security teams & tech in a cloud world
Post on 13-Apr-2017
244 Views
Preview:
TRANSCRIPT
Security Teams & Tech In A Cloud WorldMark Nunnikhoven, Vice President Cloud Research @marknca
Audience: Public
Security “Facts”
Security “Facts”* About your organization or one just like it
We will respond quickly to an incident
Attackers are on a network an average of 154 days
We need more tools
Canadian companies spend just under 10% on IT security
Canadian companies spend just under 10% on IT security* 60% of companies didn’t mention people or process as an area of focus
Users are a major problem
Security is considered the opposite of usability
Security is everyone’s responsibility
You have one, isolated security team
You have one, isolated security team* …and a wildly unsuccessful “awareness” program
Modern Security
© Trend Micro, 201615
Automated Response
Web UIWeb UIWeb UIVM
© Trend Micro, 201615
Automated Response
Web UIWeb UIWeb UIVM
SIEM / Log Store
© Trend Micro, 201615
Automated Response
Web UIWeb UIWeb UIVM
SIEM / Log StoreMonitoring
© Trend Micro, 201615
Automated Response
Web UIWeb UIWeb UIVM
SIEM / Log StoreMonitoring
Event-driven Function
© Trend Micro, 201615
Automated Response
Web UIWeb UIWeb UIVM
SIEM / Log StoreMonitoring
CSP API Event-driven Function
© Trend Micro, 201615
Automated Response
Web UIWeb UIWeb UIVM
SIEM / Log StoreRestrict Access Monitoring
CSP API Event-driven Function
© Trend Micro, 201615
Automated Response
Web UIWeb UIWeb UIVM
SIEM / Log StoreRestrict Access Monitoring
Web UI
CSP API Event-driven Function
2014
What’s the hold up?
Running in the Cloud
IaaS(Infrastructure)
PaaS(Container)
SaaS(Abstract)
Data
Application
Operating System
Virtualization
Infrastructure
Physical
Data
Application
Operating System
Virtualization
Infrastructure
Physical
Data
Application
Operating System
Virtualization
Infrastructure
Physical
Shared Responsibility Model
Setup
• Lock down operating system, applications, and dataHarden system according to NIST / best practices Encrypt everything
• Enable service health monitoring featuresCheck your CSP’s documentation
• Monitor service API activitiesLook for unauthorized; replication, start up, termination, etc.
Steps:
IaaS
Setup
• Read all the documentationSeriously, RTFM
• Implement strong code quality systemsAutomation is critical to success
• Configure access control and other security featuresCheck your CSP’s documentation
Steps:
PaaS
Setup
• Read all the documentationSeriously, RTFM
• Configure access control and other security featuresCheck your CSP’s documentation
Steps:
SaaS
Setup
• Evaluate controls against acceptable level of risk for data used in serviceI shouldn’t have to say this
• Monitor all service provider status updates and communications channelsRemember to include them in your IR plans
Steps:
Any Cloud Service
IaaS(Infrastructure)
PaaS(Container)
SaaS(Abstract)
Data
Application
Operating System
Virtualization
Infrastructure
Physical
Data
Application
Operating System
Virtualization
Infrastructure
Physical
Data
Application
Operating System
Virtualization
Infrastructure
Physical
Shared Responsibility Model
Opportunity
© Trend Micro, 201627
PhysicalWeeks
VirtualDays
CloudMinutes
ContainerSeconds
FunctionImmediate
{ Time to deploy }
{ Environment }
© Trend Micro, 201628
PhysicalWeeks
VirtualDays
CloudMinutes
ContainerSeconds
FunctionImmediate
{ Time to deploy }
{ Environment }
© Trend Micro, 201629
Move faster Focus on value
Goal
© Trend Micro, 201630
Deploy using the method that delivers the most value
Goal
© Trend Micro, 201631
Every tool adds overhead
Constraint
© Trend Micro, 201632
Automation allows for the speed, scale, and consistency required
Relief
© Trend Micro, 201633
Deploy using the method that delivers the most value
Goal
© Trend Micro, 201634
…with minimal operational impact
Deploy using the method that delivers the most value
Goal
DevOps
Flickr deploys 10+/day
Success
Etsy deploys 50+/day
Flickr deploys 10+/day
Success
Etsy deploys 50+/day
Amazon deploys 11.7 seconds
Flickr deploys 10+/day
Success
Etsy deploys 50+/day
Amazon deploys 11.7 seconds
Adobe +60% app development
Flickr deploys 10+/day
Success
Etsy deploys 50+/day
Amazon deploys 11.7 seconds
Adobe +60% app development
Fidelity $2.3M saved for one app
Flickr deploys 10+/day
Success
Where’s security?
…can have a much stronger security posture in AWS and the cloud than they can on-premises
Andy Jassy, AWS CEO
* From an interview with the Wall Street Journal, http://www.wsj.com/articles/amazons-andy-jassy-on-the-promise-of-the-cloud-1477880220
Security is everyone’s responsibility
Security Everyone
Team Challenges
New Skills Needed
• Basic understanding of development practices & ability to write simple code Everything in the cloud is an API. Security MUST BE automated
• Puts the user f irst We make the tech that they “can’t use right” … not their fault
• Perspective & understanding of practical securityNo more “the sky is falling”
• EducatorsWritten, video, presentations, Slack,…anywhere teams are working
Steps:
Security Specialist
Your Org Chart Is Wrong
Typical Org Chart
CISO Dev
GRC Ops
Infrastructure
CIO
Ops
Updated Org Chart
CISO Dev
GRC Ops
Infrastructure
CIO
Ops
Updated Org Chart
CISO Dev
GRC
OpsInfrastructure
CIO
Ops
Updated Org Chart
CISO Dev
GRC
OpsInfrastructure
CIO
Ops
GrC
@petermePeter Merholz Kristin Skinner
@bettay
Specialist Distribution
Specialist Distribution
Specialist Distribution
Specialist Distribution
Specialist Distribution
Specialist Distribution
Specialist Distribution
Coffee Shadowing Teaching
Bridges
Goal
Fabric
1 min
1 min
Slow lane
1 min
Slow lane
Fast lane
1 min
Slow lane
Fast lane
1 min
1 min
1 min
Is this bad?
1 min
Is this bad?
1 min
Is this bad?
Is this malicious?and
1 min
Is this bad?
Is this malicious?and
1 min
Is this bad?
Is this malicious?and
1 min
Is this bad?
1 min
Aggregate information
Is this bad?
1 min
Aggregate information
Is this bad?
1m, h, d, w, m Trends
1 min
Aggregate information1m, h, d, w, m Trends
1 min
Aggregate information1m, h, d, w, m Trends
Evidence of compliance
1 min
Aggregate information1m, h, d, w, m Trends
Evidence of complianceConfiguration Processes
1 min
Aggregate information1m, h, d, w, m Trends
Evidence of complianceConfiguration Processes
Deployment data
1 min
Aggregate information1m, h, d, w, m Trends
Evidence of complianceConfiguration Processes
Deployment dataPerformance Debug
1 min
1 min
SecOps
1 minAggregate Evidence Deployments
SecOps
Get stuff done
© Trend Micro, 201660
Thank you!mark_nunnikhoven@trendmicro.com | @marknca
top related