9 Insufficient Due Diligence 10 Abuse & Nefarious Use of Cloud Services

1 Data Breach 1 Data Breach

3 Insecure APIs 4 System and Application Vulnerabilities

5 Account Hijacking 6 Malicious Insiders

7 Advanced Persistent Threats 8 Data Loss

11 Denial of Service 12

Can a CASB Protect You fromthe 2016 Treacherous 12?

Cloud services bring significant riskThe Cloud Security Alliance (CSA) released a report titled, “The Treacherous 12: Cloud Computing Top Threats in 2016.” They conclude that:

■ Along with efficient business- supporting technology, cloud services bring significant risk.

■ It is critical that businesses take security policies, processes, and best practices into account.

CASBs can helpAutomation is where Cloud Access Security Brokers (CASBs) come in.

CASBs can help you automate these areas of functionality for cloud services: ■ Visibility■ Compliance■ Data security■ Threat protection

CASBs can protect you from 9 of the Treacherous 12!

2015AnthemBreach

Could a CASB have helped?

Q&A Yes! A CASB can help detect data breaches by monitoring privileged users, encryption policies, and sensitive data movement.

FACT 3FACT 2FACT 1

>80M stolen customer credentials

Attackers hijacked accounts and mined virtual currency

Cloud service provider credentials were hard coded in a GitHub project

2

DEFINITION Data breaches and enabling of attacks can occur because of a lack of scalable identity and access management systems, failure to use multi-factor authentication, weak password use, and more.

Could a CASB have helped?

Q&A Yes! A CASB can monitor and detect weak password expiration policies, user or service account access patterns, and non-compliant cryptographic keys.

Weak ID, Credential, and Access Mgmt.

Within 36 hours cloud service provider credentials were discovered and misused

>300,000 records exposed

Mid-2015 IRS Breach

DEFINITION The security and availability of cloud services depends on the security of the APIs that cloud computing providers make available for 3rd party vendors.

Could a CASB have helped?

Q&A Yes! A CASB can monitor API usage in clouds and detect unusual activities originating from API calls. A CASB can also support risk scoring of external APIs and applications based on the activity.

67.7% of all websites were impacted

Heartbleed and Shellshock proved open source apps were vulnerable to threats

DEFINITION Exploitable bugs in programs that attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system, or disrupting service operations.

Could a CASB have helped?

Q&A Yes! A CASB can help with security-hardened baseline configurations, continuous monitoring, and alerts if there is a change to the desired configurations and change in the application access patterns.

Most affected systems were running Linux1 vulnerable API...

FBI estimates organizations lose

$25K to $75K per attack

Targeted “CEO Fraud” phishing scams cost $2.3B over 3 years

DEFINITION Methods include phishing, fraud, and exploitation of software vulnerabilities. Attackers can eavesdrop on activities and transactions, then manipulate data, return falsified info, and redirect to illegitimate sites.

Could a CASB have helped?

Q&A Yes! A CASB can monitor users, privileged users, service accounts, and API keys. CASBs use machine learning techniques and behavioral analytics to detect account hijacking threats.

The perpetrator was believed to be a former employee, the new

Lyft CTO; the DOJ disagreed; a lawsuit ensued

Uber reported main database was improperly accessed

DEFINITION A current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access.

Could a CASB have helped?

Q&A Yes! A CASB can monitor for overly privileged user accounts, plus user profiles, roles, and privileges for drifts from compliant baselines. Also can detect malicious user activity using user behavior analytics (UEBA).

50K names and numbers were downloaded

The result? They got ~$8M per bank and a total of ~$1B

Carbanak was an APT attack against global financial institutions

DEFINITION A parasitical form of cyberattack that infiltrates systems to establish a foothold in the computing infrastructure from which they smuggle data and intellectual property.

Could a CASB have helped?

Q&A Yes! A CASB can help detect anomalies in inbound and outbound data (data exfiltration), which helps to discover when a network has been the target of an APT attack.

Company assets were destroyed; there was no

disaster recovery plan; they went out of business

Code Spaces used a cloud infrastructure provider

DEFINITION Data is completely lost due to malicious attacks, accidental deletion by the cloud service provider, or a physical catastrophe such as a fire or earthquake.

Could a CASB have helped?

Q&A Not in this case. Providers should take measures to back up data following best practices in business continuity and disaster recovery. Consumers should review data loss provisions.

The administration console was compromised; it was not protected with multi-factor authentication

The Carbanak gang targeted banks’ internal systems and operations

DEFINITION Rushing to adopt cloud technologies and choosing cloud service providers without performing due diligence, thus exposing a myriad of commercial, financial, technical, legal, and compliance risks.

Could a CASB have helped?

Q&A Not in this case. Executives need to develop a good roadmap and checklist for due diligence when evaluating technologies and cloud service providers.

The CloudFlare brand suffered, and user accounts were

compromised

A phishing attack claimed to be from LogMeIn

DEFINITION Poorly secured cloud service deployments, free cloud service trials, and fraudulent account sign-ups via payment instrument fraud expose cloud computing models such as IaaS, PaaS, and SaaS to malicious attacks.

Could a CASB have helped?

Q&A Yes! A CASB can help monitor workloads in IaaS and access patterns in SaaS services to detect abnormal launch and termination of compute instances, and to detect abnormal user access patterns.

The spoofed email looked legitimate by leveraging a CloudFlare free trial

DEFINITION DOS attacks are meant to prevent users of a service from being able to access their data or their applications.

Could a CASB have helped?

Q&A Not in this case. Cloud providers are the ones who should take precautions to mitigate DoS attacks.

Vulnerability opened millions of virtual machines to attack

VENOM vulnerability found

DEFINITION Cloud service providers deliver scalable services by sharing infrastructure, platforms, or applications. One vulnerability or misconfiguration can lead to a compromise across IaaS, PaaS, and SaaS.

Could a CASB have helped?

Q&A Yes! A CASB can help with monitoring of compute, storage, network, application, user security enforcement, and configurations, whether the service model is IaaS, PaaS, or SaaS.

3 major cloud-based services were all knocked offline within a matter of days

Automation is the keyGartner predicts that through 2020, 95 percent of cloud security failures will be the customer’s fault1.

We believe that means it is no longer sufficient to simply know how to make decisions about risk mitigation in the cloud.

Manual processes will cause cloud security failures. Automation is the key. 1. “Gartner Press Release, “Gartner Reveals Top Predictions for IT Organizations and Users for 2016 and Beyond,” October 6, 2015, http://www.gartner.com/newsroom/id/3143718.

Allows an attacker to compromise any virtualized platform

Shared Technology Issues

3945 Freedom Circle Ste 560 Santa Clara CA 95054 /// 650 300 5222 /// info@palerra.com /// palerra.com

Emails that appear to be from the CEO trick recipients into wiring funds to the fraudster

A 3rd party cloud service was used to transfer the huge data

store from the company’s network to the public cloud

DEFINITION An incident in which sensitive, protected, or confidential information is released, viewed, stolen, or used by an individual who is not authorized to do so.

A criminal gang co-ordinated a series of cyber attacks

“Cyber risk should be considered right along with financial and legal due diligence considerations.” – Jason Weinstein, former Deputy Assist. Attorney General, U.S. DOJ

Want more?For more information on this topic, check out our white paper, “Can a CASB Protect You from the Treacherous 12?”