This document discusses cybersecurity threats and strategies for protection. It begins with definitions of internal and external environments, then lists common threat vectors like email links, wireless access, and human error. The document advocates using a combination of security technologies like machine learning, sandboxing, encryption, and more. Examples are given of quick attacks on an exposed "cloud" and the need for around-the-clock protection of data. The conclusion emphasizes performing risk assessments and having a plan to address potential vulnerabilities across the network.
Anyone know who this is? Seth Godin – Creator of Google Marketing, Author of NYT Best Sellers, Bizzillionare – in many of his books – he talks about the importance of definitions in business/business meetings – getting everyone on the same page…..I have adopted that methodology and would like to start there – what is the cloud?
We can all agree that there are a wide variety of types of cloud computing: private, public, hybrid, community, etc…But are they all secure/safe by default? Does the provider hold responsibility for keeping your data safe? What makes me laugh is when people complain about the cloud when they are utililsing a FREE service…..E-Mail is the biggest one….
The cloud has become part of our every day lives – there really isn’t a way of getting around it. You can no longer buy a CD for software, it’s delivered to you via the cloud. The 800lb. Gorrila/the mother ship/Microsoft now has included ways to save your work to the cloud as a default location. You can utilize google photos to save space on your i-phone…..for free!
Let’s address the elephant in the room….Atlanta
We can all agree that there are a wide variety of types of cloud computing: private, public, hybrid, community, etc…But are they all secure/safe by default? Does the provider hold responsibility for keeping your data safe? What makes me laugh is when people complain about the cloud when they are utililsing a FREE service…..E-Mail is the biggest one….
We can all agree that there are a wide variety of types of cloud computing: private, public, hybrid, community, etc…But are they all secure/safe by default? Does the provider hold responsibility for keeping your data safe? What makes me laugh is when people complain about the cloud when they are utililsing a FREE service…..E-Mail is the biggest one….
If you are not looking at your data differently – criminals are, and they will find the exploits/weak-spots…it’s only a matter of time.
The game of I.T. Security has changed…..it’s no longer block and tackle.
Who here has rented a car recently? What is the 1st thing you do…..after signing paperwork? You walk around the car with the rep, check for dents/dings, check gas level, make sure is has 4 tires, etc. They don’t check the engine with you, they don’t check the electronics, the power windows, etc. They give you a car that drives……that’s it, and you’re off.
What do you travel with? What do you put in your car? Would you leave this in a “bad” part of town with the windows down and the doors unlocked? So why are you leaving your cloud in the bad part of town with doors unlocked and windows down?
What are you able to put around your car? Lock the doors? Hire someone (MSP – Staff) to watch it? Put a fence around it (Technology?) Spot lights to ensure you can see it at all times (technology?)
So, we built a cloud environment from a popular cloud service provider (CSP), deployed a server instance in our new cloud environment, and using all the native tools that were available through the CSP, connected our new “cloud service” to the Internet. In addition, for added assurance, we also deployed a Honeypot in front of our new cloud service just on the off-chance something were to slip past the native controls . . . we connected our service through our Honeypot and sat back and watched what happened . . . And almost immediately we found some “interesting” results . . .
149 attacks identified by our HoneyPot
Ninety two (92) ssh/telnet attacks
One (1) scripting attack
Seven (7) attacks targeting TCP/UDP ports
Forty nine (49) network based
According to Distil Networks: “Bad bots made up 20% of all web traffic and are everywhere, at all times—they don’t take breaks and they don’t sleep. Even though bad bots are on all sites, larger sites were hit the hardest in 2016. Bad bots accounted for 21.83% of large website web traffic, which saw an increase of 36.43% since 2015.” Also, “Data centers were the weapon of choice for bad bots with 60.1% coming from the cloud. Amazon AWS was the top originating ISP for the third year in a row with 16.37% of all bad bot traffic—four times more than the next ISP (OVH SAS).”
The challenge – these bot armies are programmed to
After 7 days:
3.97 Million ssh/telnet based attempts + malware uploaded to the cloud
826 attack attemps detected by Dionaea
9 attack attempts detected by the elastic pot search engine
98 attempts detected by the web application honeypot glastopf
and almost 4900 attacks detected by Honeytrap
It‘s clear we have a problem – native controls aren‘t enough . . . How do cloud providers deal with this?
It is worth noting that these figures do not contain any clean traffic. Since there are no real services behind our honeypot, everything we saw and captured were attempts to compromise our environment. In total, we witnessed:
3.97 Million ssh/telnet based attempts + malware uploaded to the cloud
826 attack attemps detected by Dionaea
9 attack attempts detected by the elastic pot search engine
98 attempts detected by the web application honeypot glastopf
and almost 4900 attacks detected by Honeytrap
Our test simulated a typical cloud environment, thus this is what customers are likely to see in a similar span of time – especially if they just utilize the native ACL filters available through their cloud provider. We can clearly see that cloud assets are vulnerable to the same types of attacks targeting our premises-based networks, but the key difference is that on-prem we deploy advanced security protections to safeguard our assets; we need to start doing the same thing in the cloud.
Let’s address the elephant in the room….Atlanta
Let’s start with the elephant in the room – the city of ATL was recently hacked – Ransomware. Orbits was also hacked with almost a million customer records leaked. This sort of stuff happens every day – it’s just the ones that carry a large recognizable logo that make the headlines – this happens even more often in the Mid-sized market place, but they don’t report it because they aren’t household names.
Let’s start with the elephant in the room – the city of ATL was recently hacked – Ransomware. Orbits was also hacked with almost a million customer records leaked. This sort of stuff happens every day – it’s just the ones that carry a large recognizable logo that make the headlines – this happens even more often in the Mid-sized market place, but they don’t report it because they aren’t household names.
It’s time to look at your organization differently – someone else already is!
What are you able to put around your car? Lock the doors? Hire someone (MSP – Staff) to watch it? Put a fence around it (Technology?) Spot lights to ensure you can see it at all times (technology?)
You have the responsibility to protect that car/cloud – it’s in good share when it was given to you – but the provider’s responsibility do in fact end there – they’ve give you the keys, now you have to manage it, protect it, ensure it stays safe…..So how do you do that?
This is the extra security and responsibility that falls on you. Now I know what you are thinking….that is a lot of technology packed into one offering; and you are right. The next question is more than likely – how much time will it take to not only deploy, but to manage…..? Well, let’s stick with the brick and mortar/layers and icing mind set….
Anyone know who this is? Buddy Valastro or The “Cake Boss.” He uses tools in his trade to speed up his production – here he is using a an icing bag to assist in icing a cake. If you’ve seen his show before, he can do this EXTREMELY fast.