Protecting Your IT Environment: Insights From Real-World Security Incidents
-
Upload
alert-logic -
Category
Technology
-
view
374 -
download
0
Transcript of Protecting Your IT Environment: Insights From Real-World Security Incidents
![Page 1: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/1.jpg)
Protecting Your IT Environments: Insights from Real-World Security Incidents.
![Page 2: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/2.jpg)
Welcome
Sheri SullivanSenior Partner Marketing Manager
Amazon Web Services
![Page 3: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/3.jpg)
Webinar Overview
Today’s webcast is being recorded. Submit Your Questions using the Q&A tool.
A copy of today’s presentation will be made available on:
AWS SlideShare Channel@ http://www.slideshare.net/AmazonWebServices/
AWS YouTube Channel@ http://www.youtube.com/user/AmazonWebServices
![Page 4: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/4.jpg)
Amazon Web Services overview and security requirements
Alert Logic cloud security insights and research findings
Alert Logic security solutions on AWS
Q&A
What We’ll Cover
![Page 5: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/5.jpg)
Miles WardSenior Solutions Architect
Amazon Web Services
Stephen CotyDirector of Research
AlertLogic
Introducing
![Page 6: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/6.jpg)
What is AWS?
AWS Global Infrastructure
Application Services
Networking
Deployment & Administration
DatabaseStorageCompute
AWS Security and Compliance Framework
![Page 7: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/7.jpg)
No Up-Front Capital Expense
Pay Only for What You Use
Self-Service Infrastructure
Easily Scale Up and Down
Improve Agility & Time-to-Market
Low Cost
Cloud Computing Benefits
Deploy
![Page 8: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/8.jpg)
• $5.2B retail business
• 7,800 employees
• A whole lot of servers
Every day, AWS adds enough
server capacity to power that
whole $5B enterprise
![Page 9: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/9.jpg)
Solving Problems for Organizations Around the World
![Page 10: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/10.jpg)
Gartner “Magic Quadrant for Cloud Infrastructure a Service,” Lydia Leong, Douglas Toombs, Bob Gill, Gregor Petri, Tiny Hayn, October 18, 2012. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report.. The Gartner report is available upon request from Steven Armstrong ([email protected]). Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Magic Quadrant for Cloud Infrastructure as a Service
![Page 11: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/11.jpg)
Why Amazon Web Services?
The Cloud API
Standard
Global Footprint
and Expansion
Operational Excellence
Rate of Innovation
Security and Compliance
Deploy
Clear Market Leadership
![Page 12: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/12.jpg)
Why Amazon Web Services?
The Cloud API
Standard
Global Footprint
and Expansion
Operational Excellence
Rate of Innovation
Security and Compliance
Deploy
Clear Market Leadership
![Page 13: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/13.jpg)
Architected for Enterprise Security Requirements
And now.. FedRAMP!
“The Amazon Virtual Private Cloud
[Amazon VPC] was a unique option that
offered an additional level of security and
an ability to integrate with other aspects
of our infrastructure.”Dr. Michael Miller,
Head of HPC for R&D
“You basically turn yourself into a
polymorphic surface to which the attack guy
has a much tougher time getting at. That,
ultimately, is the real key advantage to drive
security and make things much better for us
across the board.”Gus Hunt, CTO
Central Intelligence Agency
![Page 14: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/14.jpg)
SSAE16/32 AuditISO 27001/2 CertificationPCI DSS 2.0 Level 1-5HIPAA/SOX ComplianceFISMA ModerateFEDRamp / GSA ATO
Enforce IAM policiesUse MFA, VPC, Leverage S3 bucket policies,
EC2 Security groups, SSL, EFS in EC2 Etc..
Encrypt data in transitEncrypt data at rest
Protect your AWS CredentialsRotate your keys
Secure your OS and applications
In the Cloud, Security is a Shared Responsibility
Application Security
Services Security
Infrastructure Security
How we secure our infrastructure
What security options and features are available to you?
How can you secure your application and what is your
responsibility?
![Page 15: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/15.jpg)
> www.alertlogic.com
Insights from Real-World Security Incidents
Stephen Coty, Director of Research
Protecting Your IT Environments
![Page 16: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/16.jpg)
> www.alertlogic.com 16
Lack of data on real risks drives this uncertainty
There’s a perception of cloud insecurity…
![Page 17: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/17.jpg)
> www.alertlogic.com
Alert Logic looks at security data every day
17
1 billion > 45,000
Our State of Cloud Security Report analyzes real customer cloud
security data.
![Page 18: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/18.jpg)
> www.alertlogic.com
Spring 2013 Report
18
• 1,800+ customers• 45,000+ incidents• Report series cover 2+ years
of data
April – Sept 2012 Data
• Financial Services• Healthcare• Software-as-a-Service
Vertical Focus
![Page 19: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/19.jpg)
> www.alertlogic.com
Spring 2013 Report
19
• 1,800+ Customers Environments• 2 Years of Threat Data Published• 150k+ Security Incidents Analyzed
Key Findings
• Cloud environments are not more attack prone than enterprise data centers
• Web application attacks are a significant threat vector for all environments
• Threats levels are consistent across industries and verticals
Full Report Available at alrt.co/Spring2013CSR
![Page 20: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/20.jpg)
> www.alertlogic.com
Anatomy of an Incident
Page 20
Hacker Timeline
Corporate Timeline
![Page 21: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/21.jpg)
> www.alertlogic.com
Percentage of customer impacted by…
21
App Attack
Malware/Botnet
Recon
Vulnerability Scan
Bruteforce
Web App Attack
0% 10% 20% 30% 40% 50% 60%
15%
49%
23%
28%
49%
39%
3%
5%
9%
27%
30%
52%
Cloud Hosting Providers Enterprise Data Center
![Page 22: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/22.jpg)
> www.alertlogic.com
Solutions to address these incidents
App Attack
Malware/Botnet
Recon
Vulnerability Scan
Bruteforce
Web App Attack
0% 10% 20% 30% 40% 50% 60%
15%
49%
23%
28%
49%
39%
3%
5%
9%
27%
30%
52%
Cloud Hosting Providers Enterprise Data Center
Source: Alert Logic State of Cloud Security, Spring 2013
Malware protection critical for on-premises infrastructure
Review log data to detect brute force
attempts
Use IDS to detect
suspicious recon
Active web application defense blocks attacks
22
![Page 23: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/23.jpg)
> www.alertlogic.com
23
AWS GlobalInfrastructure
FoundationServices
Multiple Availability
Zones
Globally Distributed
Regions
Compute Storage DB Network
VPC Networks
Hosts
• VPC provides Logically isolated environments• Security groups filter inbound/outbound • External DDoS, spoofing and scanning
prevented
• Hardened hypervisor• Promiscuous mode prevented• Deny-all default in security group• Root access provided to customer
• Access management• Patch management• Configuration hardening• Security monitoring• Log analysis
Apps
• Network threat detection
• Security monitoring
• Secure coding and best practices• Software and virtual patching• Configuration management
• Access management• Application level attack monitoring
The Enterprise Security Model
SQLiX-site scripting
Data exfiltration
Privilege escalationTrojan
Brute force attacks
Botnet compromiseC&C traffic
Buffer overflow
23
![Page 24: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/24.jpg)
> www.alertlogic.com
Alert Logic Solutions
24
COMPLY MONITOR PROTECT
Network
Host
App
Web Security Manager + ActiveWatch
Product Technologies• Web Application Firewall
• Positive & negative security models• Adaptive learning engine• Broad compliance coverage (PCI 6.6, OWASP Top 10)
Log Manager + LogReview
Product Technologies• Log archival• SIEM
• Automated analysis of security logs• Simple, intuitive search interface• All your data accessible online, all the time
Threat Manager + ActiveWatch
Product Technologies• IDS with blocking• Vulnerability Assessment
• Context aware threat identification• Integrated VA for minimal false positives• PCI Approved Scanning Vendor certified
Implement Operate Content Monitor Alert Respond
Clou
d En
able
d IT
Infr
astr
uctu
re
Security & Compliance Outcomes
Security-as-a-Service Delivery
SQLiX-site scripting
Data exfiltration
Privilege escalationTrojan
Brute force attacks
Botnet compromiseC&C traffic
Buffer overflow
![Page 25: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/25.jpg)
> www.alertlogic.com 25
Engineered for AWS Environments
Engineered for AWS
Supports auto-scaling & role aware Automatable with APIs and scripts Available across multiple regions Manageable at scale IP address & topology independant Usage based utility pricing Marketplace transactable
AMI and agent deployment options Network and system visibility Proven reference architectures
Runs on AWS
![Page 26: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/26.jpg)
> www.alertlogic.com
Case Study: Element Solutions
26
PROFILE• Subscription-based content management solutions
INFRASTRUCTURE• Deployments in three Amazon cloud regions
CHALLENGE• Meet client compliance requirements with security as
secure as on-premises data centers
SOLUTION • Alert Logic Threat Manager
HIGHLIGHTS• No physical appliances and no dedicated infrastructure
to manage• Rapid provisioning into Amazon cloud infrastructure
"I was very pleased with Alert Logic's responsive-ness… Due to their feedback we were able to effectively eliminate possible causes and find the real cause of the problem…. Threat Manager fits well with our hosted offerings.”
Len Buzyna, CTO
![Page 27: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/27.jpg)
> www.alertlogic.com
Case Study: Spindle, Inc.
27
PROFILE• Payment service processor with card swipe solution for
mobile and ecommerce environments
INFRASTRUCTURE• Two cloud production environments
CHALLENGE• PCI Level One certification on Amazon Web Services
SOLUTION • Alert Logic Threat Manager
HIGHLIGHTS• Managed solution that doesn't require additional staff• Fluid interaction with other AWS tools
"The fact that Alert Logic monitors all traffic, and alerts us when there is an issue, is of great value to us. Threat Manager with ActiveWatch for AWS encompasses everything we need to protect our infrastructure on the Amazon cloud.”
Justin Clark, Head of Operations
![Page 28: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/28.jpg)
> www.alertlogic.com 28
Download: www.alertlogic.com/csr
Twitter: @alertlogic #csr
Get the Report
![Page 29: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/29.jpg)
> www.alertlogic.com
Solutions available in the AWS Marketplace
aws.amazon.com/marketplace/
![Page 30: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/30.jpg)
> www.alertlogic.com
Thank you!
![Page 31: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/31.jpg)
Questions
Contacts:Alert Logic Info:www.alertlogic.com/csr
AWS Contact: aws.amazon.com/contact-us
![Page 32: Protecting Your IT Environment: Insights From Real-World Security Incidents](https://reader035.fdocuments.us/reader035/viewer/2022070320/558591b0d8b42abc7b8b47f3/html5/thumbnails/32.jpg)
We appreciate your feedback on this presentation.
Please take a moment for a quick survey.