SlideShare una empresa de Scribd logo

The Practitioners Guide to Cloud Security

Descargar como PPTX, PDF
Dome9 Security
Dome9 Security

Dome9 Co-founder & CEO Zohar Alon presents on the Practitioners Guide to Cloud Security at Cloud Expo Europe - January, 2013.

Tecnología
1 de 20
CloudExpo Europe – London, January 2013 The Practitioners Guide to Cloud Security London, January 2013 Zohar Alon @zoharalon Co-Founder & CEO Dome9 – Secure Your Cloud™
Me, and my company Zohar Alon – Co-Founder & CEO Creator of Check Point’s Provider-1 & SP product lines Over 20 years of security & IT experience. Cloud Server Security Management Automate and centralize security across an unlimited number of cloud, dedicated, and virtual private servers Dome9 – Secure Your Cloud™
What’s this? Dome9 – Secure Your Cloud™
1 day and 86,000 attempts later… Dome9 – Secure Your Cloud™
There are more than 30 million Cloud, VPS & Dedicated Servers Most of these servers are vulnerable to attack – Admins leave ports open to connect to their servers – Hackers use these same open ports to gain access Most of these servers’ security is unmanageable – Sprawled across multiple private & public clouds – Operating systems are a virtual buffet Most of the ‘available’ security doesn’t work – Service providers lack expertise & focus to build it – Security vendors have business models that don’t fit and/or technology that doesn’t migrate and scale Dome9 – Secure Your Cloud™
Who’s responsible for security? Dome9 – Secure Your Cloud™
The Practitioners Guide Part 1 – Responsibility • Most don’t know who’s Who’s Responsible? responsible for cloud security – 42% say they wouldn’t know if their cloud was hacked 33% 31% – 39% think their provider would tell them • Security is everybody’s 36% responsibility – accept and share it! • Security is your responsibility – Deal with it! Customer Provider Both Ponemon Cloud Security Research Study Dome9 – Secure Your Cloud™
The Practitioners Guide Part 2 – Authentication • If Anyone can login consider Multi-Factor authentication to harden access • Simple mobile app integration, w/ QR code support & SMS backup Dome9 – Secure Your Cloud™
Dome9 – Secure Your Cloud™
Dome9 – Secure Your Cloud™
The Practitioners Guide Part 3 - WAF • WAF: Web Application Firewall – Protects Web services, sites and applications – Monitor the requests to the web layer – Brute-force Login, Span Bots, SQL injections, etc. • Easy to enable – No Install! – Provides added security layer w/o overhead • Every Web App Will Use one – CloudFlare, Incapsula or Akamai – Bonus I – site is faster – Bonus II – DDOS mitigation capabilities Dome9 – Secure Your Cloud™
The Practitioners Guide Part 4 – Log • You saw how many insights we get from the logs. You need to store and analyze them. • We use several vendors for this – each for a different use-case: – Splunk & SplunkStorm – SumoLogic – Loggly – LogEntries Dome9 – Secure Your Cloud™
The Practitioners Guide Part 5 – Firewall • Take Control on your security policies – You do much more when it comes to the office firewall • Close All (admin) Ports – Open Dynamically – Open them only for whom, and for as long as is needed. • Don’t rely on static scopes – Too much management overhead and risk. • Aggregate & Centralize firewall management – Across regions, providers and applications • At Dome9, we eat our own dog food – On Amazon, Verison’s Terrermark and Rackspace Dome9 – Secure Your Cloud™
What happened here? Dome9 – Secure Your Cloud™
Dome9: How it Works Automated Cloud Server Security  Manage OS firewall (via Agent) and virtual firewall (via API) across all cloud servers  Enable on-demand, time- based secure access leases per server, source & time  Automatically close server access when lease expires  Stop attackers from targeting open admin ports via brute force attacks and exploits Dome9 – Secure Your Cloud™
Dome9 Central Simplified Security Management Time-Based Controls 1-Click Secure Access Multi-Cloud Management Dome9 – Secure Your Cloud™
Wrap Up ① Take Responsibility ② Harden Authentication ③ Use a Web Application Firewall ④ Log, Log, Log, Log, Log… and Analyze ⑤ Lockdown and Automate the Server Firewalls… with Dome9!  Dome9 – Secure Your Cloud™
Q&A Dome9 – Secure Your Cloud™
Thank You! Zohar Alon, Zohar@dome9.com www.dome9.com Dome9 – Secure Your Cloud™
References and Links • Firewall Management Service: – http://www.dome9.com/ – https://secure.dome9.com/account/register?code=ecommerce • MyDigipass 2 Factor Authentication Service: – https://www.mydigipass.com/ • Log Management Services: – Splunk Storm Service - https://www.splunkstorm.com/ – Loggly - http://loggly.com/ – LogEntries - https://logentries.com/ • WAF Services: – CloudFlare - https://www.cloudflare.com/ – Incapsula - http://www.incapsula.com/ • Cloud Security Study: http://www.dome9.com/wp-content/uploads/2011/11/Ponemon-Cloud-Security-Study.pdf Dome9 – Secure Your Cloud™

Recomendados

Cassandra Day Atlanta 2015: BetterCloud: Leveraging Apache Cassandra
Cassandra Day Atlanta 2015: BetterCloud: Leveraging Apache CassandraCassandra Day Atlanta 2015: BetterCloud: Leveraging Apache Cassandra
Cassandra Day Atlanta 2015: BetterCloud: Leveraging Apache Cassandra
DataStax Academy
 
نهاد... أيامي في انتظارك
نهاد... أيامي في انتظارك نهاد... أيامي في انتظارك
نهاد... أيامي في انتظارك
Oume Slaoui
 
فداء ملائكي
فداء ملائكيفداء ملائكي
فداء ملائكي
Oume Slaoui
 
Ponemon survey cloud security webcast
Ponemon survey cloud security webcastPonemon survey cloud security webcast
Ponemon survey cloud security webcast
Dome9 Security
 
Salon stylistprofiles
Salon stylistprofilesSalon stylistprofiles
Salon stylistprofiles
paula1096
 
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيليحوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
Oume Slaoui
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security study
Dome9 Security
 
Dome9 Brochure
Dome9 BrochureDome9 Brochure
Dome9 Brochure
Dome9 Security
 

Recomendados

Cassandra Day Atlanta 2015: BetterCloud: Leveraging Apache Cassandra
Cassandra Day Atlanta 2015: BetterCloud: Leveraging Apache CassandraCassandra Day Atlanta 2015: BetterCloud: Leveraging Apache Cassandra
Cassandra Day Atlanta 2015: BetterCloud: Leveraging Apache Cassandra
DataStax Academy
 
نهاد... أيامي في انتظارك
نهاد... أيامي في انتظارك نهاد... أيامي في انتظارك
نهاد... أيامي في انتظارك
Oume Slaoui
 
فداء ملائكي
فداء ملائكيفداء ملائكي
فداء ملائكي
Oume Slaoui
 
Ponemon survey cloud security webcast
Ponemon survey cloud security webcastPonemon survey cloud security webcast
Ponemon survey cloud security webcast
Dome9 Security
 
Salon stylistprofiles
Salon stylistprofilesSalon stylistprofiles
Salon stylistprofiles
paula1096
 
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيليحوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
حوار الفنانة سعاد الشهيبي للدكتورة أم البنين سلاوي حول الفن التشكيلي
Oume Slaoui
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security study
Dome9 Security
 
Dome9 Brochure
Dome9 BrochureDome9 Brochure
Dome9 Brochure
Dome9 Security
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
johnbeverley2021
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
danishmna97
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

Más contenido relacionado

Último

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Último (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

Destacado

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Destacado (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

The Practitioners Guide to Cloud Security

  • 1. CloudExpo Europe – London, January 2013 The Practitioners Guide to Cloud Security London, January 2013 Zohar Alon @zoharalon Co-Founder & CEO Dome9 – Secure Your Cloud™
  • 2. Me, and my company Zohar Alon – Co-Founder & CEO Creator of Check Point’s Provider-1 & SP product lines Over 20 years of security & IT experience. Cloud Server Security Management Automate and centralize security across an unlimited number of cloud, dedicated, and virtual private servers Dome9 – Secure Your Cloud™
  • 3. What’s this? Dome9 – Secure Your Cloud™
  • 4. 1 day and 86,000 attempts later… Dome9 – Secure Your Cloud™
  • 5. There are more than 30 million Cloud, VPS & Dedicated Servers Most of these servers are vulnerable to attack – Admins leave ports open to connect to their servers – Hackers use these same open ports to gain access Most of these servers’ security is unmanageable – Sprawled across multiple private & public clouds – Operating systems are a virtual buffet Most of the ‘available’ security doesn’t work – Service providers lack expertise & focus to build it – Security vendors have business models that don’t fit and/or technology that doesn’t migrate and scale Dome9 – Secure Your Cloud™
  • 6. Who’s responsible for security? Dome9 – Secure Your Cloud™
  • 7. The Practitioners Guide Part 1 – Responsibility • Most don’t know who’s Who’s Responsible? responsible for cloud security – 42% say they wouldn’t know if their cloud was hacked 33% 31% – 39% think their provider would tell them • Security is everybody’s 36% responsibility – accept and share it! • Security is your responsibility – Deal with it! Customer Provider Both Ponemon Cloud Security Research Study Dome9 – Secure Your Cloud™
  • 8. The Practitioners Guide Part 2 – Authentication • If Anyone can login consider Multi-Factor authentication to harden access • Simple mobile app integration, w/ QR code support & SMS backup Dome9 – Secure Your Cloud™
  • 9. Dome9 – Secure Your Cloud™
  • 10. Dome9 – Secure Your Cloud™
  • 11. The Practitioners Guide Part 3 - WAF • WAF: Web Application Firewall – Protects Web services, sites and applications – Monitor the requests to the web layer – Brute-force Login, Span Bots, SQL injections, etc. • Easy to enable – No Install! – Provides added security layer w/o overhead • Every Web App Will Use one – CloudFlare, Incapsula or Akamai – Bonus I – site is faster – Bonus II – DDOS mitigation capabilities Dome9 – Secure Your Cloud™
  • 12. The Practitioners Guide Part 4 – Log • You saw how many insights we get from the logs. You need to store and analyze them. • We use several vendors for this – each for a different use-case: – Splunk & SplunkStorm – SumoLogic – Loggly – LogEntries Dome9 – Secure Your Cloud™
  • 13. The Practitioners Guide Part 5 – Firewall • Take Control on your security policies – You do much more when it comes to the office firewall • Close All (admin) Ports – Open Dynamically – Open them only for whom, and for as long as is needed. • Don’t rely on static scopes – Too much management overhead and risk. • Aggregate & Centralize firewall management – Across regions, providers and applications • At Dome9, we eat our own dog food – On Amazon, Verison’s Terrermark and Rackspace Dome9 – Secure Your Cloud™
  • 14. What happened here? Dome9 – Secure Your Cloud™
  • 15. Dome9: How it Works Automated Cloud Server Security  Manage OS firewall (via Agent) and virtual firewall (via API) across all cloud servers  Enable on-demand, time- based secure access leases per server, source & time  Automatically close server access when lease expires  Stop attackers from targeting open admin ports via brute force attacks and exploits Dome9 – Secure Your Cloud™
  • 16. Dome9 Central Simplified Security Management Time-Based Controls 1-Click Secure Access Multi-Cloud Management Dome9 – Secure Your Cloud™
  • 17. Wrap Up ① Take Responsibility ② Harden Authentication ③ Use a Web Application Firewall ④ Log, Log, Log, Log, Log… and Analyze ⑤ Lockdown and Automate the Server Firewalls… with Dome9!  Dome9 – Secure Your Cloud™
  • 18. Q&A Dome9 – Secure Your Cloud™
  • 19. Thank You! Zohar Alon, Zohar@dome9.com www.dome9.com Dome9 – Secure Your Cloud™
  • 20. References and Links • Firewall Management Service: – http://www.dome9.com/ – https://secure.dome9.com/account/register?code=ecommerce • MyDigipass 2 Factor Authentication Service: – https://www.mydigipass.com/ • Log Management Services: – Splunk Storm Service - https://www.splunkstorm.com/ – Loggly - http://loggly.com/ – LogEntries - https://logentries.com/ • WAF Services: – CloudFlare - https://www.cloudflare.com/ – Incapsula - http://www.incapsula.com/ • Cloud Security Study: http://www.dome9.com/wp-content/uploads/2011/11/Ponemon-Cloud-Security-Study.pdf Dome9 – Secure Your Cloud™

Notas del editor

  1. Dome9 – Server firewall management platform, brought in a SaaS subscription model.1,500 customers since launch last yearBased in Tel Aviv, with offices in the Bay AreaFocused on managing security for cloud, dedicated and VPSSpeaking today is a unique opportunity becauseDome9 is both a security company and an e-commerce companyAll of our transactions are done online and like you, have to be secured. Making sure the transaction and our infrastructure is secure is ultra critical, especially for us since we are a security company.Many of our customers are also e-commerce companies, which gives us a nice glimpse into the types of concerns they have and the threats they face
  2. Q: What is this ?A: Brute force attack in action (by a nice Malaysian guy) on a test server at Amazon, set up by one of our developers Any success ?
  3. Integrating with MyDigipass:Took more time to audit and review than to actually implement the integration.Took a single developer less than a day to implement.After spending a fixed (small) amount of time it is great to see the service keeps improving while doing noting on our side (example – device authorization)
  4. Let’s get back to our poor server.I do not remember writing this url , so I searched a bit…
  5. Apparently this is a new exploit called Elastix 2.2. LFIThis exploit is of type – directory traversal/ local file inclusion. This specific one is quite new – about 1 month old.Thank you my Lao friend for sharing such a new exploit with me.This leads us to our next part
  6. Remember the server from slide 1 ?Q: What happened here ?A: I just used our own product to properly configure that server’s firewall
  7. -Describe- By now, you understand what we do, now let’s dive into our dilemmas and challenges