NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

Similar documents
Why the cloud matters?

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Securing Your Virtual World Harri Kaikkonen Channel Manager

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Future-ready security for small and mid-size enterprises

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

AKAMAI CLOUD SECURITY SOLUTIONS

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Mitigating Risks with Cloud Computing Dan Reis

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Never Drop a Call With TecInfo SIP Proxy White Paper

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Agile Security Solutions

Intelligent and Secure Network

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Copyright 2011 Trend Micro Inc.

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

Network Virtualization Business Case

Privacy and Security in the Age of Meaningful Use

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Seceon s Open Threat Management software

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Best Practices in Securing a Multicloud World

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Cisco Firepower NGFW. Anticipate, block, and respond to threats

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Palo Alto Networks Stallion Spring Seminar -Tech Track. Peter Gustafsson, June 2010

SYMANTEC DATA CENTER SECURITY

THE ACCENTURE CYBER DEFENSE SOLUTION

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

BUILDING A NEXT-GENERATION FIREWALL

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

TREND MICRO SMART PROTECTION SUITES

Automating the Top 20 CIS Critical Security Controls

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Network+ Guide to Networks 6 th Edition

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Security for the Cloud Era

Security+ SY0-501 Study Guide Table of Contents

Security Considerations for Cloud Readiness

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

CSP 2017 Network Virtualisation and Security Scott McKinnon

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

A Comprehensive CyberSecurity Policy

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

TREND MICRO SMART PROTECTION SUITES

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Solution Overview Gigamon Visibility Platform for AWS

IBM Security Network Protection Solutions

Popular SIEM vs aisiem

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Next-Generation Firewall Overview

IBM Next Generation Intrusion Prevention System

Changing face of endpoint security

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

Total Threat Protection. Whitepaper

Features. HDX WAN optimization. QoS

Deliver Office 365 Without Compromise Ensure successful deployment and ongoing manageability of Office 365 and other SaaS apps

Sichere Applikations- dienste

Stopping Advanced Persistent Threats In Cloud and DataCenters

WHITEPAPER. How to secure your Post-perimeter world

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

We are innovating in security

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

INFINIT Y TOTAL PROTECTION

10 FOCUS AREAS FOR BREACH PREVENTION

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Phishing in the Age of SaaS

The Top 6 WAF Essentials to Achieve Application Security Efficacy

MigrationWiz Security Overview

with Advanced Protection

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

PROTECT WORKLOADS IN THE HYBRID CLOUD

trend micro smart Protection suites

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

Use Cases. E-Commerce. Enterprise

Paloalto Networks PCNSA EXAM

Securing the Modern Data Center with Trend Micro Deep Security

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

Juniper Sky Advanced Threat Prevention

TRAPS ADVANCED ENDPOINT PROTECTION

Transcription:

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING. The old mantra of trust but verify just is not working. Never trust and verify is how we must apply security in this era of sophisticated breaches. (Anthony Burke) César de la Torre, UFA-ESPE Marco de la Torre, Wroclaw University of Technology.

INTRODUCTION In the past, the principal ideas of IT security had focused on perimeter defenses; for example, firewalls, proxies, and content filtering. The idea of cloud computing has dramatically changed from the last mentioned concepts, due to new ideas to implement corporate IT services over the Internet. The process generated by virtualized applications, running in hosted servers and accepting network connections, are denominated cloud services. Clouds are classified in publics and privates, it also exists hybrid clouds as a mixed of the before mentioned. A public cloud sells services to anyone on the Internet and the administration is out of enterprise s control; on the other hand, a private cloud is a proprietary data center or network infrastructure that supplies hosted services to a limited number of users.

DISTRIBUTION OF SOFTWARE AND HARDWARE IN A INFRASTRUCTURE CORPORATE LOCATIONS EXTERNAL ADMINISTRATION User office/desk Remote office Data center Third-party location Desktop Computing Department Servers Consolidated Servers Public Cloud (Private Cloud) Client Agents Local services Virtualized applications Cloud services and services Private or public, the principal goal of cloud computing is to offer an easy and scalable access to the applications in real time, at the lowest possible cost and enforcing the security paradigms. Basically a cloud allows: the dynamic scale-in and scale-out of applications by the provisioning and de-provisioning of resources, e. g. by means of virtualization. the monitoring of resource utilization to support dynamic load-balancing and re-allocations of applications and resources.

CLOUD BUSINESS MODEL The Cloud Business Model Framework analyzed is mainly categorized in three layers: Infrastructure as a Service (IaaS) Platform as a Services (PaaS) Applications commonly known as Software as a Service (SaaS)

CLOUD APIs Cloud APIs are application-programming interfaces (APIs) used to build applications in the cloud computing market. APIs allow software to request data and computations from one or more services through a direct or indirect interface. The principal benefits of using Cloud APIs are the ability to leverage cloud resources into Cloud Providers. Several organizations provide cross-platform based Cloud APIs, the principal goal of these organizations is to bring uniformity and/or standardization to Cloud APIs.

ANGLER EXPLOIT REVENUE The Angler exploit proceeds to exploit security holes, commonly known as vulnerabilities, in order to infect the users with malware. The entire process can occur completely invisibly, requiring no user action.

HOW THE RANSOMWARE ACTS Wordpress site compromised by Criptowall

STATISTICS OF OUR NETWORK Compromised IPs are currently the biggest threat, creating security breaches in the network.

SECURITY AND TRUST Crucial point of cloud technology into a business is the safety of critical data, both in transfer and as in storage. The idea of perimeter-centric network security strategy, in the age of Cloud Computing, is obsolete because every day exists a major number of mobile devices that are connecting to our network resources from places out of the perimeter. The continuous demand of information located in a private or public cloud has changed the vision of perimeter security. ü Cloud Security Architecture is effective only if the correct defensive implementation is divided into smaller, and more protected zones. This process is known as micro segmentation of security.

ZERO TRUST MODEL The theory is that even if one small zone is compromised, the breach will be contained to a smaller fault domain, and finally will compromise critical enterprise data. However, the correct distribution of defensive devices must be correlated with the right recognition of security issues that will arise with security management. The major benefits of segmentation is the viability to apply the Zero Trust Framework into Cloud Computing Technologies that introduce the following characteristics : Zero Trust is applicable across all industries and organizations. Zero Trust is not dependent on a specific technology or vendor. Zero trust is scalable. There is no chance of violating Civil Liberties

REQUIREMENTS FOR A NETWORK FORENSIC SOLUTION Network forensic solutions must provide three essential capabilities: capturing and recording data, discovering and analyzing data; obtaining network analyzes and visibility (Zero Trust NAV). Internet Applica.on control criteria Applica.on Traffic Visibility Control Manage Bandwidth Business Cri.cal Socio business Non Cri.cal Infected Applica.ons Blocked worms Spyware Undesirable Logs & Reports

CRITERIA TO IDENTIFY AN APPLICATION AND ITS IMPACT ON THE NETWORK Category Risk Level Characteristics Technology File Transfer Gaming General Internet Instant Messenger Very Low (1) Low (2) Medium (3) High (4) Excessive Bandwidth Prone to misuse Transfer files Browser Based Client Server Network Protocol Infrastructure Network Services P2P Very High (5) Tunnel other apps Widely used P2P Proxy and Tunnel Loss of Productivity Remote Access Streaming Media Can bypass firewall policy VoIP Mobile Applications Social Networking Web Mail And more

CLOUD SECURITY OPTIMIZATION TECHINIQUES The principal goal of our study is to analyze efficient methods that maximize the network flow; identifying threats in network traffic, increasing average network security and optimizing the throughput assigned to Cloud Services.

METHODOLOGY Design map dependencies among the elements involved in delivering services, which reduces downtime and increase productivity. Better utilization of network resources, supported by adequate measures of traffic with respective reporting and planning Classify traffic along each service delivery path; contributes for a faster characterization, network analysis and visibility; consequently is possible the remediation of security attacks.

CLOUD SERVICE FLOW MAPPING

CLASSIFICATION OF INCIDENTS BY CATEGORY

EVENTS

HYPOTHESIS There exist an algorithm for network segmentation and optimal allocation of k security defense elements, to protect cloud services. It increases network security by reducing the time necessary for threat characterization and at the same time warranty the throughput of links required for cloud services; because a deep packet inspection allows to classify traffic in good, malicious and discardable.

GRAPH REPRESENTATION OF APPLICATION FLOW MAPPING Where: a 1 - represent the users of corporate LAN a 2 - represent the users of corporate WAN a 3 - cloud service a 4 - cloud storage a 5 - DB Tier a 6 - App Tier a 7 - Web Tier a 8 DNS

SIMULATION OF TRANSMISSION COST IN NODES FOR DATA, WITH SECURITY AND REPORT ELEMENTS INSTALLED IN NODES {W 2,W 4 } AND WITHOUT DEFENSES

CONCLUSION Today, Cloud Service Framework model demands network analysis and visibility of all the traffic, in terms of classification of applications, services and users. The respect to user information data, must be seriously warranty in SLA (service legal agreement) because the actual Model of Cloud Computing allows companies to storage information, sensible data and intellectual property in different geographical locations, that may not respect the main Civil Liberties. Nowadays, the cloud service security goes further than the corporate network perimeter, it is necessary to develop a new generation of technologies that allows us to protect the data that flows between users and cloud services throw encrypted media.

KÖSZÖNÖM (THANK YOU)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback