physical Theft / Loss
Payment Card Skimmers
Everything Else
Cyber-espionage
Privilege Misuse
Miscellaneous Errors
POS Intrusions
Web App Attacks
Security risk is shifting to unprotected web applications
Web app attacks are now the
#1 source of data breaches
But less than 5% of data center security
budgets are spent on app security
Source: Verizon DBIR 2017
n= 1,935
UP 300% SINCE 2014
$23 to $1
Percentage of Breaches
10% 20% 30%
Source: Gartner
Web App Attacks

4. Vulnerabilities
+ Change
+ Shortage
Complexity of defending web applications and workloads
Risks are moving up the stack
1. Wide range of attacks at every
layer of the stack
2. Rapidly changing codebase can
introduces unknown vulnerabilities
3. Long tail of exposures inherited
from 3rd party development tools
4. Extreme shortage of cloud and
application security expertise
Web App
Attacks
OWASP
Top 10
Platform /
Library
Attacks
System /
Network
Attacks
Perimeter & end-point security tools
fail to protect cloud attack surface
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Server OS
Hypervisor
Databases
Networking
Cloud Management

5. Tame the Beast
Industry Challenge: The Good, the Bad and the Ugly
Known Good
Known Bad
Suspicious
Allow
Identify | Tune | Permit
Block
Drop | Reconfigure
Application Stack
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Databases
Server OS
Hypervisor
Hardware Classification Action
HUMAN EXPERT
REQUIRED

6. CASE
ILLUSTRATION

7. Customer X – Data Exfiltration
Company Profile
Textile Industry
$65M Annual Revenue
500+ Employees
4 Branch Offices (NA)
IT Dedicated Headcount – 14
Security Dedicated Headcount –
2
Hybrid Data Center (AWS &
CoLo)

8. Customer X – Data Exfiltration
Company Profile
Textile Industry
$65M Annual Revenue
500+ Employees
4 Branch Offices (NA)
IT Dedicated Headcount – 14
Security Dedicated Headcount –
2
Hybrid Data Center (AWS &
CoLo)
Attack Progression
Stalked company on LinkedIn and Google
Gained entry through PHP (KNOWN) flaws
Replaced PHP login to capture credentials
Leveraged credentials to access critical
system
Stole Financial, Design data & Roadmap
Undetected for 4 months – FBI Notification
Cost of Breech - $1.8M

9. AGENDA

10. Thank you.
#CSS2017

11. Thank You.