SlideShare uma empresa Scribd logo

The Practitioner's Guide to Cloud Security

Transferir como PPTX, PDF
Zohar Alon
Zohar Alon

This document summarizes a presentation on cloud server security given by Zohar Alon, co-founder and CEO of Dome9. The presentation covered who is responsible for cloud security, the need for multi-factor authentication and web application firewalls, logging and analyzing logs, and using firewalls to lock down and automate security across cloud servers. Dome9 provides a solution to automate and centralize security management across cloud servers.

Tecnologia
1 de 20
CloudExpo Europe – London, January 2013 The Practitioners Guide to Cloud Security London, January 2013 Zohar Alon @zoharalon Co-Founder & CEO Dome9 – Secure Your Cloud™
Me, and my company Zohar Alon – Co-Founder & CEO Creator of Check Point’s Provider-1 & SP product lines Over 20 years of security & IT experience. Cloud Server Security Management Automate and centralize security across an unlimited number of cloud, dedicated, and virtual private servers Dome9 – Secure Your Cloud™
What’s this? Dome9 – Secure Your Cloud™
1 day and 86,000 attempts later… Dome9 – Secure Your Cloud™
There are more than 30 million Cloud, VPS & Dedicated Servers Most of these servers are vulnerable to attack – Admins leave ports open to connect to their servers – Hackers use these same open ports to gain access Most of these servers’ security is unmanageable – Sprawled across multiple private & public clouds – Operating systems are a virtual buffet Most of the ‘available’ security doesn’t work – Service providers lack expertise & focus to build it – Security vendors have business models that don’t fit and/or technology that doesn’t migrate and scale Dome9 – Secure Your Cloud™
Who’s responsible for security? Dome9 – Secure Your Cloud™
The Practitioners Guide Part 1 – Responsibility • Most don’t know who’s Who’s Responsible? responsible for cloud security – 42% say they wouldn’t know if their cloud was hacked 33% 31% – 39% think their provider would tell them • Security is everybody’s 36% responsibility – accept and share it! • Security is your responsibility – Deal with it! Customer Provider Both Ponemon Cloud Security Research Study Dome9 – Secure Your Cloud™
The Practitioners Guide Part 2 – Authentication • If Anyone can login consider Multi-Factor authentication to harden access • Simple mobile app integration, w/ QR code support & SMS backup Dome9 – Secure Your Cloud™
Dome9 – Secure Your Cloud™
Dome9 – Secure Your Cloud™
The Practitioners Guide Part 3 - WAF • WAF: Web Application Firewall – Protects Web services, sites and applications – Monitor the requests to the web layer – Brute-force Login, Span Bots, SQL injections, etc. • Easy to enable – No Install! – Provides added security layer w/o overhead • Every Web App Will Use one – CloudFlare, Incapsula or Akamai – Bonus I – site is faster – Bonus II – DDOS mitigation capabilities Dome9 – Secure Your Cloud™
The Practitioners Guide Part 4 – Log • You saw how many insights we get from the logs. You need to store and analyze them. • We use several vendors for this – each for a different use-case: – Splunk & SplunkStorm – SumoLogic – Loggly – LogEntries Dome9 – Secure Your Cloud™
The Practitioners Guide Part 5 – Firewall • Take Control on your security policies – You do much more when it comes to the office firewall • Close All (admin) Ports – Open Dynamically – Open them only for whom, and for as long as is needed. • Don’t rely on static scopes – Too much management overhead and risk. • Aggregate & Centralize firewall management – Across regions, providers and applications • At Dome9, we eat our own dog food – On Amazon, Verison’s Terrermark and Rackspace Dome9 – Secure Your Cloud™
What happened here? Dome9 – Secure Your Cloud™
Dome9: How it Works Automated Cloud Server Security  Manage OS firewall (via Agent) and virtual firewall (via API) across all cloud servers  Enable on-demand, time- based secure access leases per server, source & time  Automatically close server access when lease expires  Stop attackers from targeting open admin ports via brute force attacks and exploits Dome9 – Secure Your Cloud™
Dome9 Central Simplified Security Management Time-Based Controls 1-Click Secure Access Multi-Cloud Management Dome9 – Secure Your Cloud™
Wrap Up ① Take Responsibility ② Harden Authentication ③ Use a Web Application Firewall ④ Log, Log, Log, Log, Log… and Analyze ⑤ Lockdown and Automate the Server Firewalls… with Dome9!  Dome9 – Secure Your Cloud™
Q&A Dome9 – Secure Your Cloud™
Thank You! Zohar Alon, Zohar@dome9.com www.dome9.com Dome9 – Secure Your Cloud™
References and Links • Firewall Management Service: – http://www.dome9.com/ – https://secure.dome9.com/account/register?code=ecommerce • MyDigipass 2 Factor Authentication Service: – https://www.mydigipass.com/ • Log Management Services: – Splunk Storm Service - https://www.splunkstorm.com/ – Loggly - http://loggly.com/ – LogEntries - https://logentries.com/ • WAF Services: – CloudFlare - https://www.cloudflare.com/ – Incapsula - http://www.incapsula.com/ • Cloud Security Study: http://www.dome9.com/wp-content/uploads/2011/11/Ponemon-Cloud-Security-Study.pdf Dome9 – Secure Your Cloud™

Recomendados

Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Amazon Web Services
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
Scott Arveseth
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
Alert Logic
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
Teri Radichel
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
Sai Kesavamatham
 
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert LogicIntroduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Alert Logic
 

Recomendados

Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Amazon Web Services
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
Scott Arveseth
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
Alert Logic
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
Teri Radichel
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
Sai Kesavamatham
 
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert LogicIntroduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Alert Logic
 
Dome9 Brochure
Dome9 BrochureDome9 Brochure
Dome9 Brochure
Dome9 Security
 
Dome9 Public Cloud Security
Dome9 Public Cloud SecurityDome9 Public Cloud Security
Dome9 Public Cloud Security
Sudarshan Srinivasan
 
Nils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesNils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic Slides
GovCloud Network
 
Beware the pitfalls when migrating to hybrid cloud with openstack
Beware the pitfalls when migrating to hybrid cloud with openstackBeware the pitfalls when migrating to hybrid cloud with openstack
Beware the pitfalls when migrating to hybrid cloud with openstack
Shuquan Huang
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
Lenin Aboagye
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 
Cloud and Virtualization Security
Cloud and Virtualization SecurityCloud and Virtualization Security
Cloud and Virtualization Security
Rubal Sagwal
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
L S Subramanian
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
CloudPassage
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Livingstone Advisory
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tips
United Technology Group (UTG)
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
Neil Readshaw
 
DeepArmor
DeepArmorDeepArmor
DeepArmor
brand44
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Amazon Web Services
 
OWASP Cloud Top 10
OWASP Cloud Top 10OWASP Cloud Top 10
OWASP Cloud Top 10
Ludovic Petit
 
Cloudron bay lisa-presentation
Cloudron bay lisa-presentationCloudron bay lisa-presentation
Cloudron bay lisa-presentation
Girish Ramakrishnan
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
Andy Powell
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption
Dell World
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
 

Mais conteúdo relacionado

Semelhante a The Practitioner's Guide to Cloud Security

Beware the pitfalls when migrating to hybrid cloud with openstack
Beware the pitfalls when migrating to hybrid cloud with openstackBeware the pitfalls when migrating to hybrid cloud with openstack
Beware the pitfalls when migrating to hybrid cloud with openstack
Shuquan Huang
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
Lenin Aboagye
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
CloudPassage
 

Semelhante a The Practitioner's Guide to Cloud Security (20)

Dome9 Brochure
Dome9 BrochureDome9 Brochure
Dome9 Brochure
 
Dome9 Public Cloud Security
Dome9 Public Cloud SecurityDome9 Public Cloud Security
Dome9 Public Cloud Security
 
Nils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesNils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic Slides
 
Beware the pitfalls when migrating to hybrid cloud with openstack
Beware the pitfalls when migrating to hybrid cloud with openstackBeware the pitfalls when migrating to hybrid cloud with openstack
Beware the pitfalls when migrating to hybrid cloud with openstack
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Cloud and Virtualization Security
Cloud and Virtualization SecurityCloud and Virtualization Security
Cloud and Virtualization Security
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tips
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
 
DeepArmor
DeepArmorDeepArmor
DeepArmor
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
 
OWASP Cloud Top 10
OWASP Cloud Top 10OWASP Cloud Top 10
OWASP Cloud Top 10
 
Cloudron bay lisa-presentation
Cloudron bay lisa-presentationCloudron bay lisa-presentation
Cloudron bay lisa-presentation
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Último (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 

The Practitioner's Guide to Cloud Security

  • 1. CloudExpo Europe – London, January 2013 The Practitioners Guide to Cloud Security London, January 2013 Zohar Alon @zoharalon Co-Founder & CEO Dome9 – Secure Your Cloud™
  • 2. Me, and my company Zohar Alon – Co-Founder & CEO Creator of Check Point’s Provider-1 & SP product lines Over 20 years of security & IT experience. Cloud Server Security Management Automate and centralize security across an unlimited number of cloud, dedicated, and virtual private servers Dome9 – Secure Your Cloud™
  • 3. What’s this? Dome9 – Secure Your Cloud™
  • 4. 1 day and 86,000 attempts later… Dome9 – Secure Your Cloud™
  • 5. There are more than 30 million Cloud, VPS & Dedicated Servers Most of these servers are vulnerable to attack – Admins leave ports open to connect to their servers – Hackers use these same open ports to gain access Most of these servers’ security is unmanageable – Sprawled across multiple private & public clouds – Operating systems are a virtual buffet Most of the ‘available’ security doesn’t work – Service providers lack expertise & focus to build it – Security vendors have business models that don’t fit and/or technology that doesn’t migrate and scale Dome9 – Secure Your Cloud™
  • 6. Who’s responsible for security? Dome9 – Secure Your Cloud™
  • 7. The Practitioners Guide Part 1 – Responsibility • Most don’t know who’s Who’s Responsible? responsible for cloud security – 42% say they wouldn’t know if their cloud was hacked 33% 31% – 39% think their provider would tell them • Security is everybody’s 36% responsibility – accept and share it! • Security is your responsibility – Deal with it! Customer Provider Both Ponemon Cloud Security Research Study Dome9 – Secure Your Cloud™
  • 8. The Practitioners Guide Part 2 – Authentication • If Anyone can login consider Multi-Factor authentication to harden access • Simple mobile app integration, w/ QR code support & SMS backup Dome9 – Secure Your Cloud™
  • 9. Dome9 – Secure Your Cloud™
  • 10. Dome9 – Secure Your Cloud™
  • 11. The Practitioners Guide Part 3 - WAF • WAF: Web Application Firewall – Protects Web services, sites and applications – Monitor the requests to the web layer – Brute-force Login, Span Bots, SQL injections, etc. • Easy to enable – No Install! – Provides added security layer w/o overhead • Every Web App Will Use one – CloudFlare, Incapsula or Akamai – Bonus I – site is faster – Bonus II – DDOS mitigation capabilities Dome9 – Secure Your Cloud™
  • 12. The Practitioners Guide Part 4 – Log • You saw how many insights we get from the logs. You need to store and analyze them. • We use several vendors for this – each for a different use-case: – Splunk & SplunkStorm – SumoLogic – Loggly – LogEntries Dome9 – Secure Your Cloud™
  • 13. The Practitioners Guide Part 5 – Firewall • Take Control on your security policies – You do much more when it comes to the office firewall • Close All (admin) Ports – Open Dynamically – Open them only for whom, and for as long as is needed. • Don’t rely on static scopes – Too much management overhead and risk. • Aggregate & Centralize firewall management – Across regions, providers and applications • At Dome9, we eat our own dog food – On Amazon, Verison’s Terrermark and Rackspace Dome9 – Secure Your Cloud™
  • 14. What happened here? Dome9 – Secure Your Cloud™
  • 15. Dome9: How it Works Automated Cloud Server Security  Manage OS firewall (via Agent) and virtual firewall (via API) across all cloud servers  Enable on-demand, time- based secure access leases per server, source & time  Automatically close server access when lease expires  Stop attackers from targeting open admin ports via brute force attacks and exploits Dome9 – Secure Your Cloud™
  • 16. Dome9 Central Simplified Security Management Time-Based Controls 1-Click Secure Access Multi-Cloud Management Dome9 – Secure Your Cloud™
  • 17. Wrap Up ① Take Responsibility ② Harden Authentication ③ Use a Web Application Firewall ④ Log, Log, Log, Log, Log… and Analyze ⑤ Lockdown and Automate the Server Firewalls… with Dome9!  Dome9 – Secure Your Cloud™
  • 18. Q&A Dome9 – Secure Your Cloud™
  • 19. Thank You! Zohar Alon, Zohar@dome9.com www.dome9.com Dome9 – Secure Your Cloud™
  • 20. References and Links • Firewall Management Service: – http://www.dome9.com/ – https://secure.dome9.com/account/register?code=ecommerce • MyDigipass 2 Factor Authentication Service: – https://www.mydigipass.com/ • Log Management Services: – Splunk Storm Service - https://www.splunkstorm.com/ – Loggly - http://loggly.com/ – LogEntries - https://logentries.com/ • WAF Services: – CloudFlare - https://www.cloudflare.com/ – Incapsula - http://www.incapsula.com/ • Cloud Security Study: http://www.dome9.com/wp-content/uploads/2011/11/Ponemon-Cloud-Security-Study.pdf Dome9 – Secure Your Cloud™

Notas do Editor

  1. Dome9 – Server firewall management platform, brought in a SaaS subscription model.1,500 customers since launch last yearBased in Tel Aviv, with offices in the Bay AreaFocused on managing security for cloud, dedicated and VPSSpeaking today is a unique opportunity becauseDome9 is both a security company and an e-commerce companyAll of our transactions are done online and like you, have to be secured. Making sure the transaction and our infrastructure is secure is ultra critical, especially for us since we are a security company.Many of our customers are also e-commerce companies, which gives us a nice glimpse into the types of concerns they have and the threats they face
  2. Q: What is this ?A: Brute force attack in action (by a nice Malaysian guy) on a test server at Amazon, set up by one of our developers Any success ?
  3. Integrating with MyDigipass:Took more time to audit and review than to actually implement the integration.Took a single developer less than a day to implement.After spending a fixed (small) amount of time it is great to see the service keeps improving while doing noting on our side (example – device authorization)
  4. Let’s get back to our poor server.I do not remember writing this url , so I searched a bit…
  5. Apparently this is a new exploit called Elastix 2.2. LFIThis exploit is of type – directory traversal/ local file inclusion. This specific one is quite new – about 1 month old.Thank you my Lao friend for sharing such a new exploit with me.This leads us to our next part
  6. Remember the server from slide 1 ?Q: What happened here ?A: I just used our own product to properly configure that server’s firewall
  7. -Describe- By now, you understand what we do, now let’s dive into our dilemmas and challenges