Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

Transcription

1 Make Cloud the Most Secure Environment for Business Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

2 Enterprise cloud apps Consumer cloud apps The average organization now uses 1,935 cloud apps an increase of 15% over last year Source: McAfee Cloud Adoption Report, Nov

3 The average Financial Services organization uses 1,545 cloud apps Source: Work Finance 2018, Okta 3

4 Most Cloud Apps are not Enterprise-ready Source: McAfee Cloud Adoption Report, Nov

5 Office365, Workday, AWS, Azure?

6 Most Organizations: 38 days to patch a vulnerability regardless of security level 34 days to patch most critical CVEs Source: Tcell Report on Security Patching

7 Mature Cloud Providers: Weekly planned patching model Critical vulnerabilities patched in 24 hours Source: Tcell Report on Security Patching

8 Source: Gartner Through 2020, public cloud infrastructureas-a-service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centers

9 Source: Microsoft Microsoft s annual security budget: $1bn

10 Source: Gartner Through 2022, at least 95% of cloud security failures will be the customer s fault

11 Cloud security is a shared responsibility

12 Shared Responsibility Model for Cloud IaaS PaaS SaaS Data Classification & Accountability Shared Responsibility Client & End-Point Protection Identity & Access Management Application Level Controls Network Control Customer Responsibility Service Provider Responsibility Host Infrastructure Physical Security 12

13 Shared Responsibility Model for SaaS Data Classification & Accountability Client & End-Point Protection Identity & Access Management 13

14 Shared Responsibility Model for SaaS Rogue Employee Unmanaged devices Compromised Accounts Collaboration Malware 14

15 87% companies permit employees to use unmanaged devices to access business apps Source: McAfee Cloud Adoption Report, Nov 2018

16 Source: McAfee Cloud Adoption Report, Nov % of cloud data is sensitive

17 83% of organizations worldwide admit that they store sensitive data in the cloud Source: McAfee Cloud Adoption Report, Nov 2018

18 48.3% of files in the cloud are shared

19 12% of shared files are accessible to anyone with a link 14% of files shared with a personal address Source: McAfee Cloud Adoption Report, Nov

20 Cloud is the new favorite target of threat actors Source: McAfee Cloud Adoption Report, Nov

21 81% of all hacking-related breaches leveraged either stolen and/or weak passwords Source: Verizon Data Breach Investigation Report 2018

22 Of All Organizations, Every Month 94%: at least 1 insider threat 80%: at least 1 compromised account threat 92%: stolen cloud credentials on dark web Source: Verizon Data Breach Investigation Report 2018

23 Persistent Login Attack Brute Force Logins Distant Cousin Attack MO Enumerate usernames (using first, middle and last names) 5-60 different username combinations attempted per User Number of attempts vary proportionally, to the value of the User Attempt logins for each of the usernames Multiple IPs used, one attempt by one IP using one password Threat Objectives Assess the organization s O365 authentication framework (username validation, SSO, MFA etc) Identify valid usernames, system accounts etc; and if they federate to an SSO/MFA Compromise O365 accounts 23

24 KnockKnock Attack Attack MO Target system accounts, that do not have MFA or federate to an SSO Target admins & accounts that have higher privileged access (non-federated auth accounts like *.onmicrosoft.com for O365) Threat Objectives Compromise high privilege system accounts Widen a breach using malware or phishing leading to deep-set infiltration Rogue Machines Originating Geos & Networks Large Enterprises Service Accounts 24

25 Identifying cloud threats is like finding a needle in the CloudStack 100M:1 events:threats Source: McAfee Cloud Adoption Report, Nov

26 High-Risk Shadow Med/Low-Risk Shadow Salesforce Custom Apps 5% 5% 16% Office 365 contains the most sensitive data, at 31% AWS 13% 11% 31% Slack 2% Google Docs 2% 7% 8% Office 365 Box ServiceNow Source: McAfee Cloud Adoption Report, Nov

27 Threats in Office365 have grown 63% in past two years

28 Shared Responsibility Model for IaaS/PaaS Data Classification & Accountability Client & End-Point Protection Identity & Access Management Application Level Controls Network Control Host Infrastructure Physical Security 28

29 Shared Responsibility Model for IaaS/PaaS Rogue Use Provisioning Sprawl Compromised Accounts Containers and Workloads Misconfiguration Workload to Workload Communication Malware 29

30 AWS dominates in terms of user access count Source: McAfee Cloud Adoption Report, Nov

31 Most organizations have a multi-cloud strategy Source: McAfee Cloud Adoption Report, Nov

32 Average organization has 14 misconfigured IaaS services running at a given time Source: McAfee Cloud Adoption Report, Nov 2018

33 Top 10 most commonly misconfigured AWS services 1. EBS Data encryption is not turned on 2. There s unrestricted outbound access 3. Access to resources is not provisioned using IAM roles 4. EC2 security group port misconfigured 5. EC2 security group inbound access misconfigured 6. Unencrypted AMI 7. Unused security groups 8. VPC Flow logs disabled 9. Multi-factor authentication not enabled for IAM users 10.S3 bucket encryption not turned on Source: McAfee Cloud Adoption Report, Nov

34 Source: McAfee Cloud Adoption Report, Nov

35 GhostWriter Threat Attack MO Identify publicly readable, writeable or AWS user readable, writeable buckets Identify publicly modifiable or AWS user modifiable ACLs Plant malware in the publicly accessible AWS buckets Threat Objectives Leak hundreds of thousands of records from misconfigured S3 buckets Distribute malware using trusted-iaas instances 35

36 Average organization experiences 1,527 DLP incidents in IaaS/PaaS per month Source: McAfee Cloud Adoption Report, Nov 2018

37 Source: Gartner In 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience 33% fewer security failures

38 Source: Gartner Security of the past is inadequate

39 Security of the Past was Network-centric Enterprise Data and Applications were Secured by Locking Everything Down Network Devices Enterprise Data center 39

40 Security of the Cloud has to be Cloud-native SaaS IaaS/PaaS Enterprise Data Creation and Access in the Cloud Bypasses Existing Network Security Infrastructure 40

41 Security of the Cloud has to be Cloud-native SaaS IaaS/PaaS and has to be convenient enough! 41

42 Cloud-native Security Regaining Visibility w/o Friction SaaS Devices Cloud-native Security Platform IaaS/PaaS Connect and Regain Visibility 42

43 Cloud-native Security Enforcing Control w/o Friction SaaS Devices Cloud-native Security Platform IaaS/PaaS Connect and Regain Visibility Enforce Threat and Data Protection Policies 43

44 Cloud-native Security Platform SaaS Managed and Unmanaged Devices IaaS/PaaS Visibility Control Gain complete visibility into data, workloads, containers and user behavior in the cloud Apply persistent protection to sensitive data and take real-time action to correct policy violations 44

45 Making Cloud the Most Secure Environment for Business Cloud increasingly is home to sensitive enterprise data Data sharing in the cloud is increasing Data loss and threat vectors span SaaS and IaaS/PaaS Cloud security is a shared responsibility Deploy cloud-native security platform 45

46 Thank you!