CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS Richard Cassidy: Security Evangelist & Global Technical Product Marketing
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS
Richard Cassidy: Security Evangelist & Global Technical Product Marketing
Standardizing cloud security
Housing Metaphor
Cloud Application
Element
House Neighborhood City
Virtual Server or Virtual Machine, (i.e. Instance in AWS)
A collection of Virtual Servers or Instances that are used for a specific purpose such as running an application
A dynamic, robust and secure cloud platform from Amazon Web Services
The number of
neighborhoods
in each city and
the number of
houses in each
neighborhood is
continuously
changing
The New Reality
• As applications are migrated to the Cloud, they are migrating to Cloud native architectures.
• Even traditional application architectures generate continuous change when put into continuous deployment pipeline.
The Critical Impact
• Traditional methods of discovery no longer adequate.
• Streams not snapshots!
• Addresses no longer adequate identity.
Cloud Architecture – Adopting Security Change
INDUSTRY NEWS & STATISTICS
Latest “News”
The Impact of a Breach is Far Reaching and Long Lived
The Impact of a Breach is Far Reaching and Long Lived
Initial
Attack
Identify &
Recon
Command
& Control
Discover &
Spread
Extract &
Exfiltrate
Latest Industry “News”
Attacks Happen at Multiple Layers of the Application Stack
SQL Injection
Identify &
Recon
Command &
Control
Worm
Outbreak
Extract &
Exfiltrate
Malware
Brute Force
Identify &
Recon
THE IMPACT
• Every layer of the application
stack is under attack
• Attacks are multi-stage using
multiple threat vectors
• Web applications are #1
vector in the cloud
• Security must be cloud-
native, cover every layer of
application stack, and
identify attacks at every
stage.
CLOUD VERSUS ON-PREM –THE TRENDS
Threats by Customer Environment
Source: Alert Logic CSR
Top Ten Industry Attack Trends
CYBER CRIME LANDSCAPE
Threat Actors
Advanced Persistent
Threat (APT)
Hacktivist Cyber Criminals
Threat Actors – Top 10 View
September 2016 - Top 10 Threat Actors
Recent Trends in Cyber Security
TOP ATTACK TRENDS –FINANCE & BANKING
Industry Attack Trends – Attack Classes
Application Attack: An attack that
targets a specific application weakness
or vulnerability to gain access to the
target server
Brute Force: An attack that targets
hosts, servers or devices to gain admin
access through password combination
authentication attempts
DoS Attack: An attack that targets
multiple hosts to saturate resources
and bandwidth availability, normally
from a single source
DDoS Attack: An attack that targets
multiple hosts to saturate resources
and bandwidth availability from multiple
sources at higher attack rates
Infrastructure Profiling: A targeted
attempt to enumerate network
information on hosts, servers and
edge, distribution or core devices
Malware Attack: A malicious payload
or link, leading to installation or
download of infected files to gain
access to a target host or network.v
Successful Brute Force: A successful
unauthorized authentication to a host,
server or network device for nefarious
purposes.
Successful Malware Attack: Data
leakage or host infiltration as a result of
an unpatched vulnerability or infected
payload being executed against the
target host, server or network device.
SQLi Attack: An attack against an web
application or DB, to gain access to
customer or company data.
Finance – Q2FY2016In
dustr
y R
ank (
0-2
2)
Attack Class
1
22
APR
MAY
JUN
10
Attacks types and Industry Ranking out of 22 Industry groups, based on AL’s 2016 Incident data for: Finance
Finance – Industry Attack Trends
Finance – Q2FY20161
APR
MAY
JUN
DDoS Attack
Successful Brute
Force
Brute Force
DoS Attack
22
10
SQLi Attack
Attacks types and Industry Ranking out of 22 Industry groups, based on AL’s 2016 Incident data for: Finance
FURTHER RESOURCES
Neighborhoods
and house
exteriors are
standardizing
The New Reality
• The APIs of cloud platforms represent a radical simplification and standardization of controlling and monitoring IT assets.
• AWS has rolled up all new housing activity and neighborhood configuration into an easily consumed stream of data.
The Critical Impact
• Additional context available to better detect and assess threats.
• The standardization across customers enables Security-as-a-Service to better leverage analytics across larger data sets.
AWS Cloud – The Security Enabler
The Impact of a Breach is Far Reaching and Long Lived
COMPANIES OF ALL SIZES ARE IMPACTED
Initial
Attack
Identify &
Recon
Command
& Control
Discover &
Spread
Extract &
Exfiltrate
Initial
Attack
Identify &
Recon
Command
& Control
Discover &
Spread
Extract &
Exfiltrate
THE CYBER KILL CHAIN1
The Cyber Kill Chain - Enhancing Cloud Security
FURTHER RESOURCES
Get Connected
www.alertlogic.com @alertlogic
linkedin.com/company/alert-logic
alertlogic.com/resources/blog/
youtube.com/user/AlertLogicTV
brighttalk.com/channel/11587
Thank you.