journey to the cloud: securing your aws applications - april 2015

Click here to load reader

Post on 25-Jul-2015

87 views

Category:

Technology

2 download

Embed Size (px)

TRANSCRIPT

1. JOURNEY TO THE CLOUD: SECURING YOUR AWS WEB APPLICATIONS James Brown, Director of Cloud Computing & Solution Architecture 2. Before We Begin Housekeeping Speaker Turn on your systems sound to hear the streaming presentation Questions? Submit them to the presenter at anytime into the question box The presentation slides will be available to download from the attachment tab after the webinar The webinar will be recorded and published on BrightTalk Technical Problems? Click Help James Brown Director of Cloud Computing & Security Architecture, Alert Logic 3. Providing fully managed and monitored security and compliance for cloud, hybrid, and on-premises infrastructure, with the benefits of deep insight, continuous protection, and lower costs Continuous Protection Lower Total Costs Deep Security Insight Leading Provider of Security & Compliance Solutions for the Cloud 4. Leading Provider of Security & Compliance for the Cloud #1 for Cloud Platforms #1 in Security-as-a-Service #1 for Managed Cloud & Hosting Providers Over 3,000 customers worldwide 5. The IT and Threat Landscape has Changed D A T A C E N T E R S The Hybrid Data Center Cloud/mobile First approach by many companies Public cloud and Hybrid IT environments mainstream The Virtual Data Center Virtualization becomes mainstream Public clouds launch Mobile devices proliferate The Physical Data Center X86 server pre-dominant Primarily on-premises Hosting providers emerge Cloud options being developed T H R E A T S A N D A T T A C K S Next Generation Threats Advanced attacks Multi-vector approach Social engineering Targeted recon Long duration compromises Catalyst for Change Proliferation of malware Organized hacking groups Access to information Financial gain motivation The Early Days of Threats Basic malware Spray and pray Smash-n-grab Solo hackers Mischief motivation EARLY 2000s MID 2000s 2015 & BEYOND 6. Todays Attacks are Becoming More Complex Attacks are multi-stage using multiple threat vectors Takes organizations months to identify they have been compromised 205 days on average before detection of compromise1 Over two-thirds of organizations find out from a 3rd party they have been compromised2 1 IDC Worldwide Security and Vulnerability Management 20142018 Forecast 2 M-Trends 2015: A View from the Front Lines Initial Attack Identify & Recon Command & Control Discover & Spread Extract & Exfiltrate The Impact Financial loss Harm brand and reputation Scrutiny from regulators 7. Attacks Happen at Multiple Layers of the Application Stack THE IMPACT Every layer of the application stack is under attack Attacks are multi-stage using multiple threat vectors Web applications are #1 vector in the cloud Security must be cloud- native, cover every layer of application stack, and identify attacks at every stage. SQL Injection Identify & Recon Command & Control Worm Outbreak Extract & Exfiltrate Malware Brute Force Identify & Recon 8. Understanding the Shared Responsibility Model Public Cloud providers do an amazing job of securing the areas that they are responsible for You have to be very aware of what you are responsible for 9. Security in the Cloud is a Shared Responsibility 10. Security in the Cloud is a Shared Responsibility 11. Different Attack types in the Cloud Web App Attack Malware/Botnet Brute Force Brute Force Vulnerability Scan Vulnerability Scan #1 #2 #3 12. We are asked this question a lot: 'What keeps you up at night?' What keeps us up at night in AWS security is the customer not configuring their applications correctly to keep themselves secure AWS Head of Global Security Programs, Bill Murray 13. HOW DO YOU PROTECT AGAINST WEB APPLICATION ATTACKS 14. Protection Strategies for Websites Before it hits production 1. Secure your code 2. Secure your cloud provider accounts 3. Agree a security baseline 4. Integrate security into DevOps 5. Understand the shared security model 6. Scan for vulnerabilities Once it is in production 7. Continuous monitoring of network and logs 15. OWASP Top 10 OWASP is an open community dedicated to enabling organisations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas https://www.owasp.org 16. OWASP - Open Web Application Security Project https://www.owasp.org 17. Injection Attacks - SQLMap 18. CONTINUOUS MONITORING 19. AWS is great for physical security and network security, but when you are building an application, you have to own that security yourself - Amazon does not know what you are building Colin Bodell, EVP & CTO Time Inc 20. How Can We Protect Ourselves Against Attack? Traditionally we have evaluated security in terms of risk, and security policies and practices are put in place to minimize this risk This does not take into account actual threats that exist, that can be mitigated right now. We need to move to continuous monitoring - The answer is people, process and software OWASP We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas 21. Threat Research Customer ACTIVEWATCH INCIDENTS Honey Pot Network Flow based Forensic Analysis Malware Forensic Sandboxing Intelligence Harvesting Grid Alert Logic Threat Manager Data Alert Logic Log Manager Data Alert Logic Web Security Manager Data Alert Logic ScanWatch Data Asset Model Data Customer Business Data Security Content Applied Analytics Threat Intelligence Research INPUTS Data Sources 22. Threat Research Honeypots Honeypot Research Benefits Collect new and emerging malware Identify the source of the attacks Determine attack vectors Build a profile of the target industry 23. Threat Research The Dark Web 24. How Cloud Defender Works Continuous protection from threats and exposures Big Data Analytics Platform Threat Intelligence & Security Content Alert Logic ActiveAnalytics Alert Logic ActiveIntelligence Alert Logic ActiveWatch 24 x 7 Monitoring & Escalation Data Collection Customer IT Environment Cloud, Hybrid On-Premises Web Application Events Network Events & Vulnerability Scanning Log Data Alert Logic Web Security Manager Alert Logic Threat Manager Alert Logic Log Manager Alert Logic ActiveAnalytics Alert Logic ActiveIntelligence Alert Logic ActiveWatch 25. Questions and Resources Resources All available under the Attachments tab of the webinar: Its Not You, Its Me: Understanding the Shared Responsibility of Cloud Security Includes 7 Best Practices for Cloud Security The Anatomy of a Web Attack Infographic Alert Logic Blog DevOps - Top 10 tips for Security Professionals Blog Questions Questions? Submit them to the presenter at anytime into the question box 26. Get Connected www.alertlogic.com @alertlogic linkedin.com/company/alert-logic alertlogic.com/resources/blog/ youtube.com/user/AlertLogicTV brighttalk.com/channel/11587 27. Thank you.

View more