Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Detection, Response and the Azazel Rootkit

3,664 views

Published on

Detection, Response and the Azazel Rootkit

Published in: Technology
  • Be the first to comment

Detection, Response and the Azazel Rootkit

  1. 1. Detection, Response and the Azazel Rootkit Continuous Monitoring for Elastic Infrastructure ! Wednesday, March 19th, 2014 !
  2. 2. Topics ‣ Defining Purpose Built for the Cloud ‣ The Cloud Threat Landscape ‣ Cloud Security is a Shared Responsibility ‣ Introducing Cloud Sight ‣ Detecting the Azazel rootkit with Continuous Monitoring ‣ Q & A
  3. 3. Agility Driving Cloud Adoption But Security Concerns Remain As reported by Right Scale: http://www.rightscale.com/pdf/rightscale-state-of-the-cloud-report-2013.pdf
  4. 4. Purpose Built Security Solutions are Required ‣ No customer controlled egres point ‣ Resource intensive agents drive CPU/Hour $ ‣ Lack of elasticity ‣ Servers launched with no protection ‣ On-prem designed backend lack scale ‣ Need persistence of forensics data for transient instances ‣ Manual agent deployment
  5. 5. Cloud Ready, by Design ‣ Easy to deploy within DevOps processes ‣ True Elasticity ‣ Native Elastic Beanstalk support ‣ Big data backend enables scale, analytics, and IR forensics ‣ Linux sensors, not agents ‣ Continuous v. real-time monitoring ‣ Resource friendly !
  6. 6. The Cloud Threat Landscape • Publicly Accessible ! • You don’t control the hardware ! • Linux / Open Source Software
  7. 7. Cloud Security is a Shared Responsibility • It’s not the cloud providers responsibility to protect your data. ! • It’s not all bad - some providers offer some security features. ! • Continuous monitoring is no longer a luxury but a necessity.
  8. 8. Introducing Cloud Sight Continuous Monitoring for Elastic Infrastructure • Cloud Ready By Design. ! • Continuos Monitoring for Cloud Assets, Automated Behavioral Profiling. ! • Server activity does not change as drastically as desktop endpoints. ! • Reconstructing the TTY session and gathering context on all asset behavior is a must.
  9. 9. Cloud Sight in Action Detecting the Azazel Rootkit
  10. 10. Thank You! Q & A

×