CSA SV Threat detection and prediction
-
Upload
vishwas-manral -
Category
Technology
-
view
413 -
download
0
Transcript of CSA SV Threat detection and prediction
Cloud Security: Threat Detec3on and Predic3on Ganesh Kir+, CTO and Co-‐Founder Palerra
Agenda
§ Cloud Security Challenges § Threat Detection and Prediction
§ Summary
2
§ A leading Cloud Access Security Broker (CASB)
§ Ensures visibility and governance for cloud services
§ Secures cloud applications and infrastructure - all users - from any device - from anywhere / any network
§ Leading Investors include Norwest Venture Partners, Wing Ventures & August Capital
§ Investment Bank – 5,500 Box users
§ IT Infrastructure & Data Center Products Manufacturer – 18,000 Salesforce users
§ National Healthcare Provider – 5,500 O365 users
§ IT Service Provider – 6,000 O365/Salesforce users
Company Customers Accolades Supported Services
About Palerra
3
Cloud Computing Services Model
SaaS
§ Business data transaction
§ Sharing documents
§ Sensitive Emails
PaaS
§ Partner Applications
§ 3rd party APIs integration
§ Databases, Web Services
IaaS
§ VPN/Network ACLs
§ Hosts/Server instances
§ Storage Services
4
Security: Cloud Computing Services Model § Protect data from being shared
outside an org
§ Protect user accounts
§ Secure configurations
§ Detect malicious insiders
SaaS Business
User 3rd Party Apps
Admin
§ Protect Data
§ Protect user accounts
§ Secure API Keys and tokens
§ Audit Activity PaaS
Business User
Developers
API Key
3rd Party Apps
DevOps
§ Secure Network and Servers
§ Secure SSH Keys
§ Protect against rogue usage
§ Secure configurations
IaaS
Admin Client
Machines On-Demand Processes
5
Cloud Service Providers own the Cloud and you own the security
Cloud Security: Multi-Step Process
§ Step 1: Visibility § Get visibility into your cloud services usage
§ Develop plan for monitoring and securing your clouds
§ Step 2: Anomaly Detection/Prediction/Protection
§ Use multiple techniques (supervised and unsupervised) to identify risky users and threats
§ Step 3: Remediate incidents and prevent it in future
§ Automate the process for continuous security
6
CASB: Reference Architecture
Anomalous Activity Detection
§ Solution should support: • Supervised Feeds and Rules:
§ Allow the customer to configure specific use cases of interest for their cloud applications:
§ Examples: whitelisting of IP addresses, Tag activities for certain AWS machines, Tag certain users (employee about to be terminated).
• Machine learning for Anomaly detection: • User Behavior Analytics. • Anomaly Detection for IP addresses. • Anomaly Detection for non-human activities connecting to the
applications: Automated processes, unsanctioned applications. • Correlation of various threat feeds and contextual data.
9
Supervised Feeds and Rules : Real use case
§ Trusted IP addresses: § Detection of any activity outside certain ranges of IP
addresses.
§ Helps security analyst to identify users who work outside office (when they are not supposed to).
§ Helps detect compromised or shared credentials (if the employee is physically located in the office but activity is happening from outside the company IP ranges).
Anomaly Detection: UBA use cases
§ Over time, cloud users build repeatable action patterns. Profiling such patterns helps identify anomalous activity.
§ For example: § a SFDC user logs daily from two IP addresses (one is the
company, and the other is home). § This user creates an average of 20 leads a day, changes about 7
lead status, and transfers an average of 3 leads per day to another employee.
§ Profiling the aggregates of actions per user over a long period of time helps identify the user’s expected volume of daily actions.
§ Profiling the IP addresses for this user helps identify any new unseen IP address for this user.
§ Profiling certain sensitive actions such as data export with time of execution helps detect unexpected execution of such sensitive action.
11
UBA use case: repeatable user actions over time
UBA use case: User coming from a new IP address
Malicious Insiders § Most damaging attacks are more often caused by insiders § Examples insider threats -
– Employee negligence – Fraud, theft by insiders – Inappropriate sharing of data outside an
enterprise
§ What to protect and monitor - – Monitor for overly privileged user
accounts – Monitor transactional activities – Monitor administrator’ activities – Detect malicious user activities using
user behavior analytics (UEBA)
Summary
§ Get visibility into your cloud services usage § Develop plan for monitoring and securing your clouds
§ Find an automated solution to address challenges (threats and risks)
15
Q&A
16 Please send ques+ons regarding this webinar to: [email protected]
hMp://palerra.com/locked_item/white-‐paper-‐t12/