8. Cybercrime Has Also Changed
Single Actors Highly Organized Groups
EARLY 2000’s MID 2000’s NOW
9. Cybercrime is Flourishing
508 is the average
number of applications
in an enterprise
Evolution of AdversariesExpanding Attack Surfaces Overwhelmed Defenses
37% of US companies
face 50,000+ alerts
per month
390,000 new malicious
programs every day with
a viable ecosystem
Forbes, 2014
FireEye, 2015
AV-TEST, 2016
10. Attack methods are evolving
• Security risks
-Perception of increased risk due to lack of control
-Blind spots: no way to connect on-premise and cloud attacks
-Increased threat surface
-Tuning tools for relevant notifications
Cloud Environment On Premise Environment
Source: Alert Logic CSR 2016
42%
25%
19%
8%
4% 2%
application-attack brute-force suspicious-activity
recon trojan-activity denial-of-service
51%
22%
18%
5% 3% 1%
brute-force suspicious-activity application-attack
trojan-activity recon denial-of-service
15. The Cloud Can be Secure
“Public cloud workloads can be at least as
secure as those in your own data center,
likely better.”
Neil McDonald – Gartner Security and Risk Management Summit
London Sept 2015
16. Cloud has disrupted traditional security
DEPLOYMENT & MANAGEMENT PERFORMANCE & OPERATIONS
CUSTOMER APPLICATION
REQUIREMENTS
TRADITIONAL
SECURITY
CLOUD
DRIVERS
SLOW, COMPLEX
CONFIGURATIONS
AGILITY & AUTOMATION HYPER-SCALABILITY PRIORITY: WEB APPLICATIONS
SCALING CHOKEPOINTS
POOR DETECTION OF
WEB APP ATTACKS
vs vs vs
17. Challenges of being Secure in the Cloud
SECURITY TOOLS ARE
Complicated to use
Difficult to deploy
Expensive to manage
and tune
HUMAN EXPERTISE IS
Hard to find
Harder to keep
Very expensive
THREAT INTELLIGENCE
AND SECURITY CONTENT
Gets stale quickly
Requires specific
know-how
Validation required to avoid
false positives
18. Cloud Security – New Approach
The Principles of security do not change
but your Approach to security needs to
change:
• Security best practices are no different in the cloud
• You need to apply the same security standards to
cloud workloads as applied to on-premises
• Understand the Shared Responsibility of Cloud
Security
19. • Security Monitoring
• Log Analysis
• Vulnerability Scanning
• Network Threat Detection
• Security Monitoring
• Secure Coding and Best Practices
• Software and Virtual Patching
• Configuration Management
• Access Management (including multi-
factor authentication)
• Access Management
• Configuration Hardening
• Patch Management
• TLS/SSL Encryption
• Network Security
Configuration
• Web Application Firewall
• Vulnerability Scanning
• Application level attack monitoring
• Hypervisor Management
• System Image Library
• Root Access for Customers
• Managed Patching (PaaS, not IaaS)
• Logical Network Segmentation
• Perimeter Security Services
• External DDOS, spoofing, and
scanning monitored
APPS
CUSTOMER ALERT LOGICMICROSOFT
VIRTUAL MACHINES
NETWORKING
INFRASTRUCTURE
SERVICES
Cloud Security is a Shared, but not Equal, Responsibility
21. We protect cloud workloads & web applications
• Full-stack security
• Integrated analytics & experts
• Built for cloud
• Cost-effective outcomes
ASSESS
BLOCK COMPLY
DETECT
FULLY-MANAGED SECURITY, DELIVERED AS A SERVICE
Data
Center
Hosting
22. Your Data
Web App
Attacks
OWASP
Top 10
Platform /
Library
Attacks
System /
Network
Attacks
App Transactions
Log Data
Network Traffic
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Server OS
Hypervisor
Databases
Networking
Cloud Management
APP+CONFIG
ASSESMENT
COLLECTION
TECHNOLOGY
Signatures &
Rules
Anomaly
Detection
Machine
Learning
ANALYTICS
Integrated value chain delivering full stack security, experts included
Petabytes of normalized data from 4000+
customers
• Threat Intelligence
• Security Research
• Data Science
• Security Content
• Security Operations
Center
24/7 EXPERTS
& PROCESS
23. Web App
Attacks
OWASP
Top 10
Platform /
Library
Attacks
System /
Network
Attacks
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Server OS
Hypervisor
Databases
Networking
Cloud Management
CLOUD INSIGHT
Signatures &
Rules
Anomaly
Detection
Machine
Learning
Integrated value chain delivering full stack security, experts included
• Threat Intelligence
• Security Research
• Data Science
• Security Content
• Security Operations
Center
ACTIVEWATCHDETECTION &
PROTECTION
Web Security
Manager
Log
Manager
Threat
Manager
ALERT LOGIC CLOUD DEFENDER
24. We designed security for cloud and hybrid environments
GET STARTED IN MINUTES
MAINTAIN COVERAGE AT
CLOUD SCALE
KEEP PRODUCTION FLOWING
with modular services that
grow with you
Comply
with integration to cloud APIs
and DevOps automation
with auto-scaling support and
out-of-band detection
Single pane of glass for workload and application security
across cloud, hosted & on-premises
25. Leaders
28
8
6
4
10
25
3
5
5
11
8
10
15
24
Other
Amazon
Check Point
Chronicle Data
Cisco
Fortinet
Intel Security
Okta
Symantec
Barricade
JumpCloud
Evident.io
Palerra
Microsoft
CloudPassage
CloudCheckr
FortyCloud
ThreatStack
Alert Logic
A recognized security leader
“Alert Logic has a
head start in the cloud,
and it shows.”
PETER STEPHENSON
SC Magazine review
“…the depth and breadth
of the offering’s analytics
and threat management
process goes beyond
anything we’ve seen…”Who is your primary
in-use vendor for Cloud
Infrastructure Security?
Who are the top vendors
in consideration for Cloud
Infrastructure Security?
Alert Logic
28. 10 Cloud Security Best Practices
1. Secure your code
2. Create access management policies
3. Data Classification
4. Adopt a patch management approach
5. Review logs regularly
6. Build a security toolkit
7. Stay informed of the latest vulnerabilities that may affect you
8. Understand your cloud service providers security model
9. Understand the shared security responsibility
10. Know your adversaries
29. 10 Cloud Security Best Practices
1. Secure your code
2. Create access management policies
3. Data Classification
4. Adopt a patch management approach
5. Review logs regularly
6. Build a security toolkit
7. Stay informed of the latest vulnerabilities that may affect you
8. Understand your cloud service providers security model
9. Understand the shared security responsibility
10. Know your adversaries
30. Top 3 Takeaways
1. Cyber Crime is flourishing – Big
and small companies
2. Security in the Cloud has similar
overall principles but new
complexity
3. Alert Logic provides full stack
security with experts included