Embed Size (px)
Citation preview
Thank you.
SECURITY IMPLICATIONS OF THE CLOUD.
Sean RohdeDirector of Sales, Alert Logic
AGENDA
5
47
74
89
184
289
277
222
207
571
Denial of Service
Crimeware
Physical Theft / Loss
Payment Card Skimmers
Everything Else
Cyber-espionage
Privilege Misuse
Miscellaneous Errors
POS Intrusions
Web App Attacks
Security risk is shifting to unprotected web applications
Web app attacks are now the #1 source of data breaches
But less than 5% of data center security budgets are spent on app security
Source: Verizon DBIR 2017n= 1,935
UP 300% SINCE 2014
$23 to $1
Percentage of Breaches
10% 20% 30%
Source: Gartner
Web App Attacks
Vulnerabilities+ Change
+ Shortage
Complexity of defending web applications and workloads
Risks are moving up the stack
1. Wide range of attacks at every layer of the stack
2. Rapidly changing codebase can introduces unknown vulnerabilities
3. Long tail of exposures inherited from 3rd party development tools
4. Extreme shortage of cloud and application security expertise
Web App AttacksOWASP Top 10
Platform / Library Attacks
System / Network Attacks
Perimeter & end-point security tools fail to protect cloud attack surface
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Server OS
Hypervisor
Databases
Networking
Cloud Management
TametheBeast
Industry Challenge: The Good, the Bad and the Ugly
KnownGood
KnownBad
Suspicious
AllowIdentify|Tune|Permit
BlockDrop|Reconfigure
ApplicationStack
WebApps
Server-sideApps
AppFrameworks
DevPlatforms
Databases
ServerOS
Hypervisor
Hardware Classification Action
HUMANEXPERTREQUIRED
CASE ILLUSTRATION
Customer X – Data Exfiltration
CompanyProfileRetail– Ecommerce
$250MAnnualRevenue1500+Employees
4 PrimaryOffices(NA)200RetailLocations
ITDedicatedHeadcount– 14SecurityDedicatedHeadcount– 2HybridDataCenter(AWS&CoLo)
Customer X – Data Exfiltration
AttackProgressionStalkedcompanyonLinkedInandGoogle
GainedentrythroughPHP(KNOWN)flaws
ReplacedPHPlogintocapturecredentials
Leveragedcredentialstoaccesscriticalsystem
StoleFinancial,Designdata&Roadmap
Undetectedfor4months– FBINotification
CostofBreech- $1.8M
CompanyProfileRetail– Ecommerce
$250MAnnualRevenue1500+Employees
4 PrimaryOffices(NA)200RetailLocations
ITDedicatedHeadcount– 14SecurityDedicatedHeadcount– 2HybridDataCenter(AWS&CoLo)
AGENDA
Thank you.
#CSS2017
Thank You.
![CSS & eCSStender [CSS Summit 2011]](https://img.pdfslide.net/doc/110x75/54c70c6e4a79593f288b4656/css-ecsstender-css-summit-2011.jpg)
![[HTML, Css] HTML & Css Learning](https://img.pdfslide.net/doc/110x75/55cf9813550346d0339570eb/html-css-html-css-learning.jpg)
