nimbo/alert logic - azure in the cloud

Alert Logic – Azure Cloud Security

Johnathan NormanCloud Solutions Architect

jnorman@alertlogic.com

Agenda

• Key Findings: Cloud Security Report, Spring 2014- Alert Logic Customer Data- Honeypot Research

• Common Azure Security & Compliance Issues• Alert Logic for Azure

- Log Manager

- Threat Manager

- Web Security Manager

Cloud Adoption is Gaining Momentum

• Major Public cloud vendors predicted to eclipse $10B in revenue by 2015

• Oracle Cloud bookings increased by 35% in 2013

• Gartner predicts 60% of banking institutions to migrate to the cloud

• Healthcare is expected to adopt cloud computing at a 21% year over year rate through 2017

• VDI (Desktop as a Service) market reached $13.4 billion in 2013

Over 2,800 Organizations Worldwide Trust Alert Logic

Millions of devices secured

3.7 Petabytesof log data under

management

8.5 Millionsecurity events

correlated per day

40,000incidents identified

and reviewedper month

Threats in the Cloud are Increasing With Adoption

• Increase in attack frequency

• Traditional on-premises threats are now moving to the

cloud

• Majority of cloud incidents were related to web

application attacks, brute force attacks, and

vulnerability scans

• Brute force attacks and vulnerability scans are now

occurring at near-equivalent rates

in both cloud and on-premises

environments

• Malware/Botnet is increasing year

over year

Global Honeypot Network

Why Honeypots?

•Honeypots give us a unique data set

•Simulates vulnerable systems without the risk of real data loss

•Gives the ability to collect intelligence from malicious attackers

•Allows for collection of variousdifferent attacks based on system

•Helps identify what industry specific targets are out there

Honeypot Findings

https://www.alertlogic.com/wp-content/uploads/2014/08/alertlogic-HoneypotFindings2014-infographic.pdf

Common Azure Compliance & Security Issues

Secure your code

Know your scope

Instance Isolation

Shared Responsibility

Storage Key Management

1234567

1- Secure Your Code – Implement SDL

1- Secure Your Code – Sharing is bad…

2- Know Your Scope

Web Traffic

Web Role

Web Role

Azure Website

Azure Website

Azure Storage

Azure Storage

Traffic Manager

2 – Know your scope

3 – Instance Isolation

worker rolesweb rolesservice endpoint

service endpoint

Virtual NetworkVirtual Network

Web Traffic

4 - Storage Key Management

storage blob

Azure Mobile Services

1. Upload()

2. Path = http://blah.storage.azure.com/public/xyz/foo.jpg

3. UploadToPath(Path);

4 - Storage Key Management

storage blob

Azure Mobile Services

1. Upload()

2.) Return SAS (write/expires 5 min) and Path

3.) Authenticate & Upload

5 - Security in the Cloud is a Shared Responsibility

CustomerResponsibili

ty

FoundationServices

Hosts

• Logical network segmentation• Perimeter security services• External DDoS, spoofing, and scanning

prevented

• Hardened hypervisor• System image library• Root access for customer

• Access management• Patch management• Configuration hardening• Security monitoring• Log analysis

Apps

• Secure coding and best practices

• Software and virtual patching• Configuration management

• Access management• Application level attack

monitoring

• Network threat detection

• Security monitoringNetworks

CloudService Provider

Responsibility

Compute

Storage

DB Network

http://azure.microsoft.com/en-us/support/trust-center/compliance/

Alert Logic –Security Solutions

Security and Compliance is Challenging

Skilled security resources are in high demand and

hard to find

Moving to cloud and hybrid IT environments brings

different threats and complexities

Maintaining continuous security and compliance

is expensive

Applications

Systems

Networks

Building a Security and Compliance Solution

IDS

Vulnerability Scanning

Web Application Firewall

Log ManagementThreat

IntelligenceFeeds

SIEM

Staff capable of:

•Provisioning

•Monitoring

•Configuration and tuning

•Researching incidents, emerging threats, and defining remediation steps

Big Data Analytics

ProductsAutomated Correlation

and AnalyticsPeople & Process

Alert Logic Solutions

Alert LogicThreat Manager™

Alert LogicWeb Security Manager™

Alert LogicLog Manager™

Alert Logic Unified Web User Interface

Intrusion Detection & Vulnerability Scanning

Log Management & Compliance Reporting

Active Protection for Web Applications

Thank you.