Embed Size (px)
Citation preview
Aug 2015
Full Lifecycle Approach to Security
Effective threat analytics is an
important element of the security
lifecycle
But it is ineffective without
incident response – the yin and
the yang
For security architectures to be
effective, threat analytics and
incident response must be tightly
coupled to prevent any gaps
Chase breach affects 76 million accounts, raises questions about detection failure
SC Magazine – Oct 3, 2014
Target did not respond to FireEye security alerts prior to breach, according to report
“We often see organizations ignoring alarms like this because they've become numb to them, receiving too many false positives, or because they're understaffed,” Chiu said. “You can have all the alarms you want, but unless you put security in a prominent position in the company and have enough staff to review them, those alarms don't mean anything.”
Aug 2015
The Yin: Threat Analytics for the Cloud
Challenges with performing threat analytics for cloud services
Static threat models cannot be applied to on-demand cloud infrastructure
Non-uniform transparency across cloud providers for event logs and security metadata
Consolidation of security data across SaaS, PaaS and IaaS is required for a holistic view
Correlation of data across all cloud services is challenging due to the sheer volume of cloud usage
A combination of approaches to threat analytics is required
Detection: Define static rules and baselines to match known threats
Prediction: Use data science and machine learning to discover unknown threats
Automation of threat detection and prediction is necessary to keep up
with the rapidly evolving threat landscape
Aug 2015
The Yang: Incident Response for the Cloud
Comprehensive incident response entails Logging: ensures that all incidents are tracked
Remediation: ensures that all incidents are addressed
Two approaches to remediation
Changes are made directly to the cloud service
Changes are made via integrations with existing IT investments
Automation of incident response is necessary to ensure that no
incidents are lost in the shuffle
Aug 2015
CASB Deployment models
Aug 2015
Forward Proxy
Aug 2015
Forward proxy
Pros Can be used for all app types, incl client-server with hard-coded host names
Cons
Difficult to deploy especially for BYOD shops
End-user privacy concerns as both corporate and personal traffic are sent via proxy
Requires self-signed certificates at each point of use.
CASB becomes SPOF
Aug 2015
Reverse Proxy
Aug 2015
Reverse proxy
Pros Works for any device (managed and unmanaged) and from any location
End-user privacy is intact – only corporate traffic is proxied
Simple deployment – no configuration on mobile devices or firewalls
Cons
SSL/TLS is hard to handle
CASB becomes SPOF
Aug 2015
API Mode
Aug 2015
API
Pros Non-intrusive & light touch solution
Can provide content based controls
Supports BYOD
Reliable information on what data is in the cloud, its permissions and the activity logs
Cons
Not all SaaS applications offer API support
Aug 2015
Thanks!
