(1) This document discusses maturing an organization's security practices from DevOps to DevSecOps. It outlines a DevSecOps maturity model with three stages: adopt, expand, and scale.
(2) Key learnings from recent cloud security breaches like Equifax and Gemalto are discussed, emphasizing the need for continuous monitoring, prioritizing vulnerable hosts, and securing configurations.
(3) The shared responsibility model is explained, with the organization responsible for security "in" the cloud through practices like monitoring network traffic, hosts, applications, user activities, and resource configurations.
2. RedLock Confidential & Proprietary
About Us
Founded 2015 and
headquartered in
Menlo Park, CA
Backed by
Dell Technologies Capital,
Sierra Ventures,
Storm Ventures,
and other high profile investors
Protecting 5+ million
resources for a number of
high profile customers
Finalist for Most Innovative Startup at
RSA 2017 San Francisco
3. RedLock Confidential & Proprietary
Cloud Security
Learnings from
Recent Breaches:
Equifax
Background:
● Vulnerability in Apache Struts (CVE-2017-5638)
● Apache Struts is used in one of Equifax’s web applications
● Equifax did not upgrade the software in the application
● Hackers scanned the internet for applications running this old software
version, found the Equifax server, and compromised it
Cloud Security Learnings:
● Vulnerability management tools identify unpatched hosts based on IP
addresses
● IP addresses in the cloud are dynamic and constantly changing
● Running periodic scans is ineffective since the IP address of the
unpatched hosts may have changed; continuous scanning is required
● Also, unpatched hosts that are exposed to the internet are more
vulnerable and should be prioritized
* 81% of organizations are
not managing host
vulnerabilities in the cloud
*Cloud Security Trends Report: https://info.redlock.io/cloud-security-trends-oct2017
4. RedLock Confidential & Proprietary
Cloud Security
Learnings from
Recent Breaches:
Gemalto, Aviva &
Others
Background:
● RedLock CSI team discovered hundreds of unpassword protected
Kubernetes administrative consoles
● Hackers executing bitcoin mining commands from some of the
Kubernetes containers (examples: Aviva, Gemalto, and others)
● RedLock CSI team discovered access keys and secret tokens stored in
plaintext in the containers
Cloud Security Learnings:
● Monitor resources to detect misconfigurations and auto-remediate issues
● Monitor inbound and outbound network traffic and correlate with resource
configurations to spot suspicious activity
● Monitor user activity for suspicious behaviour to detect insider threats or
account compromises
*Cloud Security Trends Report: https://info.redlock.io/cloud-security-trends-oct2017
5. RedLock Confidential & Proprietary
Organizations are
Responsible for
Security “in”
the Cloud
The Shared Responsibility Model
Resource Configurations
User Activities
Network Traffic
Hosts
Applications
Responsible
for security “in”
the cloud
Organization
Hubs
Switches
Routers
Hypervisor
Data Center
Responsible
for security “of”
the cloud
Cloud Service Provider
6. RedLock Confidential & Proprietary
The Problems You
Need to Solve
Organization’s Responsibility
Network Traffic
Real-time network visibility
Suspicious traffic detection
Incident investigation
Hosts
Host IDS/IPS
Vulnerable host detection
Applications
Data encryption
Data loss prevention
Application security monitoring
User Activities
Account & access key compromise detection
Anomalous insider activity detection
Privileged activity monitoring
Resource
Configurations
Compliance scanning (CIS, PCI, etc.)
Storage, snapshots, & image configuration monitoring
VPC, security groups & firewall configuration monitoring
IAM configuration monitoring
Encryption & key rotation configuration monitoring
7. RedLock Confidential & Proprietary
DevSecOps
Maturity Model
A framework to evaluate
where your organization’s
cloud security practices are
and where they need to go.
Cloud Footprint:
● Dozens of
workloads
● Few cloud
accounts
Stage 1 - Adopt
Objectives:
● Compliance
assurance
● Policy guardrails
Security Solutions:
● CloudTrail analysis
(SIEM)
● Configuration
monitoring tools
Cloud Footprint:
● Hundreds of
workloads
● Many cloud accounts
Stage 2 - Expand
Objectives:
● Central visibility
● Threat detection
● Vulnerability
management
+
Stage 1 Objectives
Security Solutions:
● None
Cloud Footprint:
● Multiple cloud
providers
● Thousands of
workloads
● Dozens of cloud
accounts
Stage 3 - Scale
Objectives:
● Auto-remediation
● Incident
investigation
+
Stage 2 Objectives
Security Solutions:
● None
9. RedLock Confidential & Proprietary
RedLock Takes
a Holistic
Approach
2. CORRELATES DATA USING AI
Uses AI to correlate network, user,
configuration, and threat intel data.
1. DISCOVERS ENVIRONMENT
Ingests data via APIs and automatically discovers resources.
No agents, no proxies.
CLOUD 360 PLATFORM
3.
REMEDIATES
RISKS
Remediate issues via
RedLock or
enterprise integrations.
ENTERPRISE
INTEGRATIONS
APIs
Resource
Configurations
User
Activity
Network
Traffic
Hosts
THIRD PARTY FEEDS
APIs
12. RedLock Confidential & Proprietary
3 Simple Steps
to Security
Governance
“Get a FREE risk
assessment of your public
cloud environment
Provide RedLock
with API access
to environment
We will set up an
account on the
RedLock Cloud 360
platform
See results
immediately
1 2 3