Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Top five configuration security errors and how to avoid them - DEM09-S - Chicago AWS Summi

501 visualizaciones

Publicado el

In this session, we explore the security risks to which human configuration errors may expose your AWS resources. Based on data collected that analyzed millions of resources across hundreds of customers, it is apparent the potential impact can be significant. Everyone needs to play their part in managing risks, but first, we need to understand what risks need managing. We’ve distilled our customer experiences into the five most commonly made errors and how best to ensure you avoid them and their potential impact. This presentation is brought to you by AWS partner, Palo Alto Networks.

  • Sé el primero en comentar

Top five configuration security errors and how to avoid them - DEM09-S - Chicago AWS Summi

  1. 1. Top 5 Security Errors and How to Avoid Them Fred Meek Manager, Systems Engineering
  2. 2. Key findings based on customer research and breach analysis July – October 2018
  3. 3. 49% Of organizations leave their databases unencrypted • Encrypt, encrypt, encrypt! • Encryption of Amazon S3 buckets allows for that data to remain untampered with and valid for said audits down the road • Encryption of RDS protect information even if databases are compromised or copied in a malicious manner
  4. 4. 41%Of account access keys have not been rotated in more than 90 days • Rotate Keys Regularly • Rotate ALL credentials, passwords, and API Access Keys on a regular basis
  5. 5. 32%Of organizations publicly exposed at least 1 Amazon S3 bucket • Don’t let your Amazon S3 bucket policies atrophy • Strengthen Amazon S3 buckets with either IAM Policies, Amazon S3 Bucket Policies, or Amazon S3 Access Control Lists
  6. 6. 29% Of organizations enable root user activities • Disable Root Account API Access Key • Create IAM admin users. At least 2, no more than 3 per IAM group • Grant access to billing information and tools • Disable/Remove the default AWS root user API access keys
  7. 7. 27% Of organizations leave default network settings for at least 1 account • Always lock down the IP and port of which you will gain access to your AWS environment • Only turn on access when it is needed and off again once administrative work has been accomplished
  8. 8. Why So Many Security Errors? Disparate Point Product Offerings CSP NATIVE TOOLS CONTAINER SECURITY TOOLS 8 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary. OPSDEV SIEM NETWORK MONITORING TOOLS • Silo'd tools • Can’t correlate across network, user and config • Not multi-cloud • Limited Compliance • DIY security - too much data, too much noise • Very expensive • Only provides part of the story CASB • IP addresses are elastic in cloud • Lacks cloud-native context GRC TOOLS • Not built for cloud • Great user & data context, lacks infrastructure context (network traffic, vuln, etc.) • Lacks threat hunting and incident response • Higher TCO, requires constant upkeep with CSPs • Limited coverage OPEN SOURCE TOOLS
  9. 9. Effective Cloud Security: Series of Integrated Security Requirements 9 | © 2016, Palo Alto Networks. Confidential and Proprietary. What’s actually happening? Who is making changes and why? What do I have in the cloud? Are my hosts and containers secure? Is my app & data secure? Network Security / Flow Logs / Threat Intel Credentials / Actions / Identity Asset Inventory Runtime Security / Image & Vuln Scanning DLP / Serverless / AppSec Am I compliant? Configurations / Compliance Reporting
  10. 10. The Problems We Can Help You Solve 10 | © 2016, Palo Alto Networks. Confidential and Proprietary. Network Security / Flow Logs / Threat Intel Credentials / Actions / Identity Visibility / Configurations / Compliance Runtime Security / Image & Vuln Scanning DLP / Serverless / AppSec • Real-time network visibility and incident investigations • Suspicious/malicious traffic detection • Virtual firewall for in-line protection (VM-series) • Account & access key compromise detection • Anomalous insider activity detection • Privileged activity monitoring • Asset inventory tracking and cloud “time machine” • Compliance scanning (CIS, PCI, GDPR, etc.) • Configuration best practices • Runtime security* • Static image analysis (vulnerabilities and compliance)* • Configuration monitoring (for cloud native) • Serverless* • DLP & malware scanning * Potential future roadmap
  11. 11. The Most Complete Cloud Security Offering 11 | © 2018, Palo Alto Networks. All Rights Reserved. Detective control Infrastructure security Incident response Data protection Visit Our Booth to Learn More
  12. 12. THANK YOU