the magnificent 7: best practices for cloud security
TRANSCRIPT
THE MAGNIFICENT SEVEN: BEST PRACTICES FOR CLOUD SECURITY
James Brown, Director Cloud Computing & Solution Architecture
Before We Begin
Housekeeping Speaker
• Turn on your system’s sound to
hear the streaming presentation
• Questions? Submit them to the
presenter at anytime into the
question box
• The presentation slides will be
available to download from the
attachment tab after the webinar
• The webinar will be recorded
and published on BrightTalk
• Technical Problems? Click
“Help”
• James Brown
• Director of Cloud Computing &
Security Architecture, Alert Logic
Providing fully managed and monitored security and compliance for
cloud, hybrid, and on-premises infrastructure, with the benefits of deep
insight, continuous protection, and lower costs
Continuous Protection
Lower Total Costs
Deep Security Insight
Leading Provider of Security & Compliance Solutions for the Cloud
Leading Provider of Security & Compliance for the Cloud
#1 for Cloud Platforms
#1 in Security-as-a-Service
#1 for Managed Cloud & Hosting Providers
Over 3,000
customers
worldwide
Sensitive Data is the Heart of Your Business
“Most organizations
(almost 80%) will suffer
at least one successful
attack that will cause
some serious harm...”
Worldwide Security and
Vulnerability Management
2014–2018 Forecast
Innovation
Competitive
Advantage
Shareholder
Value
Increasing
Sales
The IT and Threat Landscape has Changed
D A T A C E N T E R S
The Hybrid Data Center
• Cloud/mobile First approach
by many companies
• Public cloud and Hybrid IT
environments mainstream
The Virtual Data Center
• Virtualization becomes
mainstream
• Public clouds launch
• Mobile devices proliferate
The Physical Data Center
• X86 server pre-dominant
• Primarily on-premises
• Hosting providers emerge
• Cloud options being
developed
T H R E A T S A N D A T T A C K S
Next Generation Threats
• Advanced attacks
• Multi-vector approach
• Social engineering
• Targeted recon
• Long duration compromises
Catalyst for Change
• Proliferation of malware
• Organized hacking groups
• Access to information
• Financial gain motivation
The Early Days of Threats
• Basic malware
• Spray and pray
• Smash-n-grab
• Solo hackers
• Mischief motivation
EARLY 2000’s MID 2000’s 2015 & BEYOND
Today’s Attacks are Becoming More Complex
• Attacks are multi-stage using multiple threat vectors
• Takes organizations months to identify they have been compromised
• 205 days on average before detection of compromise1
• Over two-thirds of organizations find out from a 3rd party they have been compromised2
1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast
2 – M-Trends 2015: A View from the Front Lines
Initial
Attack
Identify &
Recon
Comman
d &
Control
Discover &
Spread
Extract &
Exfiltrate
The Impact
• Financial loss
• Harm brand
and reputation
• Scrutiny from
regulators
Attacks Happen at Multiple Layers of the Application Stack
THE IMPACT
• Every layer of the
application stack is under
attack
• Attacks are multi-stage
using multiple threat
vectors
• Web applications are #1
vector in the cloud
• Security must be cloud-
native, cover every layer of
application stack, and
identify attacks at every
stage.
SQL Injection
Identify &
Recon
Command
& Control
Worm
Outbreak
Extract &
Exfiltrate
Malware
Brute
Force
Identify &
Recon
7 PRACTICAL BEST
PRACTICES
Seven Best Practices for Cloud Security
1. Secure your Application
2. Create access management policies
3. Adopt a patch management approach
4. Review logs regularly
5. Build a security toolkit
6. Stay informed of the latest vulnerabilities
7. Understand your cloud service provider security model
1. Secure Your Application
• Test inputs that are open to the Internet
• Add security into the DevOps pipeline
• Use encryption when you can
• Test libraries
• Scan plugins
• Scan your code after every update
• Limit privileges
• Stay informed
2. Create Access Management Policies
• Start with a least privilege access model
• Define roles and responsibilities
• Simplify access controls (KISS)
• Continually audit access
3. Adopt a Patch Management Approach
• Inventory all production systems
• Devise a plan for standardization, if possible
• Compare reported vulnerabilities to production infrastructure
• Classify the risk based on vulnerability and likelihood
• Test patches before you release into production
• Setup a regular patching schedule
4. Importance of Log Management and Review
• Monitoring for malicious activity
• Forensic investigations
• Compliance needs
• System performance
• All sources of log data is collected
• Data types (Windows, Syslog)
• Review process
• Live monitoring
• Correlation logic
5. Build a Security Toolkit
• Recommended Security Solutions
• Antivirus
• IP tables
• Intrusion Detection System
• Malware Detection
• Web Application Firewalls
• Anomaly behavior via netflow
• Future Deep Packet Forensics
6. Stay Informed of the Latest Vulnerabilities
• Websites to follow
• alertlogic.com/weekly-threat-report/
• securityfocus.com
• exploit-db.com
• seclists.org/fulldisclosure/
• securitybloggersnetwork.com/
7. Understand Your Cloud Service Providers Security Model
• Review of Service Provider Responsibilities
• Questions to use when evaluating cloud service providers
7. Service Provider & Customer Responsibility Summary
Alert Logic Cloud Defender: Cloud Security Suite
Lower Total Cost
Continuous Protection
Deep Security Insight
ALERT LOGIC
CLOUD
DEFENDER
How Cloud Defender Works
Continuous
protection
from
threats and
exposures
Big Data
Analytics
Platform
Threat
Intelligence
& Security
Content
Alert Logic
ActiveAnalytics
Alert Logic
ActiveIntelligence
Alert Logic
ActiveWatch
24 x 7
Monitoring
&
Escalation
Data
Collection
Customer IT
Environment Cloud, Hybrid
On-Premises
Web Application
Events
Network Events &
Vulnerability
Scanning
Log Data Alert Logic Web Security Manager
Alert Logic Threat Manager
Alert Logic Log Manager
Alert Logic
ActiveAnalytics Alert Logic
ActiveIntelligence
Alert Logic
ActiveWatch
Threat Research
Customer
ACTIVEWATCH
INCIDENTS
Honey Pot Network
Flow based Forensic Analysis
Malware Forensic Sandboxing
Intelligence Harvesting Grid
Alert Logic Threat Manager Data
Alert Logic Log Manager Data
Alert Logic Web Security Manager Data
Alert Logic ScanWatch Data
Asset Model Data
Customer Business Data
Security Content
Applied Analytics
Threat Intelligence
Research
INPUTS
Data Sources
Threat Research – Honeypots
Honeypot Research Benefits
Collect new and
emerging malware
Identify the
source of the
attacks
Determine
attack vectors
Build a profile of
the target
industry
Native Cloud Security
Certified on all major cloud platforms
Consistent security and compliance
• Same solution across all
clouds
• Single pane of glass
• Security content designed
to protect cloud applications
Built for the Cloud
• Automated deployment
• Scales with your cloud
infrastructure
• Usage based billing
Questions and Resources
Resources
All available under the
“Attachments” tab of the webinar:
• Vulnerability Response Best
Practices Whitepaper
• Weekly Threat Newsletter
• Weekly update of breaches and
vulnerabilities
• Alert Logic Blog
• Zero Day Magazine
• New Magazine with the latest on
IT Security trends
Questions
• Questions? Submit them to the
presenter at anytime into the
question box
Get Connected
www.alertlogic.com
James Brown, Director of
Cloud Computing & Security
Architecture, Alert Logic
@OtherJamesBrown
@alertlogic
linkedin.com/company/alert-logic
alertlogic.com/resources/blog/
youtube.com/user/AlertLogicTV
brighttalk.com/channel/11587
Thank you.