CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS

Richard Cassidy: Security Evangelist & Global Technical Product Marketing

Standardizing cloud security

Housing Metaphor

Cloud Application

Element

House Neighborhood City

Virtual Server or Virtual Machine, (i.e. Instance in AWS)

A collection of Virtual Servers or Instances that are used for a specific purpose such as running an application

A dynamic, robust and secure cloud platform from Amazon Web Services

The number of

neighborhoods

in each city and

the number of

houses in each

neighborhood is

continuously

changing

The New Reality

• As applications are migrated to the Cloud, they are migrating to Cloud native architectures.

• Even traditional application architectures generate continuous change when put into continuous deployment pipeline.

The Critical Impact

• Traditional methods of discovery no longer adequate.

• Streams not snapshots!

• Addresses no longer adequate identity.

Cloud Architecture – Adopting Security Change

INDUSTRY NEWS & STATISTICS

Latest “News”

The Impact of a Breach is Far Reaching and Long Lived

The Impact of a Breach is Far Reaching and Long Lived

Initial

Attack

Identify &

Recon

Command

& Control

Discover &

Spread

Extract &

Exfiltrate

Latest Industry “News”

Attacks Happen at Multiple Layers of the Application Stack

SQL Injection

Identify &

Recon

Command &

Control

Worm

Outbreak

Extract &

Exfiltrate

Malware

Brute Force

Identify &

Recon

THE IMPACT

• Every layer of the application

stack is under attack

• Attacks are multi-stage using

multiple threat vectors

• Web applications are #1

vector in the cloud

• Security must be cloud-

native, cover every layer of

application stack, and

identify attacks at every

stage.

CLOUD VERSUS ON-PREM –THE TRENDS

Threats by Customer Environment

Source: Alert Logic CSR

Top Ten Industry Attack Trends

CYBER CRIME LANDSCAPE

Threat Actors

Advanced Persistent

Threat (APT)

Hacktivist Cyber Criminals

Threat Actors – Top 10 View

September 2016 - Top 10 Threat Actors

Recent Trends in Cyber Security

TOP ATTACK TRENDS –FINANCE & BANKING

Industry Attack Trends – Attack Classes

Application Attack: An attack that

targets a specific application weakness

or vulnerability to gain access to the

target server

Brute Force: An attack that targets

hosts, servers or devices to gain admin

access through password combination

authentication attempts

DoS Attack: An attack that targets

multiple hosts to saturate resources

and bandwidth availability, normally

from a single source

DDoS Attack: An attack that targets

multiple hosts to saturate resources

and bandwidth availability from multiple

sources at higher attack rates

Infrastructure Profiling: A targeted

attempt to enumerate network

information on hosts, servers and

edge, distribution or core devices

Malware Attack: A malicious payload

or link, leading to installation or

download of infected files to gain

access to a target host or network.v

Successful Brute Force: A successful

unauthorized authentication to a host,

server or network device for nefarious

purposes.

Successful Malware Attack: Data

leakage or host infiltration as a result of

an unpatched vulnerability or infected

payload being executed against the

target host, server or network device.

SQLi Attack: An attack against an web

application or DB, to gain access to

customer or company data.

Finance – Q2FY2016In

dustr

y R

ank (

0-2

2)

Attack Class

1

22

APR

MAY

JUN

10

Attacks types and Industry Ranking out of 22 Industry groups, based on AL’s 2016 Incident data for: Finance

Finance – Industry Attack Trends

Finance – Q2FY20161

APR

MAY

JUN

DDoS Attack

Successful Brute

Force

Brute Force

DoS Attack

22

10

SQLi Attack

Attacks types and Industry Ranking out of 22 Industry groups, based on AL’s 2016 Incident data for: Finance

FURTHER RESOURCES

Neighborhoods

and house

exteriors are

standardizing

The New Reality

• The APIs of cloud platforms represent a radical simplification and standardization of controlling and monitoring IT assets.

• AWS has rolled up all new housing activity and neighborhood configuration into an easily consumed stream of data.

The Critical Impact

• Additional context available to better detect and assess threats.

• The standardization across customers enables Security-as-a-Service to better leverage analytics across larger data sets.

AWS Cloud – The Security Enabler

The Impact of a Breach is Far Reaching and Long Lived

COMPANIES OF ALL SIZES ARE IMPACTED

Initial

Attack

Identify &

Recon

Command

& Control

Discover &

Spread

Extract &

Exfiltrate

Initial

Attack

Identify &

Recon

Command

& Control

Discover &

Spread

Extract &

Exfiltrate

THE CYBER KILL CHAIN1

The Cyber Kill Chain - Enhancing Cloud Security

FURTHER RESOURCES

Get Connected

www.alertlogic.com @alertlogic

linkedin.com/company/alert-logic

alertlogic.com/resources/blog/

youtube.com/user/AlertLogicTV

brighttalk.com/channel/11587

Thank you.