Anúncio
Check these out next
Security Implications of the Cloud - CSS Dallas Azure
7 de Nov de 2017•0 gostou•468 visualizações
1 gostaram
Seja o primeiro a gostar disto
mostrar mais
visualizações
Vistos totais
0
No Slideshare
0
De incorporações
0
Número de incorporações
0
Baixar para ler offline
Denunciar
Tecnologia
Security Implications of the Cloud - CSS Dallas Azure
Alert Logic Seguir
Anúncio
Anúncio
Anúncio
Recomendados
Realities of Security in the CloudAlert Logic
Security Implications of the CloudAlert Logic
Realities of Security in the CloudAlert Logic
Stories from the Security Operations CenterAlert Logic
Security Implications of the Cloud - CSS ATX 2017Alert Logic
Protecting Against Web AttacksAlert Logic
Security Implications of the Cloud - CSS Dallas Azure
- Thank you.
- SECURITY IMPLICATIONS OF THE CLOUD. Sean Rohde Director of Sales, Alert Logic
- AGENDA
- 5 47 74 89 184 289 277 222 207 571 Denial of Service Crimeware Physical Theft / Loss Payment Card Skimmers Everything Else Cyber-espionage Privilege Misuse Miscellaneous Errors POS Intrusions Web App Attacks Security risk is shifting to unprotected web applications Web app attacks are now the #1 source of data breaches But less than 5% of data center security budgets are spent on app security Source: Verizon DBIR 2017 n= 1,935 UP 300% SINCE 2014 $23 to $1 Percentage of Breaches 10% 20% 30% Source: Gartner Web App Attacks
- Vulnerabilities + Change + Shortage Complexity of defending web applications and workloads Risks are moving up the stack 1. Wide range of attacks at every layer of the stack 2. Rapidly changing codebase can introduces unknown vulnerabilities 3. Long tail of exposures inherited from 3rd party development tools 4. Extreme shortage of cloud and application security expertise Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Perimeter & end-point security tools fail to protect cloud attack surface Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
- Tame the Beast Industry Challenge: The Good, the Bad and the Ugly Known Good Known Bad Suspicious Allow Identify | Tune | Permit Block Drop | Reconfigure Application Stack Web Apps Server-side Apps App Frameworks Dev Platforms Databases Server OS Hypervisor Hardware Classification Action HUMAN EXPERT REQUIRED
- CASE ILLUSTRATION
- Customer X – Data Exfiltration Company Profile Retail – Ecommerce $250M Annual Revenue 1500+ Employees 4 Primary Offices (NA) 200 Retail Locations IT Dedicated Headcount – 14 Security Dedicated Headcount – 2 Hybrid Data Center (AWS & CoLo)
- Customer X – Data Exfiltration Attack Progression Stalked company on LinkedIn and Google Gained entry through PHP (KNOWN) flaws Replaced PHP login to capture credentials Leveraged credentials to access critical system Stole Financial, Design data & Roadmap Undetected for 4 months – FBI Notification Cost of Breech - $1.8M Company Profile Retail – Ecommerce $250M Annual Revenue 1500+ Employees 4 Primary Offices (NA) 200 Retail Locations IT Dedicated Headcount – 14 Security Dedicated Headcount – 2 Hybrid Data Center (AWS & CoLo)
- AGENDA
- Thank you. #CSS2017
- Thank You.
Anúncio