SlideShare a Scribd company logo

Azure for Auditors

•
•
T
Teri Radichel

Auditors can have a significant positive impact on Cybersecurity. This slide deck is from a sold out presentation on Azure for Auditors for ISACA and IIA in Seattle. How can auditors help cloud security? What should auditors and those performing cloud security assessments consider when evaluating cloud security on Azure? If you'd like to learn more check out my cybersecurity classes at https://2ndsightlab.com

Technology
1 of 64
for Auditors Teri Radichel | CEO | 2nd Sight Lab IIA and ISACA ~ Seattle 2019 © 2nd Sight Lab, LLC @teriradichel
@teriradichel Auditors Can have a significant impact on cybersecurity @teriradichel
@teriradichel Not just what to check… @teriradichel But Why?
@teriradichel Communicate @teriradichel Why Findings Matter.
@teriradichel Influence @teriradichel Decision Makers.
@teriradichel Help @teriradichel Solve the Problem.
@teriradichel Brief Tangent • Breaches • Repercussions • Why it matters
@teriradichel Cost of a Breach • It goes up daily… • Executives know this. • They say they care. • So why all the breaches?
@teriradichel The cost will keep going up… • GDPR: 4% of revenue. • More regulation likely coming if we don’t fix it. • Regulations cost a lot and make EVERYTHING more complicated. • Fix it before that happens.
@teriradichel Is this FUD? No. This is news.
@teriradichel The bigger cost • Democracy • Cyberwar • Critical infrastructure • Healthcare systems • Some people call this FUD. • I call it reality.
@teriradichel Definition of war and insurance • Check the definition of war. • Check your policy. • Insurance companies may have an out. • Maybe you can change your policy. • Talk to your lawyer about definitions. • Better yet… • Instead of relying on insurance – let’s protect the systems.
@teriradichel Auditors are key! • Audit the systems. • Show the problems. • Translate into potential realities. • Raise awareness. • Explain to them why it matters. • Help obtain resources and training. • Get companies to fix problems.
@teriradichel Understand attacks to know what to audit
@teriradichel Azure Internet Connections • Anything exposed to Internet will be scanned and attacked. • Storage Accounts • Databases • Virtual Machines • Containers • Serverless Functions • Common problems: RDP Brute Force and Misconfigured Data Stores
@teriradichel BlueKeep is to RPD port 3389 as WannaCry is to SMB port 445
@teriradichel Just In Time Access
@teriradichel Understand network layers and protocols • OSI Model – Layers 1-7 – protections at different network layers. • TLS doesn’t always save you. • It doesn’t encrypt everything. • DNS over HTTPS is coming out. • This will hide DNS traffic used by security systems to spot malware. • Good or bad?? • Do you know the difference between an SSL and IPSEC VPN? • One encrypts more traffic than the other.
@teriradichel What was the original purpose of a VPN? • What was the initial purpose of a VPN? • Not to hide your traffic so you can watch videos in a foreign country. • Not for pentesting so people can’t tell where you are coming from. • Not for end users to hide their traffic from their ISP. • What was it?
@teriradichel Connect to private network from anywhere Firewall Trusted Users Only Authenticated Encrypted tunnel Specific CIDR block Network restrictions Specific to VPN network traffic ranges
@teriradichel VPN + Bastion Host + JIT VPN + Firewall Or NSG Trusted Users Only Bastion Host + JIT VM VM VM Internet
@teriradichel Private Network + Bastion Host + JIT Firewall Or NSG Trusted Users Only Bastion Host + JIT VM VM VM Express Route Or Azure VPN
@teriradichel Look for potential data exfiltration
@teriradichel How are systems connected? • Azure Connectivity – VPN or Express Route? Or Internet? • What about Cloud Shell traffic via a web browser? • Connections from Azure to third-parties? • What traffic is and is not visible to security team and monitored? • Who approves, tracks, and sets up new network connections? • Is DLP in place to spot potential exfiltration? • What paths exist from your most sensitive data to the Internet?
@teriradichel Azure Cloud App Security • Works as CASB • Identifies Shadow IT • What apps connected to Azure? • Can they exfiltrate data? • Third-Party: McAfee, Netskope
@teriradichel Application Architecture APPWEB DATA
@teriradichel VNET Azure Networking • Virtual Networks • Routes • Subnets • Security Groups • Azure Firewall • WAF SSUB Subnets segregate layers NSGs protect individual resourcesWAF and/or Azure Firewall Limit routes
@teriradichel Credentials • SANS Institute survey • Cloud security incidents • Number one issue • Stolen credentials
@teriradichel How they are stolen • Credentials in code • Phishing attacks • Shared • Malicious insider • Malware on machine • Social engineering
@teriradichel What they are used for… • Steal data • Ransomware • Cryptominers • Delete systems – or an account! • Maintain a foothold • Monitor communications • Steal intellectual property • Attack other systems
@teriradichel Cryptominers • More common in cloud • Often not reported • Not required • No data loss • Using your resources
@teriradichel IAM – Integrate and Automate • Azure AD • Integrated with main Active Directory store • Using same HR processes • Automated • When someone leaves is there access automatically removed? • When someone changes roles, is their access automatically changed? • Is creation of users automated to prevent human error?
@teriradichel MFA– Is it in place and is it effective? • Is MFA in place – for everyone? • How long is MFA cached? • Is it truly two-factor? • How can MFA be bypassed? • And yes, it can be!
@teriradichel IAM – Segregation, Least Privilege • Least privilege • Humans, compute resources, all permissions • Only privileges to do what is needed • Segregation • If one person’s creds stolen – how much can those creds access? • What can they do?
@teriradichel Least Privilege ~ Credentials AND Networking z
@teriradichel Application and user permissions • Service principles or managed identities for applications • Only permissions required granted to users and resources • Cannot create resources with higher permissions than themselves • JIT enforced for remote access • Only required network ports and rules allowed • Verify someone is monitoring logs and responding to events • Network traffic, application, OS, Active Directory, Activity logs
@teriradichel Secrets management • No secrets in code • Secrets stored in vault • Azure Key Vault • HashiCorp Vault Running code retrieves secrets from vault Azure Key Vault contains [encrypted!] secrets Application can only retrieve secrets that belong to it, not secrets for other applications. In a SAAS application, users can only retrieve their own secrets!
@teriradichel Where are secrets exposed? • Metadata, configuration files, documentation • Logs, backup files, caches, environment variables, registry • GitHub and other source control systems • Databases, unencrypted • On developer documentation systems (Confluence) • In Slack, chat, IM • Email, Support Tickets
@teriradichel Segregation QADEV PRODDEPLOY
@teriradichel Subscriptions and resource groups • Is the organization using access segregation effectively to limit risk? • How are subscriptions and resource groups organized and managed? • Are different teams, lines of business, SDLC functions segregated? • Different projects, different microservices, different trust levels • Are permissions between each limited to what is required? • Can get complicated – a dedicated team?
@teriradichel Deployment systems • How are deployment systems and networks architected? • Do they provide adequate governance? • How are deployment systems secured (Jenkins, Repositories) • Who has access to change the Deployment systems? • Can the deployment systems be bypassed by manual changes? • Are security scans and checks built into deployment processes? • Is the security team monitoring deployment systems?
@teriradichel Other ways malware get into systems • Cryptominers inserted into third-party software, web pages • E-skimming software – CMS, plugins • Software packages – Docker Hub containers, Python libraries • Source code changes • Misconfigurations, developer induced vulnerabilities • Third party code included via URLs • PS: Don’t expose your CMS Admin site to Internet!
@teriradichel Application Security VMs, Containers, Serverless
@teriradichel Azure and OWASP Top 10 • WAF • Front Door • Advanced Threat Protection • Azure Security Center
@teriradichel Vulnerability scanning • Before Deployment • Automated • In the deployment pipeline • Segregation of Duties - Not manually or controlled by Devs • Serverless scanning mainly depends on static code analysis • After Deployment • Cloud Native options – agents will report to Azure Security Center • Third parties – Azure integrates with Qualys, others • Azure security center will tell you if it finds agent scanning or not
@teriradichel Azure Security Center Vulnerability Assessments • Integrates with Qualys and others
@teriradichel Patching • Including DevOps systems! • Check the Jenkins server… • Check Kubernetes… • Immutable deployments are better than patching live systems! • Make sure systems can’t change once they are scanned.
@teriradichel Encryption • Is everything encrypted • Disks, Databases, Files, Storage Accounts, Logs, Queues, Metadata? • Is the boot disk encrypted – Azure uses BitLocker? • Who has access to keys – can this be limited via automation? • Are the keys rotated frequently (30-90 days or even less?) • In a SAAS environment – does each customer have separate keys? • Are appropriate algorithms, modes, and key lengths used?
@teriradichel Checking Encryption on Azure Disks, Databases…what Azure can see.
@teriradichel Proper configurations • Every single service on Azure has a configuration. • If you can see it, touch it, change it – it’s your responsibility. • Understand best practices for each service. • Understand how it might be attacked (threat modeling) • Secure accordingly. • Customer configurations are one of the biggest risks in the cloud!
@teriradichel CIS Benchmarks in Azure Security Center • CIS Benchmarks: best practices for Azure, Docker, Operating Systems, and more • Check some of these with Azure Security Center
@teriradichel Architect for Availability • Is the architecture structured to prevent downtime? • What if an Azure datacenter fails? • Your architecture should be resilient to this if required. • BCP and DR plans aligned with business needs. • What if your systems are hit with ransomware? • Do you have backups? • Have they been tested?
@teriradichel Azure options for Availability • Azure architecture solutions • Azure Load Balancers • Azure Autoscale • Azure Site Recovery • Azure Backup
@teriradichel Security Functions • Threat modeling to design to prevent breaches • Security team has access to ALL logs • Event monitoring and incident response • Security requirements
@teriradichel ALL the logs…. • What logs exist? • Are they turned on? • Is anyone looking at them? • Do they KNOW what to look for? • Are they centralized? • Log shipping – ephemeral resources • Who can change them? (No one hopefully – check permissions)
@teriradichel Compliance…is not security • But it’s better than nothing! • Azure Security Center can help • Will rate things Azure can see
@teriradichel Third-Party Products ~ CloudNeeti • Met at Seattle AWS Architects and Engineers Meetup • Cross-cloud • SAAS - obtain customer consent
@teriradichel Tools for Auditors on Azure • No role – have to find or create one that gives least privilege • Azure Security Center is your friend! • Learn how to write scripts to query resources (Power BI, CLI, Insights) • Network Watcher • Become familiar with all the logs • Review recommendations and best practices for each service.
@teriradichel Cloud systems can make security worse. Would you trust a software developer or business person operate on you? Why not?
@teriradichel Training…at every level • Train the Decision Makers • Different types of training • Risk and Governance • Research and reverse engineering malware • Cloud specific configurations • Application security (OWASP top 10) • Network security • Pentesting • DFIR (monitoring and responding to incidents)
@teriradichel Cloud systems can make security better! If used properly, by people with security training…
@teriradichel Managing Risk
@teriradichel Best practices ~ Resources • https://docs.microsoft.com/en-us/azure/security/fundamentals/best- practices-and-patterns • https://azure.microsoft.com/en-us/resources/security-best-practices- for-azure-solutions/ • https://docs.microsoft.com/en- us/azure/security/fundamentals/network-best-practices • https://docs.microsoft.com/en- us/azure/security/fundamentals/operational-checklist • https://www.cisecurity.org/benchmark/azure/
@teriradichel Thank you! Teri Radichel Follow: @teriradichel + @2ndsightlab Web: https://2ndsightlab.com Blog: https://medium.com/cloud-security Classes: https://2ndsightlab.com/cloud-security-training.html

Recommended

Top 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTop 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTeri Radichel
 
Locking Down Your Cloud
Locking Down Your CloudLocking Down Your Cloud
Locking Down Your CloudTeri Radichel
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.Teri Radichel
 
AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016Teri Radichel
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingPriyanka Aash
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 

Recommended

Top 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTop 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTeri Radichel
 
Locking Down Your Cloud
Locking Down Your CloudLocking Down Your Cloud
Locking Down Your CloudTeri Radichel
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.Teri Radichel
 
AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016Teri Radichel
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingPriyanka Aash
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Teri Radichel
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramPriyanka Aash
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or diePriyanka Aash
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster CompanyPriyanka Aash
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskPriyanka Aash
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Priyanka Aash
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?conjur_inc
 
Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponsePriyanka Aash
 
Red Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSRed Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSPriyanka Aash
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloadsRuncy Oommen
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesPriyanka Aash
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryPriyanka Aash
 
Stephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudStephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudDevSecCon
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
Pragmatic Security Automation for Cloud
Pragmatic Security Automation for CloudPragmatic Security Automation for Cloud
Pragmatic Security Automation for CloudPriyanka Aash
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 

More Related Content

What's hot

Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Teri Radichel
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramPriyanka Aash
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or diePriyanka Aash
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster CompanyPriyanka Aash
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskPriyanka Aash
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Priyanka Aash
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?conjur_inc
 
Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponsePriyanka Aash
 
Red Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSRed Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSPriyanka Aash
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloadsRuncy Oommen
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesPriyanka Aash
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryPriyanka Aash
 
Stephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudStephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudDevSecCon
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
Pragmatic Security Automation for Cloud
Pragmatic Security Automation for CloudPragmatic Security Automation for Cloud
Pragmatic Security Automation for CloudPriyanka Aash
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 

What's hot (20)

Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?Are You Ready for a Cloud Pentest?
Are You Ready for a Cloud Pentest?
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security Program
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or die
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster Company
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?
 
Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and Response
 
Red Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWSRed Team vs. Blue Team on AWS
Red Team vs. Blue Team on AWS
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security Architectures
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directory
 
Stephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloudStephen Sadowski - Securely automating infrastructure in the cloud
Stephen Sadowski - Securely automating infrastructure in the cloud
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
 
Pragmatic Security Automation for Cloud
Pragmatic Security Automation for CloudPragmatic Security Automation for Cloud
Pragmatic Security Automation for Cloud
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 

Similar to Azure for Auditors

Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterpriseBozhidar Bozhanov
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Rugged Building Materials and Creating Agility with Security
Rugged Building Materials and Creating Agility with SecurityRugged Building Materials and Creating Agility with Security
Rugged Building Materials and Creating Agility with SecurityDavid Etue
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flarezilberberg
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion DetectionAPNIC
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013javagroup2006
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnSamuel Reed
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsRivetz
 

Similar to Azure for Auditors (20)

Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
 
Cyber security
Cyber securityCyber security
Cyber security
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
Rugged Building Materials and Creating Agility with Security
Rugged Building Materials and Creating Agility with SecurityRugged Building Materials and Creating Agility with Security
Rugged Building Materials and Creating Agility with Security
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flare
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain Transactions
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 

More from Teri Radichel

So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
Cloud Offense Informs Cloud Defense.pptx
Cloud Offense Informs Cloud Defense.pptxCloud Offense Informs Cloud Defense.pptx
Cloud Offense Informs Cloud Defense.pptxTeri Radichel
 
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Teri Radichel
 
Real World Cloud Compromise
Real World Cloud CompromiseReal World Cloud Compromise
Real World Cloud CompromiseTeri Radichel
 
Serverless Attack Vectors
Serverless Attack VectorsServerless Attack Vectors
Serverless Attack VectorsTeri Radichel
 
Top Priorities for Cloud Application Security
Top Priorities for Cloud Application SecurityTop Priorities for Cloud Application Security
Top Priorities for Cloud Application SecurityTeri Radichel
 
How the Cloud Changes Cyber Security
How the Cloud Changes Cyber SecurityHow the Cloud Changes Cyber Security
How the Cloud Changes Cyber SecurityTeri Radichel
 
Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Teri Radichel
 
Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Teri Radichel
 
Red Team vs Blue Team on AWS - RSA 2018
Red Team vs Blue Team on AWS - RSA 2018Red Team vs Blue Team on AWS - RSA 2018
Red Team vs Blue Team on AWS - RSA 2018Teri Radichel
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWSTeri Radichel
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachTeri Radichel
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 

More from Teri Radichel (16)

So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
 
Cloud Offense Informs Cloud Defense.pptx
Cloud Offense Informs Cloud Defense.pptxCloud Offense Informs Cloud Defense.pptx
Cloud Offense Informs Cloud Defense.pptx
 
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
 
Real World Cloud Compromise
Real World Cloud CompromiseReal World Cloud Compromise
Real World Cloud Compromise
 
Serverless Attack Vectors
Serverless Attack VectorsServerless Attack Vectors
Serverless Attack Vectors
 
Top Priorities for Cloud Application Security
Top Priorities for Cloud Application SecurityTop Priorities for Cloud Application Security
Top Priorities for Cloud Application Security
 
How the Cloud Changes Cyber Security
How the Cloud Changes Cyber SecurityHow the Cloud Changes Cyber Security
How the Cloud Changes Cyber Security
 
Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019
 
Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018Red Team vs. Blue Team on AWS ~ re:Invent 2018
Red Team vs. Blue Team on AWS ~ re:Invent 2018
 
Red Team vs Blue Team on AWS - RSA 2018
Red Team vs Blue Team on AWS - RSA 2018Red Team vs Blue Team on AWS - RSA 2018
Red Team vs Blue Team on AWS - RSA 2018
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWS
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWS
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target Breach
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂşjo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Azure for Auditors

  • 1. for Auditors Teri Radichel | CEO | 2nd Sight Lab IIA and ISACA ~ Seattle 2019 © 2nd Sight Lab, LLC @teriradichel
  • 2. @teriradichel Auditors Can have a significant impact on cybersecurity @teriradichel
  • 3. @teriradichel Not just what to check… @teriradichel But Why?
  • 7. @teriradichel Brief Tangent • Breaches • Repercussions • Why it matters
  • 8. @teriradichel Cost of a Breach • It goes up daily… • Executives know this. • They say they care. • So why all the breaches?
  • 9. @teriradichel The cost will keep going up… • GDPR: 4% of revenue. • More regulation likely coming if we don’t fix it. • Regulations cost a lot and make EVERYTHING more complicated. • Fix it before that happens.
  • 10. @teriradichel Is this FUD? No. This is news.
  • 11. @teriradichel The bigger cost • Democracy • Cyberwar • Critical infrastructure • Healthcare systems • Some people call this FUD. • I call it reality.
  • 12. @teriradichel Definition of war and insurance • Check the definition of war. • Check your policy. • Insurance companies may have an out. • Maybe you can change your policy. • Talk to your lawyer about definitions. • Better yet… • Instead of relying on insurance – let’s protect the systems.
  • 13. @teriradichel Auditors are key! • Audit the systems. • Show the problems. • Translate into potential realities. • Raise awareness. • Explain to them why it matters. • Help obtain resources and training. • Get companies to fix problems.
  • 15. @teriradichel Azure Internet Connections • Anything exposed to Internet will be scanned and attacked. • Storage Accounts • Databases • Virtual Machines • Containers • Serverless Functions • Common problems: RDP Brute Force and Misconfigured Data Stores
  • 16. @teriradichel BlueKeep is to RPD port 3389 as WannaCry is to SMB port 445
  • 18. @teriradichel Understand network layers and protocols • OSI Model – Layers 1-7 – protections at different network layers. • TLS doesn’t always save you. • It doesn’t encrypt everything. • DNS over HTTPS is coming out. • This will hide DNS traffic used by security systems to spot malware. • Good or bad?? • Do you know the difference between an SSL and IPSEC VPN? • One encrypts more traffic than the other.
  • 19. @teriradichel What was the original purpose of a VPN? • What was the initial purpose of a VPN? • Not to hide your traffic so you can watch videos in a foreign country. • Not for pentesting so people can’t tell where you are coming from. • Not for end users to hide their traffic from their ISP. • What was it?
  • 20. @teriradichel Connect to private network from anywhere Firewall Trusted Users Only Authenticated Encrypted tunnel Specific CIDR block Network restrictions Specific to VPN network traffic ranges
  • 21. @teriradichel VPN + Bastion Host + JIT VPN + Firewall Or NSG Trusted Users Only Bastion Host + JIT VM VM VM Internet
  • 22. @teriradichel Private Network + Bastion Host + JIT Firewall Or NSG Trusted Users Only Bastion Host + JIT VM VM VM Express Route Or Azure VPN
  • 23. @teriradichel Look for potential data exfiltration
  • 24. @teriradichel How are systems connected? • Azure Connectivity – VPN or Express Route? Or Internet? • What about Cloud Shell traffic via a web browser? • Connections from Azure to third-parties? • What traffic is and is not visible to security team and monitored? • Who approves, tracks, and sets up new network connections? • Is DLP in place to spot potential exfiltration? • What paths exist from your most sensitive data to the Internet?
  • 25. @teriradichel Azure Cloud App Security • Works as CASB • Identifies Shadow IT • What apps connected to Azure? • Can they exfiltrate data? • Third-Party: McAfee, Netskope
  • 27. @teriradichel VNET Azure Networking • Virtual Networks • Routes • Subnets • Security Groups • Azure Firewall • WAF SSUB Subnets segregate layers NSGs protect individual resourcesWAF and/or Azure Firewall Limit routes
  • 28. @teriradichel Credentials • SANS Institute survey • Cloud security incidents • Number one issue • Stolen credentials
  • 29. @teriradichel How they are stolen • Credentials in code • Phishing attacks • Shared • Malicious insider • Malware on machine • Social engineering
  • 30. @teriradichel What they are used for… • Steal data • Ransomware • Cryptominers • Delete systems – or an account! • Maintain a foothold • Monitor communications • Steal intellectual property • Attack other systems
  • 31. @teriradichel Cryptominers • More common in cloud • Often not reported • Not required • No data loss • Using your resources
  • 32. @teriradichel IAM – Integrate and Automate • Azure AD • Integrated with main Active Directory store • Using same HR processes • Automated • When someone leaves is there access automatically removed? • When someone changes roles, is their access automatically changed? • Is creation of users automated to prevent human error?
  • 33. @teriradichel MFA– Is it in place and is it effective? • Is MFA in place – for everyone? • How long is MFA cached? • Is it truly two-factor? • How can MFA be bypassed? • And yes, it can be!
  • 34. @teriradichel IAM – Segregation, Least Privilege • Least privilege • Humans, compute resources, all permissions • Only privileges to do what is needed • Segregation • If one person’s creds stolen – how much can those creds access? • What can they do?
  • 35. @teriradichel Least Privilege ~ Credentials AND Networking z
  • 36. @teriradichel Application and user permissions • Service principles or managed identities for applications • Only permissions required granted to users and resources • Cannot create resources with higher permissions than themselves • JIT enforced for remote access • Only required network ports and rules allowed • Verify someone is monitoring logs and responding to events • Network traffic, application, OS, Active Directory, Activity logs
  • 37. @teriradichel Secrets management • No secrets in code • Secrets stored in vault • Azure Key Vault • HashiCorp Vault Running code retrieves secrets from vault Azure Key Vault contains [encrypted!] secrets Application can only retrieve secrets that belong to it, not secrets for other applications. In a SAAS application, users can only retrieve their own secrets!
  • 38. @teriradichel Where are secrets exposed? • Metadata, configuration files, documentation • Logs, backup files, caches, environment variables, registry • GitHub and other source control systems • Databases, unencrypted • On developer documentation systems (Confluence) • In Slack, chat, IM • Email, Support Tickets
  • 40. @teriradichel Subscriptions and resource groups • Is the organization using access segregation effectively to limit risk? • How are subscriptions and resource groups organized and managed? • Are different teams, lines of business, SDLC functions segregated? • Different projects, different microservices, different trust levels • Are permissions between each limited to what is required? • Can get complicated – a dedicated team?
  • 41. @teriradichel Deployment systems • How are deployment systems and networks architected? • Do they provide adequate governance? • How are deployment systems secured (Jenkins, Repositories) • Who has access to change the Deployment systems? • Can the deployment systems be bypassed by manual changes? • Are security scans and checks built into deployment processes? • Is the security team monitoring deployment systems?
  • 42. @teriradichel Other ways malware get into systems • Cryptominers inserted into third-party software, web pages • E-skimming software – CMS, plugins • Software packages – Docker Hub containers, Python libraries • Source code changes • Misconfigurations, developer induced vulnerabilities • Third party code included via URLs • PS: Don’t expose your CMS Admin site to Internet!
  • 44. @teriradichel Azure and OWASP Top 10 • WAF • Front Door • Advanced Threat Protection • Azure Security Center
  • 45. @teriradichel Vulnerability scanning • Before Deployment • Automated • In the deployment pipeline • Segregation of Duties - Not manually or controlled by Devs • Serverless scanning mainly depends on static code analysis • After Deployment • Cloud Native options – agents will report to Azure Security Center • Third parties – Azure integrates with Qualys, others • Azure security center will tell you if it finds agent scanning or not
  • 46. @teriradichel Azure Security Center Vulnerability Assessments • Integrates with Qualys and others
  • 47. @teriradichel Patching • Including DevOps systems! • Check the Jenkins server… • Check Kubernetes… • Immutable deployments are better than patching live systems! • Make sure systems can’t change once they are scanned.
  • 48. @teriradichel Encryption • Is everything encrypted • Disks, Databases, Files, Storage Accounts, Logs, Queues, Metadata? • Is the boot disk encrypted – Azure uses BitLocker? • Who has access to keys – can this be limited via automation? • Are the keys rotated frequently (30-90 days or even less?) • In a SAAS environment – does each customer have separate keys? • Are appropriate algorithms, modes, and key lengths used?
  • 49. @teriradichel Checking Encryption on Azure Disks, Databases…what Azure can see.
  • 50. @teriradichel Proper configurations • Every single service on Azure has a configuration. • If you can see it, touch it, change it – it’s your responsibility. • Understand best practices for each service. • Understand how it might be attacked (threat modeling) • Secure accordingly. • Customer configurations are one of the biggest risks in the cloud!
  • 51. @teriradichel CIS Benchmarks in Azure Security Center • CIS Benchmarks: best practices for Azure, Docker, Operating Systems, and more • Check some of these with Azure Security Center
  • 52. @teriradichel Architect for Availability • Is the architecture structured to prevent downtime? • What if an Azure datacenter fails? • Your architecture should be resilient to this if required. • BCP and DR plans aligned with business needs. • What if your systems are hit with ransomware? • Do you have backups? • Have they been tested?
  • 53. @teriradichel Azure options for Availability • Azure architecture solutions • Azure Load Balancers • Azure Autoscale • Azure Site Recovery • Azure Backup
  • 54. @teriradichel Security Functions • Threat modeling to design to prevent breaches • Security team has access to ALL logs • Event monitoring and incident response • Security requirements
  • 55. @teriradichel ALL the logs…. • What logs exist? • Are they turned on? • Is anyone looking at them? • Do they KNOW what to look for? • Are they centralized? • Log shipping – ephemeral resources • Who can change them? (No one hopefully – check permissions)
  • 56. @teriradichel Compliance…is not security • But it’s better than nothing! • Azure Security Center can help • Will rate things Azure can see
  • 57. @teriradichel Third-Party Products ~ CloudNeeti • Met at Seattle AWS Architects and Engineers Meetup • Cross-cloud • SAAS - obtain customer consent
  • 58. @teriradichel Tools for Auditors on Azure • No role – have to find or create one that gives least privilege • Azure Security Center is your friend! • Learn how to write scripts to query resources (Power BI, CLI, Insights) • Network Watcher • Become familiar with all the logs • Review recommendations and best practices for each service.
  • 59. @teriradichel Cloud systems can make security worse. Would you trust a software developer or business person operate on you? Why not?
  • 60. @teriradichel Training…at every level • Train the Decision Makers • Different types of training • Risk and Governance • Research and reverse engineering malware • Cloud specific configurations • Application security (OWASP top 10) • Network security • Pentesting • DFIR (monitoring and responding to incidents)
  • 61. @teriradichel Cloud systems can make security better! If used properly, by people with security training…
  • 63. @teriradichel Best practices ~ Resources • https://docs.microsoft.com/en-us/azure/security/fundamentals/best- practices-and-patterns • https://azure.microsoft.com/en-us/resources/security-best-practices- for-azure-solutions/ • https://docs.microsoft.com/en- us/azure/security/fundamentals/network-best-practices • https://docs.microsoft.com/en- us/azure/security/fundamentals/operational-checklist • https://www.cisecurity.org/benchmark/azure/
  • 64. @teriradichel Thank you! Teri Radichel Follow: @teriradichel + @2ndsightlab Web: https://2ndsightlab.com Blog: https://medium.com/cloud-security Classes: https://2ndsightlab.com/cloud-security-training.html

Editor's Notes

  1. But, when the user selects the Keep me signed in check box during authentication, a persistent session token is stored. Nonpersistent session tokens have a lifetime of 24 hours. Persistent tokens have a lifetime of 180 days. Anytime an SSO session token is used within its validity period, the validity period is extended another 24 hours or 180 days, depending on the token type. If an SSO session token is not used within its validity period, it is considered expired and is no longer accepted. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes
  2. https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
  3. https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices