Embed Size (px)
Citation preview
Identify and Neutralise Tomorrow’s Threats Today Damian Skeeles Strategic Regional Architect HP Enterprise Security Products
@secureisd #CLOUDSEC
• A Problem Statement
• Applying HP technologies to the threat
• To IaaS
• To SaaS
• To the private cloud
AGENDA
2
A PROBLEM STATEMENT
3 www.cloudsec.com | #CLOUDSEC
“We have a problem”
A PROBLEM STATEMENT
4
80% of organisations use the cloud
A PROBLEM STATEMENT
5
Source: HP Cloud - Public Cloud Security Research, November 2013
40% don’t realise they use the cloud
A PROBLEM STATEMENT
6
Source: HP Cloud - Public Cloud Security Research, November 2013
16% admitted a public cloud breach in 12mo
A PROBLEM STATEMENT
7
Source: HP Cloud - Public Cloud Security Research, November 2013
39% aware they have Shadow IT problems
A PROBLEM STATEMENT
8
Source: HP Cloud - Public Cloud Security Research, November 2013
26% had applications in cloud without approval
A PROBLEM STATEMENT
9
Source: HP Cloud - Public Cloud Security Research, November 2013
And the threats are there
A PROBLEM STATEMENT
10
ADDRESSING THE THREAT TO… IAAS
11 www.cloudsec.com | #CLOUDSEC <insert speaker organization logo>
Discovery
Research
Our
Enterprise Their
ecosystem
Infiltration
Capture
Exfiltration
The Attack Lifecycle The Attack Lifecycle (On-Premise)
ADDRESSING THE THREAT
Discovery
Research
Their
ecosystem
Infiltration
Capture
Exfiltration
Package and navigate out
Extract data
Move laterally via creds, network
Research admins, Webapps, VPNs
Enter via phished user, web app…
Our
Enterprise
Discovery
Research
Our IaaS Their
ecosystem
Infiltration
Capture
Exfiltration
The Attack Lifecycle (IaaS) The Attack Lifecycle (IaaS)
ADDRESSING THE IAAS THREAT
Discovery
Research
Their
ecosystem
Infiltration
Capture
Exfiltration
Package and navigate out
Extract data
Move laterally via creds, network
Research admins, Webapps, API keys
Enter via phished user, web app…
Our IaaS
Discovery
Research
Our IaaS Their
ecosystem
Infiltration
Capture
Exfiltration
The Attack Lifecycle (IaaS)
ADDRESSING THE IAAS THREAT
Compromised
Identity
HP User
Behaviour
Analytics (UBA)
Compromised
Web App
HP Fortify
AppDefender
HP Advanced
Threat
Appliance (ATA)
Log-evident
Behaviour HP ArcSight
Discovery
Research
Our IaaS Their
ecosystem
Infiltration
Capture
Exfiltration
The Attack Lifecycle (IaaS)
ADDRESSING THE IAAS THREAT
Unusual
Behaviour
HP User
Behaviour
Analytics (UBA)
Unusual logins
Application
Errors
Services
crashing
Unusual netflow
HP ArcSight
Discovery
Research
Our IaaS Their
ecosystem
Infiltration
Capture
Exfiltration
The Attack Lifecycle (IaaS)
ADDRESSING THE IAAS THREAT
DBA actions
SQL commands
App events
OS File Events
HP ArcSight
Discovery
Research
Our IaaS Their
ecosystem
Infiltration
Capture
Exfiltration
The Attack Lifecycle (IaaS)
ADDRESSING THE IAAS THREAT
Admin activity
Unusual Netflow
HP ArcSight
Encrypt
Databases
Encrypt Big Data
Tokenise Data
Encrypt Files
Keep the keys
HP Security
Voltage
SecureData
FPE
HP Atalla IPC
HP Atalla ESKM
ArcSight Monitoring
ADDRESSING THE IAAS THREAT
18
• Take events from
• IaaS Activity APIs
• IAM / VPN
• OS
• Applications
• Networking
• Store and Search
• Correlate for Suspicious Activity
• Run SIEM/LM in IaaS or On-Prem
ADDRESSING THE THREAT TO… SAAS
19 www.cloudsec.com | #CLOUDSEC <insert speaker organization logo>
Research
Our SaaS
Accounts
Their
ecosystem
Infiltration
Exfiltration
The Attack Lifecycle (SaaS)
ADDRESSING THE SAAS THREAT
Research
Their
ecosystem
Infiltration
Exfiltration
View data
Research admins, Webapps, API keys
Enter via phished user, web app…
The Attack Lifecycle (IaaS)
Our SaaS
Accounts
Activity
Encryption
Security Touchpoints (SaaS)
ADDRESSING THE SAAS THREAT
Identity
Access
Network /
Geo Context
Identity Check /
Block
Behaviour
Secure the data
Adallom Reverse
Proxy
Adallom Federated AD
ArcSight UBA
ArcSight ESM
Adallom Rules
Atalla ESKM, CE, IPC,
Voltage SecureData
Adallom
ADDRESSING THE SAAS THREAT
22
SaaS
ADDRESSING THE SAAS THREAT
23
Adallom + ArcSight
ADDRESSING THE SAAS THREAT
24
Adallom + UBA
ADDRESSING THE SAAS THREAT
25
SUMMARY
28 www.cloudsec.com | #CLOUDSEC <insert speaker organization logo>
Summary
• IaaS threat defence is similar to On-Premise
• SaaS defence focus is on Identity and Encryption
• User Behaviour Analytics is useful in all aaS models
• Encryption is “key”
SPEAKER TOPIC
29
Damian Skeeles Regional Strategic Architect HP Enterprise Security Products
@secureisd #CLOUDSEC
