JOURNEY TO THE CLOUD: SECURING YOUR AWS WEB APPLICATIONS
James Brown, Director of Cloud Computing & Solution Architecture
Before We Begin
Housekeeping Speaker
• Turn on your system’s sound to
hear the streaming presentation
• Questions? Submit them to the
presenter at anytime into the
question box
• The presentation slides will be
available to download from the
attachment tab after the webinar
• The webinar will be recorded
and published on BrightTalk
• Technical Problems? Click
“Help”
• James Brown
• Director of Cloud Computing &
Security Architecture, Alert Logic
Providing fully managed and monitored security and compliance for
cloud, hybrid, and on-premises infrastructure, with the benefits of deep
insight, continuous protection, and lower costs
Continuous Protection
Lower Total Costs
Deep Security Insight
Leading Provider of Security & Compliance Solutions for the Cloud
Leading Provider of Security & Compliance for the Cloud
#1 for Cloud Platforms
#1 in Security-as-a-Service
#1 for Managed Cloud & Hosting Providers
Over 3,000
customers
worldwide
The IT and Threat Landscape has Changed
D A T A C E N T E R S
The Hybrid Data Center
• Cloud/mobile First approach
by many companies
• Public cloud and Hybrid IT
environments mainstream
The Virtual Data Center
• Virtualization becomes
mainstream
• Public clouds launch
• Mobile devices proliferate
The Physical Data Center
• X86 server pre-dominant
• Primarily on-premises
• Hosting providers emerge
• Cloud options being
developed
T H R E A T S A N D A T T A C K S
Next Generation Threats
• Advanced attacks
• Multi-vector approach
• Social engineering
• Targeted recon
• Long duration compromises
Catalyst for Change
• Proliferation of malware
• Organized hacking groups
• Access to information
• Financial gain motivation
The Early Days of Threats
• Basic malware
• Spray and pray
• Smash-n-grab
• Solo hackers
• Mischief motivation
EARLY 2000’s MID 2000’s 2015 & BEYOND
Today’s Attacks are Becoming More Complex
• Attacks are multi-stage using multiple threat vectors
• Takes organizations months to identify they have been compromised
• 205 days on average before detection of compromise1
• Over two-thirds of organizations find out from a 3rd party they have been compromised2
1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast
2 – M-Trends 2015: A View from the Front Lines
Initial
Attack
Identify &
Recon
Command
& Control
Discover &
Spread
Extract &
Exfiltrate
The Impact
• Financial loss
• Harm brand
and reputation
• Scrutiny from
regulators
Attacks Happen at Multiple Layers of the Application Stack
THE IMPACT
• Every layer of the
application stack is under
attack
• Attacks are multi-stage
using multiple threat
vectors
• Web applications are #1
vector in the cloud
• Security must be cloud-
native, cover every layer of
application stack, and
identify attacks at every
stage.
SQL Injection
Identify &
Recon
Command
& Control
Worm
Outbreak
Extract &
Exfiltrate
Malware
Brute
Force
Identify &
Recon
Understanding the Shared Responsibility Model
Public Cloud providers do an amazing job of securing the areas that they are responsible for
You have to be very aware of what you are responsible for
Different Attack types in the Cloud
Web App Attack Malware/Botnet
Brute Force Brute Force
Vulnerability Scan Vulnerability Scan
#1
#2
#3
“We are asked this question a lot: 'What keeps you up at night?' What keeps us up at night in AWS security is the customer not configuring their applications correctly to keep themselves secure”
AWS Head of Global Security Programs, Bill Murray
Protection Strategies for Websites
Before it hits production…
1. Secure your code
2. Secure your cloud provider accounts
3. Agree a security baseline
4. Integrate security into DevOps
5. Understand the shared security model
6. Scan for vulnerabilities
Once it is in production…
7. Continuous monitoring of network and logs
OWASP Top 10
• OWASP is an open community dedicated to enabling organisations
to conceive, develop, acquire, operate, and maintain applications
that can be trusted.
• All of the OWASP tools, documents, forums, and chapters are free
and open to anyone interested in improving application security.
• We advocate approaching application security as a people,
process, and technology problem because the most effective
approaches to application security include improvements in all of
these areas
https://www.owasp.org
“AWS is great for physical security and network security, but when you are building an application, you have to own that security yourself - Amazon does not know what you are building”
Colin Bodell, EVP & CTO Time Inc
How Can We Protect Ourselves Against Attack?
Traditionally we have evaluated security in terms of risk, and
security policies and practices are put in place to minimize this risk
This does not take into account actual threats that exist, that can be
mitigated right now.
We need to move to continuous monitoring - The answer is
people, process and software
OWASP – “We advocate approaching application security as a
people, process, and technology problem because the most
effective approaches to application security include improvements in
all of these areas”
Threat Research
Customer
ACTIVEWATCH
INCIDENTS
Honey Pot Network
Flow based Forensic Analysis
Malware Forensic Sandboxing
Intelligence Harvesting Grid
Alert Logic Threat Manager Data
Alert Logic Log Manager Data
Alert Logic Web Security Manager Data
Alert Logic ScanWatch Data
Asset Model Data
Customer Business Data
Security Content
Applied Analytics
Threat Intelligence
Research
INPUTS
Data Sources
Threat Research – Honeypots
Honeypot Research Benefits
Collect new and
emerging malware
Identify the
source of the
attacks
Determine
attack vectors
Build a profile of
the target
industry
How Cloud Defender Works
Continuous
protection
from
threats and
exposures
Big Data
Analytics
Platform
Threat
Intelligence
& Security
Content
Alert Logic
ActiveAnalytics
Alert Logic
ActiveIntelligence
Alert Logic
ActiveWatch
24 x 7
Monitoring
&
Escalation
Data
Collection
Customer IT
Environment Cloud, Hybrid
On-Premises
Web Application
Events
Network Events &
Vulnerability
Scanning
Log Data Alert Logic Web Security Manager
Alert Logic Threat Manager
Alert Logic Log Manager
Alert Logic
ActiveAnalytics Alert Logic
ActiveIntelligence
Alert Logic
ActiveWatch
Questions and Resources
Resources
All available under the
“Attachments” tab of the webinar:
• It’s Not You, It’s Me:
Understanding the Shared
Responsibility of Cloud
Security
• Includes 7 Best Practices for
Cloud Security
• The Anatomy of a Web Attack
Infographic
• Alert Logic Blog
• DevOps - Top 10 tips for Security
Professionals Blog
Questions
• Questions? Submit them to the
presenter at anytime into the
question box
Get Connected
www.alertlogic.com
@alertlogic
linkedin.com/company/alert-logic
alertlogic.com/resources/blog/
youtube.com/user/AlertLogicTV
brighttalk.com/channel/11587