Cloud Security: Perception Vs. Reality
-
Upload
internap -
Category
Technology
-
view
601 -
download
2
Transcript of Cloud Security: Perception Vs. Reality
#cloudsecurity
Cloud Security: Perception vs. Reality March 21, 2012
#cloudsecurity
Agenda
Introductions and Internap Overview
Security Drivers and Concerns - Industry Perspectives
Security Risk Evaluation – Service Provider vs. On-Premise
Questions?
2
#cloudsecurity 3
Today’s speakers & moderator Mark Fitzgerald
Manager, Infrastructure & Strategy Turbine
Marek Vesely Chief Technology Officer Casenet LLC
John Freimuth VP, Mgd Hstg & Cloud Internap
Moderator
Randy Rosenbaum Partner Executive Alert Logic
#cloudsecurity 4
3,700+ Enterprise Customers 500 Employees 2011 Revenue: $245M
Our intelligent IT Infrastructure solutions can take your business to a higher level.
NASDAQ: INAP
#cloudsecurity
Platform
Perf
orm
ance
Flexibility
to th
e E
nd u
ser
IT Vendor
IT Vendor
IT Vendor IT Vendor
IT Vendor
IT Vendor
IT Vendor
5 5
#cloudsecurity
Platform Flexibility
Performance to the End user
IP Connectivity • Enterprise IP • TCP Acceleration
Colocation
Hosting
Cloud
• Space, Power, Cooling • Interconnection
• Managed Hosting • Dedicated Hosting
• Private Cloud • Public Cloud • Cloud Storage
Content Delivery Network • Media Delivery, Transparent
Caching, Mobile Delivery • Analytics
We live and breathe a full range of intelligent IT Infrastructure services
6
#cloudsecurity
Poll Question
7
What is your greatest concern about a cloud
environment?
#cloudsecurity
What is top of mind today for enterprises regarding security and cloud services?
#cloudsecurity
Panel Question: Business Drivers
9
VP, IT Dell SecureWorks
What business drivers influence your security
decisions?
#cloudsecurity
Panel Question: Cloud Security Concerns
10
VP, IT Dell SecureWorks
What are your security concerns when using a
cloud environment?
#cloudsecurity
Panel Question: Levering Cloud Services
11
VP, IT Dell SecureWorks Given security
requirements, how will you leverage cloud in
the future?
#cloudsecurity
Poll Question
12
Which methods of attack concerns you most in terms of your
customers’ data?
Threat Manager Ac-veWatch
Log Manager LogReview
Web Security Manager
• Intrusion detection and vulnerability assessment • PCI Approved Scanning Vendor (ASV) • Custom dashboards and reports • 24x7 monitoring and review services
• Log data collection and aggregation • Identify suspicious activity and automatically issue
threat alerts • Powerful search and reporting • Daily analysis and review services
• Award-winning web application firewall • Adaptive learning and easy tuning • 24x7 monitoring for consistent protection
Security-‐as-‐a-‐Service solu0ons for more than 1,500 customers
13
Industry-‐First Data-‐Driven Compara0ve Analysis of Threats in Hosted and Cloud vs. On-‐Premise IT Environments
14
Alert Logic provides a rich data set Threat data from more than 1500 customers
Customers of over half the top 30 North American service providers
On-‐premise enterprise
environments from a range of ver-cals
Consistently-‐collected data from both
service provider and
on-‐premise environments
15
Customer Data Set
Page 16
• Analyzed network traffic from over 1600 customers – 1300 + Managed
Hosting/Cloud Customers
– 300 + On-Premise Customers
16
How threats are identified
17
Security Incident Categories INCIDENT TYPE DEFINITION EXAMPLES Applica-on ALack Exploit aLempts against applica-ons or services that are not
running over HTTP protocol Buffer overflow
Brute Force Exploit aLempts enumera-ng a large number of combina-ons, typically involving numerous creden-al failures
Password cracking aLempts
Malware/Botnet Ac-vity Malicious soUware installed on a host engaging in unscrupulous ac-vity, data destruc-on, informa-on gathering or crea-on of backdoor. Included in this category is botnet ac-vity: post-‐compromise ac-vity displaying characteris-cs of command and control communica-on
Conficker, Zeus botnet
Misconfigura-on Network/Host/Applica-on configura-on issues that introduce possible security vulnerabili-es, typically a result of inadequate hardening
Weak patch management, unnecessary services running
Reconnaissance Reconnaissance ac-vity focused on mapping the networks, applica-ons and/or services
Port scans and fingerprin-ng
Vulnerability Scan Automated vulnerability discovery in applica-ons, services or protocol implementa-ons
Unauthorized Nessus scan
Web Applica-on ALack ALacks targe-ng the presenta-on, logic or database layer of web applica-ons
SQL injec-on
18
Metrics to answer basic questions
OCCURRENCE What percentage of customers were impacted by each threat type?
How oUen did impacted customers experience each threat type?
How many unique threat types did customers experience?
FREQUENCY THREAT DIVERSITY
What threats are actually experienced in on-‐premise vs service provider environments, and
how oUen?
What is the complexity of the threat landscape (and resul-ng security
program)?
19
Consistently lower occurrence rates among service provider customers
20
Size and Diversity Increase Attack Surface Why Do We See Differences?
21
Cloud and Service Provider Managed Environments are Not Less Secure
Good Management Yields Good Security
Smart Enterprises Should Exploit Differences in Risk Profiles
Web Applica-on Security is a Significant Challenge
What does this mean?
22
Use data to make security investment decisions This is aggregate data; use your own IDS and log data
Source: Alert Logic State of Cloud Security, Spring 2012
Consider Web App Firewall, network IDS
Malware protec-on cri-cal for on-‐premises
infrastructure
Review log data to detect brute force
aLempts
Use IDS to detect
suspicious recon
Pay aLen-on to configura-on
management, patching
23
#cloudsecurity
Questions?
www.internap.com #cloudsecurity
24
?