Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Similar documents
CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance

The Next Generation of Cloud Security. Joe Chan Vice Chairman Programs & Research Cloud Security Alliance Hong Kong & Macau Chapter

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

The Business of Security in the Cloud

Security as a Service (Implementation Guides) Research Sponsorship

State of Office 365 Adoption & Risk A Dive into the Data. Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks

IBM Future of Work Forum

CCSK Research Sponsorship

IoT & SCADA Cyber Security Services

AKAMAI CLOUD SECURITY SOLUTIONS

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Security Models for Cloud

THALES DATA THREAT REPORT

How to ensure control and security when moving to SaaS/cloud applications

THALES DATA THREAT REPORT

Introduction to Device Trust Architecture

Best Practices in Securing a Multicloud World

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Cloud Customer Architecture for Securing Workloads on Cloud Services

Spotlight Report. Information Security. Presented by. Group Partner

Building a Resilient Security Posture for Effective Breach Prevention

Corporate Membership

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Building a More Secure Cloud Architecture

Danish Cloud Maturity Survey 2018

Enterprise & Cloud Security

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Trust < Cloud < Trust

The Oracle Trust Fabric Securing the Cloud Journey

Strong Security Elements for IoT Manufacturing

Cloud Security Alliance Quantum-safe Security Working Group

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Cyber Threat Landscape April 2013

Securing Cloud Computing

Into the Cloud & Other Horror Stories. Michael F. Angelo - CISSP, CRISC

The Challenge of Cloud Security

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Twilio cloud communications SECURITY

CLOUD SECURITY SPECIALIST Certification. Cloud Security Specialist

Internet of Things Security standards

IT Consulting and Implementation Services

ALIENVAULT USM FOR AWS SOLUTION GUIDE

THE POWER OF TECH-SAVVY BOARDS:

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Who s Protecting Your Keys? August 2018

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

How SD-WAN will Transform the Network. And lead to innovative, profitable business outcomes

Securing Data in the Cloud: Point of View

How to Establish Security & Privacy Due Diligence in the Cloud

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Compliance Audit Readiness. Bob Kral Tenable Network Security

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Security Readiness Assessment

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Data Management and Security in the GDPR Era

Expand Your Cyber Expertise. Secure Your Future.

Defensible and Beyond

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information

AGILE AND CONTINUOUS THREAT MODELS

How Secure is Blockchain? June 6 th, 2017

Professional Services Overview

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Ian Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

INTELLIGENCE DRIVEN GRC FOR SECURITY

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

CLOUD GOVERNANCE SPECIALIST Certification

What It Takes to be a CISO in 2017

the SWIFT Customer Security

Automating the Top 20 CIS Critical Security Controls

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems

State of Enterprise Cloud and Container Adoption and Security. Companies are Quick to Embrace the Cloud, Slow to Secure It

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

NISTCSF Enterprise Training Solutions. By David Nichols & Rick Lemieux December 2018

Designing and Building a Cybersecurity Program

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Cloud Essentials for Architects using OpenStack

The Etihad Journey to a Secure Cloud

Jeff Wilbur VP Marketing Iconix

Securing Digital Transformation

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Fabrizio Patriarca. Come creare valore dalla GDPR

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

[NEC Group Internal Use Only] IoT Security. - Challenges & Standardization status. Sivabalan Arumugam.

Netwrix Virtual. Customer Summit 2016

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

The Center for Internet Security

Healthcare and the Cloud:

THE IDENTITY DEFINED SECURITY ALLIANCE

Transcription:

CLOUD THREAT HUNTING Jim Reavis CEO and Founder Cloud Security Alliance December 2017

A B O U T T H E BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT C L O U D S E C U R I T Y A L L I A N C E GLOBAL, NOT-FOR-PROFIT ORGANIZATION RESEARCH AND EDUCATIONAL PROGRAMS CLOUD PROVIDER CERTIFICATION CSA STAR To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. USER CERTIFICATION CCSK THE GLOBALLY AUTHORITATIVE SOURCE FOR TRUST IN THE CLOUD

8 8, 0 0 0 + I N D I V I D U A L M E M B E R S 80+ C H A P T E R S 2009 C S A F O U N D E D OUR COMMUNITY 4 00+ C O R P O R A T E M E M B E R S 35+ A C T I V E W O R K I N G G R O U P S S E A T T L E / B E L L I N G H A M, W A / / U S H E A D Q U A R T E R S E D I N B U R G H / / E M E A H E A D Q U A R T E R S Strategic partnerships with governments, research institutions, professional associations and industry CSA research is FREE! S I N G A P O R E / / A S I A P A C I F I C H E A D Q U A R T E R S

Cloud Definitions NIST CSA Cloud Reference Model

Cloud Security Focus D E V E L O P E R T O O L S S O F T W A R E A S A S E R V I C E This is where the security action is P L A T F O R M A S A S E R V I C E M A N A G I N G H A R D W A R E / O S I N F R A S T R U C T U R E A S A S E R V I C E CSA Cloud Reference Model

Stakes are high for Data Protection General Data Protection Requirements (GDPR) 4% of annual global turnover or 20 Million (whichever is greater) I will spare you a logo wall of shame listing of breached companies, fired CEOs, etc https://gdpr.cloudsecurityalliance.org/

CSA Top Threats Report 1. Data Breaches 2. Compromised Credentials and IAM 3. Insecure APIs 4. System and App Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. APTs 8. Data Loss 9. Insufficient Due Diligence 10. Nefarious Use and Abuse 11. Denial of Service 12. Shared Technology Vulnerabilities Only threat IaaS-specific https://cloudsecurityalliance.org/group/top-threats/

Threat 1: Data Breach Ranking based upon impact rather than prevalence Compromised credentials, sloppy admin & poor programming practices loom large Incidents primarily have a root cause in cloud user mistakes, e.g., AWS bucket slosh (S3) Shared Responsibility

Threat 2: Insufficient Identity, Credential and Access Management Compromised credentials a path of least resistance Multi-factor authentication recommended mandatory for privileged accounts Identity federation to prevent credential sprawl See also Threat 5: Account Hijacking

Threat 3: Insecure APIs and Interfaces Agility, on demand, continuous deployment creates pressure to develop too quickly Vetting of all 3 rd party API services and the cloud layers lacking Secure development lifecycle practices as critical as ever

Threat 12: Shared Technology Vulnerabilities VM Side channel attacks VENOM vulnerability Hypervisor?? Hardware bugs, supply chain

About Security Guidance V4 Fundamental cloud security research that started CSA 4 th version, released July 2017 Architecture Governing in the Cloud Governance and Enterprise Risk Management Legal Compliance & Audit Management Information Governance Operating in the Cloud Management Plane & Business Continuity Infrastructure Security Virtualization & Containers Incident Response Application Security Data Security & Encryption Identity Management Security as a Service Related Technologies

Related advice from CSA Guidance V4 SLAs and setting expectations between provider and customer responsibilities Cloud customers must understand the content and format of data that the cloud provider will supply for analysis purposes and evaluate whether the available forensics data satisfies legal chain of custody requirements. Cloud customers should also embrace continuous and serverless monitoring of cloud-based resources to detect potential issues earlier than in traditional data centers.

Related advice from CSA Guidance V4 Data sources should be stored or copied into locations that maintain availability during incidents. Cloud-based applications should leverage automation and orchestration to streamline and accelerate the response, including containment and recovery. For each cloud service provider used, the approach to detecting and handling incident involving the resources hosted at that provider must be planned and described in the enterprise incident response plan.

Related advice from CSA Guidance V4 The SLA with each cloud service provider must guarantee support for the incident handling required for the effective execution of the enterprise incident response plan. This must cover each stage of the incident handling process: detection, analysis, containment, eradication, and recovery. Testing will be conducted at least annually or whenever there are significant changes to the application architecture. Customers should seek to integrate their testing procedures with that of their provider (and other partners) to the greatest extent possible.

Inherit Security Why IaaS not the primary focus? Well funded, mature security teams State of the art technology Collaboration with competitors could be better, but they do communicate We need IaaS cloud providers to enable their customers for threat intelligence sharing & secure-by-default usage of platforms (among many other things) Need to solve the provider within a provider problem it s the ecosystem stupid!

The cloud ecosystem threat problem Attacks may take on very different meaning in the context of an ecosystem Galactic Bank s cloud presence IaaS Provider 1 IaaS Provider 2 IaaS Provider 3

Cloud Security Industry Summit Started by Intel Participation from major cloud providers and major tech companies Cloud Security Alliance participates Strength is a focus on firmware/bios issues Recent firmware integrity whitepaper

CSA Cloud CISC CSA Cloud Cyber Incident Sharing Center Our effort to drive standards in incident response and threat intelligence sharing in the cloud Features an operation threat intelligence exchange Initial data indicates a lot of common actors hitting cloud customers separately Addressing issues such as anonymization, attribution and legal/slas related to the cloud reference model

Looking to the future: Dynamic Digital Enterprise Massive increase in compute Cloud Computing is the back end Internet of Things is the endpoint Compute is Everywhere But, you won t know where Anything is Devices, software, network routes continuously modified The corporation is a virtual, software-defined construct the Dynamic Digital Enterprise The corporation will have many more software partners than today but some will exist for only seconds at a time Existing security will not scale

Automation for securing the Dynamic Digital Enterprise Artificial Intelligence is the brain managing the digital enterprise Blockchain provides the trusted language & rules Software Defined Networking dynamically organizes computers DevOps automates the Cloud Autonomics automates the IoT We call this Self-Driving Information Security

To sum it up Familiar threats exist in cloud, but can take on new dimensions and consequences More cloud-specific threats exist as well Tier 1 cloud providers have excellent security programs, but the ecosystem does not necessarily benefit as they might Enabling the SaaS layer (commercial or end user) essential for threat hunting Tricky legal & SLA issues are as big of an impediment as the PR & competitive issues Look to the future and understand the scale needed. Automation needed, cannot rely on the historical backchannels CSA has a lot of free research and a community to assist

THANK YOU! Contact CSA Email: info@cloudsecurityalliance.org Twitter: @Cloudsa Site: www.cloudsecurityalliance.org Learn: www.cloudsecurityalliance.org/research/cloudbytes Download: www.cloudsecurityalliance.org/download H T T P S : / / C L O U D S E C U R I T Y A L L I A N C E. O R G / 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback