SlideShare una empresa de Scribd logo

Security Operations in the Cloud

Armor
Armor

An in-depth look at Security Operations in the Cloud. Join us as we discuss: Cloud Security, Secure Cloud Topology, Kill Chain and Threat actor motives.

Tecnología
1 de 20
Security Operations In the Cloud Jeff Schilling Chief Security Officer
Today’s Speakers Jeff Schilling, CISM Chief Security Officer FireHost • Former Director of the Global Incident Response practice for Dell SecureWorks • Colonel, Retired – Former Director of the Global Security Operations Center for U.S. Army’s Cyber Command • Former Director of the DOD’s Global NetOps Center for JTF-GNO SECURITY OPERATIONS
Agenda SECURITY OPERATIONS • The Security Landscape – Threats, Actors & Motives • Why SecOps? • SecOps Concept, Roles & Topology • The OODA Loop • Kill Chain • Use Case • Questions & Answers
SECURITY OPERATIONS SECURITY LANDSCAPE THREATS, ACTORS, & MOTIVES
TARGETED THREAT COMMODITY THREAT TYPES OF THREATS ADVANCED TARGETED THREAT
HACKTIVISTS / CYBER WAR CRIME AND FRAUD INTELLECTUAL PROPERTY THEFT THREAT MOTIVES
SECURITY OPERATIONS Why Security Operations? • It’s about Risk Reduction • It’s about reducing your attack surface area • It’s not about the tools you use, it’s about how you use them
PEOPLE, PROCESS, & TECHNOLOGY People, Process, & Technology PEOPLE: The only cloud provider with a CSO, CISO, SecOps and InfoSec team protecting customers, not just internal operations. PROCESS: A security-centric approach to everything we do – from customer onboarding and support to the most advanced security operations of any cloud provider around. TECHNOLOGY: The industry’s only cloud built secure from day one with top security products orchestrated as one automated system unlike any on the market; No bolted-on, added expense gimmicks.
SECURITY OPERATIONAL CONCEPT PROTECT THREAT INTELLIGENCE THREAT INTELLIGENCE CYBER/ PHYSICAL SECURITY DETEC T RESPOND RECOVE R _ = SECURITY THREAT + VULNERABILITY OPS RISK MITIGATION P/D/R/R THREAT INTELLIGENCE
SECURITY OPERATIONS ROLES SECURITY TEAM Threat Intelligence Security Operation Center (SOC) Incident Management Security Device Management Vulnerability Management Forensics Friendly Network Forces Security Architect Security Ops Organization
SECURE CLOUD TOPOLOGY Secure Cloud Topology
DIRECT SUPPORT INDIRECT SUPPORT SECURE CLOUD TOPOLOGY
TARGETING METHODOLOGY – OODA LOOP THE OODA LOOP CLOUD SECURITY FRAMEWORK Military defense created by Air Force in Korean War OBSERVE ORIENT ACT DECIDE
THE KILL CHAIN – THREAT TYPES 1 2 3 4 RECONNAISSANCE EXPLOITATION Open source research Social network research Port scan, IP sweep Infected Word Doc or PDF is opened Java script exploited in browser Command line SQL inject Google research WEAPONIZATION Combine the exploit tool with the method DISTRIBUTION & STRATEGY Phishing email Website drive by SQL inject script ACTION ON TARGET Search the target Destroy or disrupt Package and prepare for and exfil data 5 PERSIST/LATERAL 6 COMMAND 7 MOVEMENT Registry Key changed Privilege Escalation Look for open connections & CONTROL Malware or compromised system reaches out for instructions
THE KILL CHAIN – THREAT TYPES 1 RECONNAISSANCE 2 WEAPONIZATION 3 DISTRIBUTION 4 & STRATEGY ACTION ON TARGET 5 PERSIST/LATERAL 6 COMMAND 7 MOVEMENT & CONTROL EXPLOITATION IPRM WAF vGW NIDS Threat research (happens outside of our network boundaries) IPRM WAF vGW NIDS Malware Detection VTM Malware Detection WAF Malware Protection VTM vGW IPRM WAF vGW NIDS IPRM WAF vGW NIDS
SECURITY OPERATIONS THREAT ACTOR CASE STUDIES
THREAT ACTOR USE CASE Threat Actors compromises a FireHost customer webserver through a WordPress vulnerability and begins using the host to send spam email with malicious attachments outside of the environment. FireHost then receives abuse complaints pursuant to the attack. • Type of attack requires intermediate (B) or more advanced skills, but is commonly seen at the intermediate layer. • Results of this type of attack could lead to FireHost reputation damage due to our IPs being blacklisted, as well as possible data loss to the customer through the mail sender. • SOC detects similar attacks weekly within our customer environment. P-D-R KILL CHAIN MAPPING Threat Scale Rating: 3-4
Threats are everywhere… Security must be too SECURITY OPERATIONS
SECURITY OPERATIONS Questions Answers
SECURITY OPERATIONS Thank You Please visit us at firehost.com Email sales@firehost.com Phone (US) +1 877 262 3473 (UK) +44 800 500 3167

Recomendados

An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfAmazon Web Services
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAlert Logic
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAmazon Web Services
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowAmazon Web Services
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 

Recomendados

An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdf
ATLO Software Delivers Secure Training Programs with Sophos UTM on AWS.pdfAmazon Web Services
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAlert Logic
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAmazon Web Services
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowAmazon Web Services
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelOWASP Delhi
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Amazon Web Services
 
Building an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWSBuilding an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWSAmazon Web Services
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
 
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...Amazon Web Services
 
Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The CloudMark Nunnikhoven
 
Security, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsSecurity, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsAmazon Web Services
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Amazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
From the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSFrom the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSAlert Logic
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsAleksandr Maklakov
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAlert Logic
 
Reducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationSergey Soldatov
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 

Más contenido relacionado

La actualidad más candente

Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelOWASP Delhi
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Amazon Web Services
 
Building an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWSBuilding an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWSAmazon Web Services
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
 
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...Amazon Web Services
 
Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The CloudMark Nunnikhoven
 
Security, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsSecurity, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsAmazon Web Services
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Amazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
From the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSFrom the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSAlert Logic
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsAleksandr Maklakov
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAlert Logic
 

La actualidad más candente (20)

Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWS
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the Cloud
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
Voice of the Customer: Moving to a secure house in the cloud with cutting-edg...
 
Building an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWSBuilding an Automated Security Fabric in AWS
Building an Automated Security Fabric in AWS
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017
 
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
ThreatStack Session: A Tale of Security & Ops Teamwork for Rapid Security Inc...
 
Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The Cloud
 
Security, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsSecurity, Risk, Compliance & Controls
Security, Risk, Compliance & Controls
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security
 
From the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSFrom the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWS
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startups
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
 

Similar a Security Operations in the Cloud

Reducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationSergey Soldatov
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...AgileNetwork
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsJoshua Berman
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...IBM Security
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)neeraj.sihag
 
Managing Security in Agile Culture
Managing Security in Agile CultureManaging Security in Agile Culture
Managing Security in Agile CultureSARCCOM
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation♟Sergej Epp
 

Similar a Security Operations in the Cloud (20)

Reducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformation
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
 
Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)
 
Managing Security in Agile Culture
Managing Security in Agile CultureManaging Security in Agile Culture
Managing Security in Agile Culture
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation
 

Más de Armor

The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
Getting Ready for PCI DSS 3.0
Getting Ready for PCI DSS 3.0Getting Ready for PCI DSS 3.0
Getting Ready for PCI DSS 3.0Armor
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Keys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudKeys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudArmor
 
With FireHost You Can Have it All: Performance & Security
With FireHost You Can Have it All: Performance & SecurityWith FireHost You Can Have it All: Performance & Security
With FireHost You Can Have it All: Performance & SecurityArmor
 
FireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedFireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedArmor
 
FireHost Webinar: The Service You Should Expect in the Cloud
FireHost Webinar: The Service You Should Expect in the CloudFireHost Webinar: The Service You Should Expect in the Cloud
FireHost Webinar: The Service You Should Expect in the CloudArmor
 
Making Sense of Security and Compliance
Making Sense of Security and ComplianceMaking Sense of Security and Compliance
Making Sense of Security and ComplianceArmor
 
Firehost Webinar: How a Secure High Performance Cloud Powers Applications
Firehost Webinar: How a Secure High Performance Cloud Powers ApplicationsFirehost Webinar: How a Secure High Performance Cloud Powers Applications
Firehost Webinar: How a Secure High Performance Cloud Powers ApplicationsArmor
 
Firehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data EnvirnmentFirehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data EnvirnmentArmor
 
Firehost Webinar: Do you know where your Cardholder Data Environment is?
Firehost Webinar: Do you know where your Cardholder Data Environment is? Firehost Webinar: Do you know where your Cardholder Data Environment is?
Firehost Webinar: Do you know where your Cardholder Data Environment is? Armor
 
Firehost Webinar: Getting Ready for PCI 3.0
Firehost Webinar: Getting Ready for PCI 3.0Firehost Webinar: Getting Ready for PCI 3.0
Firehost Webinar: Getting Ready for PCI 3.0Armor
 
Firehost Webinar: Getting Hipaa Compliant
Firehost Webinar: Getting Hipaa Compliant Firehost Webinar: Getting Hipaa Compliant
Firehost Webinar: Getting Hipaa Compliant Armor
 
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational ImpactFirehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational ImpactArmor
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Armor
 
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...Armor
 
FireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent SecurityFireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent SecurityArmor
 
FireHost Webinar: 6 Must Have Tools For Disaster Prevention
FireHost Webinar: 6 Must Have Tools For Disaster PreventionFireHost Webinar: 6 Must Have Tools For Disaster Prevention
FireHost Webinar: 6 Must Have Tools For Disaster PreventionArmor
 

Más de Armor (20)

The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 
Getting Ready for PCI DSS 3.0
Getting Ready for PCI DSS 3.0Getting Ready for PCI DSS 3.0
Getting Ready for PCI DSS 3.0
 
Ransomware
Ransomware Ransomware
Ransomware
 
Keys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudKeys To Better Data Security In the Cloud
Keys To Better Data Security In the Cloud
 
With FireHost You Can Have it All: Performance & Security
With FireHost You Can Have it All: Performance & SecurityWith FireHost You Can Have it All: Performance & Security
With FireHost You Can Have it All: Performance & Security
 
FireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedFireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository Deconstructed
 
FireHost Webinar: The Service You Should Expect in the Cloud
FireHost Webinar: The Service You Should Expect in the CloudFireHost Webinar: The Service You Should Expect in the Cloud
FireHost Webinar: The Service You Should Expect in the Cloud
 
Making Sense of Security and Compliance
Making Sense of Security and ComplianceMaking Sense of Security and Compliance
Making Sense of Security and Compliance
 
Firehost Webinar: How a Secure High Performance Cloud Powers Applications
Firehost Webinar: How a Secure High Performance Cloud Powers ApplicationsFirehost Webinar: How a Secure High Performance Cloud Powers Applications
Firehost Webinar: How a Secure High Performance Cloud Powers Applications
 
Firehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data EnvirnmentFirehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data Envirnment
 
Firehost Webinar: Do you know where your Cardholder Data Environment is?
Firehost Webinar: Do you know where your Cardholder Data Environment is? Firehost Webinar: Do you know where your Cardholder Data Environment is?
Firehost Webinar: Do you know where your Cardholder Data Environment is?
 
Firehost Webinar: Getting Ready for PCI 3.0
Firehost Webinar: Getting Ready for PCI 3.0Firehost Webinar: Getting Ready for PCI 3.0
Firehost Webinar: Getting Ready for PCI 3.0
 
Firehost Webinar: Getting Hipaa Compliant
Firehost Webinar: Getting Hipaa Compliant Firehost Webinar: Getting Hipaa Compliant
Firehost Webinar: Getting Hipaa Compliant
 
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational ImpactFirehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1
 
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
 
FireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent SecurityFireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent Security
 
FireHost Webinar: 6 Must Have Tools For Disaster Prevention
FireHost Webinar: 6 Must Have Tools For Disaster PreventionFireHost Webinar: 6 Must Have Tools For Disaster Prevention
FireHost Webinar: 6 Must Have Tools For Disaster Prevention
 

Último

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 

Último (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Security Operations in the Cloud

  • 1. Security Operations In the Cloud Jeff Schilling Chief Security Officer
  • 2. Today’s Speakers Jeff Schilling, CISM Chief Security Officer FireHost • Former Director of the Global Incident Response practice for Dell SecureWorks • Colonel, Retired – Former Director of the Global Security Operations Center for U.S. Army’s Cyber Command • Former Director of the DOD’s Global NetOps Center for JTF-GNO SECURITY OPERATIONS
  • 3. Agenda SECURITY OPERATIONS • The Security Landscape – Threats, Actors & Motives • Why SecOps? • SecOps Concept, Roles & Topology • The OODA Loop • Kill Chain • Use Case • Questions & Answers
  • 4. SECURITY OPERATIONS SECURITY LANDSCAPE THREATS, ACTORS, & MOTIVES
  • 5. TARGETED THREAT COMMODITY THREAT TYPES OF THREATS ADVANCED TARGETED THREAT
  • 6. HACKTIVISTS / CYBER WAR CRIME AND FRAUD INTELLECTUAL PROPERTY THEFT THREAT MOTIVES
  • 7. SECURITY OPERATIONS Why Security Operations? • It’s about Risk Reduction • It’s about reducing your attack surface area • It’s not about the tools you use, it’s about how you use them
  • 8. PEOPLE, PROCESS, & TECHNOLOGY People, Process, & Technology PEOPLE: The only cloud provider with a CSO, CISO, SecOps and InfoSec team protecting customers, not just internal operations. PROCESS: A security-centric approach to everything we do – from customer onboarding and support to the most advanced security operations of any cloud provider around. TECHNOLOGY: The industry’s only cloud built secure from day one with top security products orchestrated as one automated system unlike any on the market; No bolted-on, added expense gimmicks.
  • 9. SECURITY OPERATIONAL CONCEPT PROTECT THREAT INTELLIGENCE THREAT INTELLIGENCE CYBER/ PHYSICAL SECURITY DETEC T RESPOND RECOVE R _ = SECURITY THREAT + VULNERABILITY OPS RISK MITIGATION P/D/R/R THREAT INTELLIGENCE
  • 10. SECURITY OPERATIONS ROLES SECURITY TEAM Threat Intelligence Security Operation Center (SOC) Incident Management Security Device Management Vulnerability Management Forensics Friendly Network Forces Security Architect Security Ops Organization
  • 11. SECURE CLOUD TOPOLOGY Secure Cloud Topology
  • 12. DIRECT SUPPORT INDIRECT SUPPORT SECURE CLOUD TOPOLOGY
  • 13. TARGETING METHODOLOGY – OODA LOOP THE OODA LOOP CLOUD SECURITY FRAMEWORK Military defense created by Air Force in Korean War OBSERVE ORIENT ACT DECIDE
  • 14. THE KILL CHAIN – THREAT TYPES 1 2 3 4 RECONNAISSANCE EXPLOITATION Open source research Social network research Port scan, IP sweep Infected Word Doc or PDF is opened Java script exploited in browser Command line SQL inject Google research WEAPONIZATION Combine the exploit tool with the method DISTRIBUTION & STRATEGY Phishing email Website drive by SQL inject script ACTION ON TARGET Search the target Destroy or disrupt Package and prepare for and exfil data 5 PERSIST/LATERAL 6 COMMAND 7 MOVEMENT Registry Key changed Privilege Escalation Look for open connections & CONTROL Malware or compromised system reaches out for instructions
  • 15. THE KILL CHAIN – THREAT TYPES 1 RECONNAISSANCE 2 WEAPONIZATION 3 DISTRIBUTION 4 & STRATEGY ACTION ON TARGET 5 PERSIST/LATERAL 6 COMMAND 7 MOVEMENT & CONTROL EXPLOITATION IPRM WAF vGW NIDS Threat research (happens outside of our network boundaries) IPRM WAF vGW NIDS Malware Detection VTM Malware Detection WAF Malware Protection VTM vGW IPRM WAF vGW NIDS IPRM WAF vGW NIDS
  • 16. SECURITY OPERATIONS THREAT ACTOR CASE STUDIES
  • 17. THREAT ACTOR USE CASE Threat Actors compromises a FireHost customer webserver through a WordPress vulnerability and begins using the host to send spam email with malicious attachments outside of the environment. FireHost then receives abuse complaints pursuant to the attack. • Type of attack requires intermediate (B) or more advanced skills, but is commonly seen at the intermediate layer. • Results of this type of attack could lead to FireHost reputation damage due to our IPs being blacklisted, as well as possible data loss to the customer through the mail sender. • SOC detects similar attacks weekly within our customer environment. P-D-R KILL CHAIN MAPPING Threat Scale Rating: 3-4
  • 18. Threats are everywhere… Security must be too SECURITY OPERATIONS
  • 20. SECURITY OPERATIONS Thank You Please visit us at firehost.com Email sales@firehost.com Phone (US) +1 877 262 3473 (UK) +44 800 500 3167

Notas del editor

  1. Neil: I’d like to introduce our speakers today. I’m Neil and I’ll be moderating our discussion. Jeff Schilling, FireHost’s new Chief Security Officer, will be leading today’s session on Security Operations in the cloud and why it matters to today’s enterprises. As you can see here, Jeff has a storied security career, both as a military leader and a civilian.
  2. Jeff slide With what we’re seeing from the threat and intent standpoints, we can see what trends look like. Tools are similar, but attack methods change constantly Parity in advanced skill level Nation-state using modified or off-the-shelf malware as a hook Tools ≠ sophisticated Deployment methods = more sophisticated Getting harder to find insiders Criminals, nation-states blending attack methods
  3. Commodity Threat Phishing with Dynamite Automated control for scale Can be defended with good Signature based controls Smash and grab Advanced Persistent Threat Playing chess Human controlled (just for you) Custom trade craft Highly targeted efforts Attempts to cover their tracks Goal is to log on, become an insider Insider Threat Fly on the wall Hardest to detect, tries to hide in normal activity Usually has elevated privileges In most cases, assumes not being monitored May be some overlap in APT and Insider threat detection
  4. Hacktivists/Revenge Cyber Warfare Disrupt Destroy Deny Revenge Embarrass Intimidate Intellectual Property Theft Competitive advantage Fill in an innovation gap Nation-state level espionage Crime Steal your Money Steal your clients’ money Identity Theft Fraud
  5. REMINDER – weave in compliance message, too. Even the best technology requires proper SecOps Teams buy security tools without understanding threats and vulnerabilities Don’t implement people & processes. Enjoy false sense of protection Insecure providers don’t focus on security operations in customer environments FireHost uses the right technology, people and processes to build a wall of protection around the cloud.  
  6. Security Operations Center (SOC) Front-line of security support for our customers. The initial “Response” arm of the organization Security Infrastructure (Devices) Responsible for maintaining and tuning FireHost security infrastructure. Escalation point for SOC. Vulnerability Threat Management (VTM) Working in concert with Intel and FNF, manage vulnerabilities to corrective action. “Sledgehammer” approach to vulnerability scanning. (wide reaching scans) Forensics (FOR) Collect and analyze host-based and network-based forensic artifacts gathered as part of an incident in order to develop better protection, detection, or response mechanisms
  7. Reconnaissance Open source research Social network research Port scan, IP sweep Google research ___________________ Vulnerability Weaponization Combine the exploit tool with the method i.e. Combine a zero day exploit with a PDF or Word Doc or add exploit to a vulnerable website ___________________ Distribution and Strategy Phishing email Website drive by SQL inject script ___________________ Exploitation Infected Word Doc or PDF is opened Java script exploited in browser Command line SQL inject ___________________ Persistence / Lateral Movement Registry Key changed Privilege Escalation Look for open connections Cover tracks ___________________ Command and Control Malware or compromised system reaches out for instructions (automated or human controlled) ___________________ Action on Target Search the target network for desired data Destroy or disrupt service (i.e. Cryptolocker) Package and prepare for and exfil data
  8. RECONNAISSANCE IPRM WAF vGW NIDS __________________________ WEAPONIZATION Threat research (happens outside of our network boundaries) __________________________ DISTRIBUTION & STRATEGY WAF IPRM Malware Detection NIDS VTM __________________________ EXPLOITATION WAF Malware Detection VTM __________________________ PERSIST/LATERAL MOVEMENT Malware protection VTM vGW __________________________ COMMAND & CONTROL NIDS IPRM vGW WAF __________________________ ACTION ON TARGET NIDS IPRM vGW WAF
  9.   Neil: That really tees us up for a discussion about risk reduction and what the cloud provider of tomorrow should look like. Jeff– I know you have some strong opinions on this topic. Can you share your perspective with us?     Jeff:   Well, Neil, they will look very different from the insecure providers of today that we’ve talked about.   One thing you can count on – cybercrime isn’t going away. It’s going to get more sophisticated and more relentless. That means the commodity, performance-driven cloud provider will become a relic of the past – these generalist providers who can only focus on cost and performance simply won’t survive. Any provider who wants to thrive in tomorrow’s landscape will make security the top priority AND deliver performance at the same time.   Now I want to be clear about this - FireHost is delivering this level of advanced security, compliance, performance and service right now. From our orchestration and increasing automation capabilities to our higher standard on service-level agreements, we know how to build the safest and highest-performing cloud around. We’re protecting our clients right now and we’re ready for the future too.  The provider of the future won’t resemble today’s provider The commodity, performance-driven cloud provider is a relic of the past Security threats and hackers will continue to become more sophisticated Tomorrow’s provider will make security the top priority while delivering performance