Copyright © 2017 Samsung SDS Co., Ltd. All rights reserved | Confidential

Oct 25, 2017

Samsung SDS

클라우드 기반효율적

보안 모니터링

2017 Samsung SDS

Cyber Security Conference

junho.choun@samsung.com

Agenda

I. Introduction

- Definition of Cloud Computing

- Shared Responsibility Model

II. Challenge

- Security Misconfiguration

- Hacked Cloud Account

III. Solution

- Cloud Access Security Broker

- Management & Alert

IV. Conclusion

Agenda

I. Introduction

- Definition of Cloud Computing

- Shared Responsibility Model

II. Challenge

- Security Misconfiguration

- Hacked Cloud Account

III. Solution

- Cloud Access Security Broker

- Management & Alert

IV. Conclusion

Copyright © 2017 Samsung SDS All rights reserved | Confidential 3 23

Definition of Cloud Computing Ⅰ. Introduction

Essential

Characteristics

Rapid Elasticity Measured Service

Broad Network Access Resource Pooling

On-demand Self-service

Service

Model

Deployment

Model

Hybrid Cloud

Infra

as a

Service

Platform

as a

Service

Software

as a

Service

Public

Cloud

Community

Cloud

Private

Cloud

Copyright © 2017 Samsung SDS All rights reserved | Confidential 4 23

Shared Responsibility Model

On-Premises IaaS PaaS SaaS

User

Networking

Storage

Server

Hypervisor

Guest OS

Middleware

Runtime

Data

Application

Physical

Networking

Storage

Server

Hypervisor

Guest OS

Middleware

Runtime

Data

Application

Physical

Networking

Storage

Server

Hypervisor

Guest OS

Middleware

Runtime

Data

Application

Physical

Networking

Storage

Server

Hypervisor

Guest OS

Middleware

Runtime

Data

Application

Physical

Pro

vid

er

Pro

vid

er

Pro

vid

er

User

User

Ⅰ. Introduction

Account Account AccountApplication

Copyright © 2017 Samsung SDS All rights reserved | Confidential 5 23

Hypervisor

Server/Storage

Networking

Physical

Shared Responsibility Model (cont.) Ⅰ. Introduction

IaaS

Application

/Data

Runtime

Middleware

Guest OS

Request

ResponsePhysical

Networking

Storage

Server

Hypervisor

Pro

vid

er

Guest OS

Middleware

Runtime

Data

Application

User

Account

Agenda

I. Introduction

- Definition of Cloud Computing

- Shared Responsibility Model

II. Challenge

- Security Misconfiguration

- Hacked Cloud Account

III. Solution

- Cloud Access Security Broker

- Management & Alert

IV. Conclusion

Copyright © 2017 Samsung SDS All rights reserved | Confidential 7 23※ Source : AWS Architecture Center, Reference Architecture for WordPress Hosting

Security Misconfiguration Ⅱ. Challenge

Anti-DDoSFirewall

WAF

IDS/IPS

Anti-WebShell

DB Access

Control

Legacy

Hacker

Cloud

Admin

Copyright © 2017 Samsung SDS All rights reserved | Confidential 8 23

Security Misconfiguration (cont.) Ⅱ. Challenge

Root Cause Incident in 2017

Copyright © 2017 Samsung SDS All rights reserved | Confidential 9 23

Security Misconfiguration (cont.) Ⅱ. Challenge

※ Source : AWS Management Console

Copyright © 2017 Samsung SDS All rights reserved | Confidential 10 23

Security Misconfiguration (cont.) Ⅱ. Challenge

※ Source : Project Heisenberg Cloud - Cross-Cloud Adversary Analytics - RAPID7 LABS - NOV16

Project Heisenberg Cloud : Services Exposed by Users of Cloud Environments

Amazon Azure Digital Ocean Google Rackspace Softlayer

Windows 1.2% 1.9% 0.3% 0.3% 4.0% 10.8%

Database 4.3% 3.6% 10.4% 2.5% 7.1% 22.4%

Mail 1.8% 1.4% 13.0% 0.4% 15.3% 34.0%

Shell 35.3% 17.7% 86.4% 74.1% 34.5% 42.7%

Web 74.2% 70.9% 80.3% 53.5% 83.1% 80.7%

22.4%

86.4% 74.1%

Copyright © 2017 Samsung SDS All rights reserved | Confidential 11 23

Ⅱ. Challenge

※ Source : Microsoft Security Intelligence Report (SIR) Volume 22 Highlights (Jan-Mar 2017)

0%

50%

100%

150%

200%

250%

300%

350%

400%

450%

JAN FEB MAR

2016 2017

Observed Accounts Under Attack During the First Three Months of 2016 & 2017

Hacked Cloud Account

Copyright © 2017 Samsung SDS All rights reserved | Confidential 12 23

Hacked Cloud Account (cont.)

SaaS

Networking

Storage

Server

Hypervisor

Guest OS

Middleware

Runtime

Data

Application

Physical

Ⅰ. Introduction

Account

IaaS

Networking

Storage

Server

Hypervisor

Guest OS

Middleware

Runtime

Data

Application

Physical

Account

Access, Session

Control

View, Modify, Delete, Download

& Encrypt All Data

View, Modify, Delete, Download

& Encrypt All Data

Login & Authentication + Password Policy + Auditing & Logging

User, Admin IP

Restrict

Agenda

I. Introduction

- Definition of Cloud Computing

- Shared Responsibility Model

II. Challenge

- Security Misconfiguration

- Hacked Cloud Account

III. Solution

- Cloud Access Security Broker

- Management & Alert

IV. Conclusion

Copyright © 2017 Samsung SDS All rights reserved | Confidential 14 23

Detect

Ⅲ. Solution

Authentication, Authorization

& Accounting

Machine Learning

& Big-data

24×7 Monitoring

& Dashboard

Manage Alert

!

Groupware CASB

Cloud Access Security Broker

SIEM

Security Information

& Event Management

Copyright © 2017 Samsung SDS All rights reserved | Confidential 15 23

Cloud Access Security Broker Ⅲ. Solution

Copyright © 2017 Samsung SDS All rights reserved | Confidential 16 23

Cloud Access Security Broker (cont.) Ⅲ. Solution

Cloud Marketplace

Cloud Broker Platform

Cloud management

SaaS

PaaS

IaaS

Cloud Platform

Virtualization Software/Mgmt

Hardware

Copyright © 2017 Samsung SDS All rights reserved | Confidential 17 23

Security Whitepapers CASB

Cloud Access Security Broker (cont.) Ⅲ. Solution

Bigdata Machine Learning

Audit

Copyright © 2017 Samsung SDS All rights reserved | Confidential 18 23

Cloud Access Security Broker (cont.) Ⅲ. Solution

CASB CASB CASB CASB

Copyright © 2017 Samsung SDS All rights reserved | Confidential 19 23

Management & Alert

Employer

Groupware Alert DashboardSIEM

Audit Log

Audit Log

Ⅲ. Solution

On-premise CASB

Employee

CASBUnmanaged

API Call

INTERNET

INTERNET

PaaS SaaSIaaS

Agenda

I. Introduction

- Definition of Cloud Computing

- Shared Responsibility Model

II. Challenge

- Security Misconfiguration

- Hacked Cloud Account

III. Solution

- Cloud Access Security Broker

- Management & Alert

IV. Conclusion

Copyright © 2017 Samsung SDS All rights reserved | Confidential 21 23

Ⅳ. Conclusion

Security ConvenienceConvenience

SecurityThreat

Copyright © 2017 Samsung SDS Co., Ltd. All rights reserved

삼성SDS 천준호 수석보

Junho.choun@Samsung.com

+82-2-6440-6256