SlideShare a Scribd company logo

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato
Paulo Renato

Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

1 of 42
Downloaded 33 times
SHARED SECURITY RESPONSIBILITY IN AZURE Speaker - Chris Camaclang
Agenda • Intro + Housecleaning + Surveys • Hybrid Cloud Landscape • Threat Landscape • Security Best Practices • Alert Logic Solutions and Value
Hybrid Cloud Today CLOUD FALLOVER (DIFFERENT GEOGRAPHY) INTERNALEXTERNAL PRIVATE CLOUD PUBLIC CLOUD DEMO SITES MOBILE PHONES PROSPECT CUSTOMER BIZ PARTNER MANAGER PM ARCHITECT DEVELOPER SUPPORT SMART PHONE SMART TV TABLET/iPAD DESKTOP CLOUDTOPNOTEBOOK NETBOOK PRODUCTION STAGING QA DEV/TEST DEMO SITESPERFORMANCE TESTING IT + DEV SUPP SERVICES OFFICE SERVICES TIM/TAM SERVICES DESKTOP SERVICES MONITORING SERVICES BIZ. SUPP. SERVICES TRANSFORMATION SERVICES ADOBE LC SERVICES MESSAGING SERVICES SECURITY SERVICES BIZ. INT. SERVICES CODE MANAGEMENT SERVICES TIM/TAM SERVICES MONITORING SERVICES SECURITY SERVICES PERFORMANCE TESTING SECURETUNNEL SECURETUNNEL SECURETUNNEL SECURE TUNNEL SECURE TUNNEL
The Impact of a Breach is Far-Reaching and Long-Lived THE CYBER KILL CHAIN¹ THE IMPACT Financial loss Harm brand and reputation Scrutiny from regulators IDENTIFY & RECON INITIAL ATTACK COMMAND & CONTROL DISCOVER & SPREAD EXTRACT & EXFILTRATE 1. http://cyber.lockheedmartin.com/cyber-kill-chain-lockheed-martin-poster COMPANIES OF ALL SIZES ARE IMPACTED
Global Analysis
Threats by Customer Industry Vertical Source: Alert Logic CSR 2016 29% 48% 10% 11% 2% Finance-Insurance-Real Estate APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 56%25% 17% 0% 2% Retail-Wholesale APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 54% 21% 22% 1% 2% Information Technology APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY
1 49 56 86 125 155 172 197 525 908 Denial of Service Crimeware Physical Theft / Loss Payment Card Skimmers Everything Else Cyber-espionage Privilege Misuse Miscellaneous Errors POS Intrusions Web App Attacks Security risk is shifting to unprotected web applications Web app attacks are now the #1 source of data breaches But less than 5% of data center security budgets are spent on app security Source: Verizon UP 500% SINCE 2014 $23 to $1 Percentage of Breaches 10% 20% 30% 40% Source: Gartner Web App Attacks
Cloud Security is a Shared, but not Equal, Responsibility • Security Monitoring • Log Analysis • Vulnerability Scanning • Network Threat Detection • Security Monitoring • Logical Network Segmentation • Perimeter Security Services • External DDOS, spoofing, and scanning monitored • Hypervisor Management • System Image Library • Root Access for Customers • Managed Patching (PaaS, not IaaS) • Web Application Firewall • Vulnerability Scanning • Secure Coding and Best Practices • Software and Virtual Patching • Configuration Management • Access Management (inc. Multi-factor Authentication) • Application level attack monitoring • Access Management • Configuration Hardening • Patch Management • TLS/SSL Encryption • Network Security Configuration CUSTOMER ALERT LOGICMICROSOFT
SECURITY BEST PRACTICES
10 Best Practices for Security 1. Understand the Cloud Providers Shared Responsibility Model 2. Secure your code 3. Create access management policies 4. Data Classification 5. Adopt a patch management approach 6. Review logs regularly 7. Build a security toolkit 8. Stay informed of the latest vulnerabilities that may affect you 9. Understand your cloud service providers security model 10. Know your adversaries
1. Understand the Cloud Providers Shared Responsibility Model The first step to securing cloud workloads is understanding the shared responsibility model Microsoft will secure most of the underlying infrastructure, including the physical access to the datacenters, the servers and hypervisors, and parts of the networking infrastructure…but the customer is responsible for the rest. Taken from the Shared Responsibility for Cloud Computing whitepaper, published by Microsoft in March 2016
2. Secure Your Code • Test inputs that are open to the Internet • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • DevSecOps
3. Create Secure Access Management Policies • Simplify access controls (KISS) • Lock down Admin account in Azure • Enable MFA (Azure, hardware/software token) • Identify data infrastructure that requires access (*Lock down AzureSQL) • Define roles and responsibilities (delegating service admins) • Azure NSG (private vs public) • Continually audit access (Azure Audit Logs) • Start with a least privilege access model (RBAC) *avoid owner role unless absolutely necessary • Don’t store keys in code (e.g. secret keys) • AAD Premium – (*Security analytics and alerting)
4. Data Classification • Identify data repositories and mobile backups • Identify classification levels and requirements • Analyze data to determine classification • Build Access Management policy around classification • Monitor file modifications and users
5. Adopt a Patch Management Approach • Use trusted images (*Prevent users from launching untrusted images) • Constantly scan all vulnerabilities in your images and patch them • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC
6. Log Management Strategy • Monitoring for malicious activity • Forensic investigations • Compliance needs • System performance • All sources of log data is collected and retained • Data types (Windows, Syslog) • Azure AD behavior • Azure Audit Logs (services, instances…activity, powershell) • Azure SQL Logs • Azure App Services Logs • Review process • Live monitoring • Correlation logic
7. Build a Security Toolkit • Recommended Security Solutions • Antivirus • IP tables/Firewall • Backups • FIM • Intrusion Detection System (VNET ingress/egress) • Malware Detection • Web Application Firewalls (inspection at Layer 7) • Forensic Image of hardware remotely • Future Deep Packet Forensics • Web Filters • Mail Filters • Encryption Solutions • Proxies • Log collection • SIEM Monitoring and Escalation • Penetration Testing
8. Stay Informed of the Latest Vulnerabilities • Websites to follow • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat-report/
9. Understand Your Service Providers Security Model • Understand the security offerings from your provider • Probe into the Security vendors to find their prime service • Hypervisor exploits are patched by the service provider • Questions to use when evaluating cloud service providers
10. Understand your Adversaries
Threats are 24x7 = Security Operations 24x7 Monitor intrusion detection and vulnerability scan activity Search for Industry trends and deliver intelligence on lost or stolen data Collect data from OSINT and Underground Sources to deliver Intelligence and Content Identify and implement required policy changes Escalate incidents and provide guidance to the response team to quickly mitigate Incidents Monitor for Zero-Day and New and Emerging attacks Cross product correlate data sources to find anomalies
ALERT LOGIC SOLUTIONS
Cloud Security is a Shared, but not Equal, Responsibility • Security Monitoring • Log Analysis • Vulnerability Scanning • Network Threat Detection • Security Monitoring • Logical Network Segmentation • Perimeter Security Services • External DDOS, spoofing, and scanning monitored • Hypervisor Management • System Image Library • Root Access for Customers • Managed Patching (PaaS, not IaaS) • Web Application Firewall • Vulnerability Scanning • Secure Coding and Best Practices • Software and Virtual Patching • Configuration Management • Access Management (inc. Multi-factor Authentication) • Application level attack monitoring • Access Management • Configuration Hardening • Patch Management • TLS/SSL Encryption • Network Security Configuration CUSTOMER ALERT LOGICMICROSOFT
Vulnerabilities + Change + Shortage Complexity of defending web applications and workloads Risks are moving up the stack 1. Wide range of attacks at every layer of the stack 2. Rapidly changing codebase can introduces unknown vulnerabilities 3. Long tail of exposures inherited from 3rd party development tools 4. Extreme shortage of cloud and application security expertise Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Perimeter & end-point security tools fail to protect cloud attack surface Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
Block Analyze Allow Your Data Focus requires full stack inspection…and complex analysis Known Good Known Bad Suspicious Security DecisionYour App Stack Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Threats App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
APP+CONFIG ASSESMENT Your Data Focus requires full stack inspection…and complex analysis Known Bad Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management COLLECTION TECHNOLOGY
Your Data Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management APP+CONFIG ASSESMENT COLLECTION TECHNOLOGY Integrated value chain delivering full stack security… Signatures & Rules Anomaly Detection Machine Learning ANALYTICS Petabytes of normalized data from 4000+ customers
Your Data Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management APP+CONFIG ASSESMENT COLLECTION TECHNOLOGY Signatures & Rules Anomaly Detection Machine Learning ANALYTICS Integrated value chain delivering full stack security, experts included Petabytes of normalized data from 4000+ customers • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center 24/7 EXPERTS & PROCESS
Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management CLOUD INSIGHT Signatures & Rules Anomaly Detection Machine Learning Integrated value chain delivering full stack security, experts included • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center ACTIVEWATCHDETECTION & PROTECTION Web Security Manager Log Manager Threat Manager ALERT LOGIC CLOUD DEFENDER
New capabilities focused on Web Attack Detection 1 Over 150 new web attack incidents 2 Improved OWASP Top 10 Coverage powered by Anomaly Detection 3 Advanced SQL Injection Detection powered by Machine Learning Web App Attacks OWASP top 10 Platform / library attacks App / System misconfig attacks Attacks Over 250 breaches detected in 2016
Alert Logic solutions are easy to deploy • Use a combination of host based agents and appliances to collect network and application traffic • Agents also collect logs from the VM • Azure Activity Logs are collected via the Azure Monitor API • Azure SQL or App Services Logs are collected from Azure storage accounts • Appliances can be used to do internal scanning, or we can do external and PCI scanning from our cloud
HOW IT WORKS: Alert Logic Threat Manager for 3 Tier Application Stack + Azure SQL VNET RESOURCE GROUP Alert Logic Web Traffic Threat Manager Appliance AutoScale AutoScale Azure SQL Database Tier Azure Storage Table SQL Logs Application Tier VM ScaleSets Web Tier VM ScaleSets Application Gateway VM
3-Tier applications using VMs only VNET RESOURCE GROUP Web Traffic Customer B Alert Logic Threat Manager Appliance VM AutoScale Application Tier VM ScaleSets AutoScale Web Tier VM ScaleSets Database Tier SQL VM AvailabilitySets VNET RESOURCE GROUP AutoScale Application Tier VM ScaleSets AutoScale Web Tier VM ScaleSets Database Tier SQL VM AvailabilitySets Web Traffic Customer A
ARM Template automate appliance deployments https://github.com/alertlogic/al-arm-templates
Agents can be baked into VM images, or automatically installed using DevOps toolsets https://supermarket.chef.io/cookbooks/al_agents
Alert Logic – a Leader in Forrester’s 2016 NA MSSP WAVETM “Alert Logic has a head start in the cloud, and it shows. Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations.” - Forrester WAVETM Report
Addressing Customers with Compliance Requirements Alert Logic Solution PCI DSS SOX HIPAA & HITECH Alert Logic Web Security Manager™ • 6.5.d Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others • 6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public- facing web applications. • DS 5.10 Network Security • AI 3.2 Infrastructure resource protection and availability • 164.308(a)(1) Security Management Process • 164.308(a)(6) Security Incident Procedures Alert Logic Log Manager™ • 10.2 Automated audit trails • 10.3 Capture audit trails • 10.5 Secure logs • 10.6 Review logs at least daily • 10.7 Maintain logs online for three months • 10.7 Retain audit trail for at least one year • DS 5.5 Security Testing, Surveillance and Monitoring • 164.308 (a)(1)(ii)(D) Information System Activity Review • 164.308 (a)(6)(i) Login Monitoring • 164.312 (b) Audit Controls Alert Logic Threat Manager™ • 5.1.1 Monitor zero day attacks not covered by anti-virus • 6.2 Identify newly discovered security vulnerabilities • 11.2 Perform network vulnerability scans quarterly by an ASV or after any significant network change • 11.4 Maintain IDS/IPS to monitor and alert personnel; keep engines up to date • DS5.9 Malicious Software Prevention, Detection and Correction • DS 5.6 Security Incident Definition • DS 5.10 Network Security • 164.308 (a)(1)(ii)(A) Risk Analysis • 164.308 (a)(1)(ii)(B) Risk Management • 164.308 (a)(5)(ii)(B) Protection from Malicious Software • 164.308 (a)(6)(iii) Response & Reporting Alert Logic Security Operations Center providing Monitoring, Protection, and Reporting
Scalable Threat Intel Process Delivers Relevant Content FUSIONNORMALIZATION ENTITY RESOLUTION LINK ANALYSIS CLUSTERING ANALYSIS COMPLEX ANALYSIS EXTRACTION HONEYNET 3RD-PARTY INTEL VULNERABILITIES WATCHLISTS RESEARCH TELEMETRY Big Data ReputationReputation BlacklistsBlacklists Content CoverageContent Coverage Incident ModelingIncident Modeling Intelligence GatheringIntelligence Gathering Relevant VulnerabilitiesRelevant Vulnerabilities Increased Contextual Awareness Increased Contextual Awareness Increase Incident Understanding Increase Incident Understanding Key Service CapabilitiesAnalysis TechniquesThreat Analytics PlatformInput Sources
Stopping Imminent Data Exfiltration INCIDENT ESCALATION Partner and customer notified with threat source information and remediation tactics 8 min FUTHER ANALYSIS Alert Logic Analyst confirms user IDs and password hashes leaked as part of initial attack 2 hours EXFILTRATION ATTEMPT PREVENTED Partner works with customer to mitigate compromised accounts 6 hours COMPROMISE ACTIVITY Discovered through inspection of 987 log messages indicative of a SQL injection attack Customer Type: Retail Threat Type: Advanced SQL Injection
Preventing Ransomware Spread INCIDENT ESCALATION Critical risk of lateral movement through shared drives identified 14 min LATERAL MALWARE MOVEMENT PREVENTED Analyst performs forensic review of additional 8,000 log messages and 1,400 events that identifies additional attack vectors through related events 6 hours SUSPICOUS ACTIVITY Cryptowall detected on key gateway server in over 1,400 events (6,000 Packets) Customer Type: Retail Threat Type: Ransomware
To Follow our Research & Contact Information Blog https://www.alertlogtic.com/resources/blog Newsletter https://www.alertlogic.com/weekly-threat-report/ Cloud Security Report https://www.alertlogic.com/resources/cloud-security-report/ Zero Day Magazine https://www.alertlogic.com/zerodaymagazine/ Twitter @AlertLogic For More Information on Alert Logic Solutions Chris Camaclnag ccamaclang@alertlogic.com 206-673-4387
Thank you.
Ad

Recommended

Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
Aidan Finn
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
Alert Logic
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The Cloud
Mark Nunnikhoven
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
Alert Logic
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
Alert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
Himani Singh
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Azure security
Azure securityAzure security
Azure security
Lalit Rawat
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security Center
Lalit Rawat
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessAzure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
AWS Security
AWS Security AWS Security
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Giovanni Mazzeo
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical Challenge
Aidan Finn
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and compliance
Asaf Nakash
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
Udaiappa Ramachandran
 
Cloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloadsCloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloads
Asaf Nakash
 
Baker 2 Vegas 2017 Medical Team Orientation
Baker 2 Vegas 2017 Medical Team Orientation Baker 2 Vegas 2017 Medical Team Orientation
Baker 2 Vegas 2017 Medical Team Orientation
Troy Pennington
 
CULMINACION DE LA RELACION LABORAL
CULMINACION DE LA RELACION LABORALCULMINACION DE LA RELACION LABORAL
CULMINACION DE LA RELACION LABORAL
Jose Rodriguez
 
Ad

More Related Content

What's hot (20)

CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
Himani Singh
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Azure security
Azure securityAzure security
Azure security
Lalit Rawat
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security Center
Lalit Rawat
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessAzure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
AWS Security
AWS Security AWS Security
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Giovanni Mazzeo
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical Challenge
Aidan Finn
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and compliance
Asaf Nakash
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
Udaiappa Ramachandran
 
Cloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloadsCloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloads
Asaf Nakash
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
Himani Singh
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Azure security
Azure securityAzure security
Azure security
Lalit Rawat
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security Center
Lalit Rawat
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessAzure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
AWS Security
AWS Security AWS Security
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
Giovanni Mazzeo
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical Challenge
Aidan Finn
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and compliance
Asaf Nakash
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
Udaiappa Ramachandran
 
Cloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloadsCloud Camp: Infrastructure as a service advance workloads
Cloud Camp: Infrastructure as a service advance workloads
Asaf Nakash
 

Viewers also liked (20)

Baker 2 Vegas 2017 Medical Team Orientation
Baker 2 Vegas 2017 Medical Team Orientation Baker 2 Vegas 2017 Medical Team Orientation
Baker 2 Vegas 2017 Medical Team Orientation
Troy Pennington
 
CULMINACION DE LA RELACION LABORAL
CULMINACION DE LA RELACION LABORALCULMINACION DE LA RELACION LABORAL
CULMINACION DE LA RELACION LABORAL
Jose Rodriguez
 
GITN maakt een merk sterk.....
GITN maakt een merk sterk.....GITN maakt een merk sterk.....
GITN maakt een merk sterk.....
Louis Kester
 
Optics
OpticsOptics
Optics
hamid raza
 
Film trailer questionnaire with commentary
Film trailer questionnaire with commentaryFilm trailer questionnaire with commentary
Film trailer questionnaire with commentary
afkbbs_
 
Linear equations
Linear equationsLinear equations
Linear equations
jessica gonzalez
 
Rhabdomyosarcoma Of head and neck
Rhabdomyosarcoma Of head and neckRhabdomyosarcoma Of head and neck
Rhabdomyosarcoma Of head and neck
Prof. Ahmed Mohamed Badheeb
 
A estrela perdida
A estrela perdidaA estrela perdida
A estrela perdida
andreiasilva007
 
THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...
THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...
THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...
Konstantin Ivanovich Samoilov
 
Firma Sven De Ridder buigt verlies om in winst
Firma Sven De Ridder buigt verlies om in winstFirma Sven De Ridder buigt verlies om in winst
Firma Sven De Ridder buigt verlies om in winst
Thierry Debels
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & Compliance
Nuno Godinho
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
vivekbhat
 
Comportamientos digítales
Comportamientos digítalesComportamientos digítales
Comportamientos digítales
aolerlopezmariafernanda
 
Primer clase geometria arigossi
Primer clase geometria arigossiPrimer clase geometria arigossi
Primer clase geometria arigossi
moniprofe09
 
2 sesion de aprendizaje cuarto grado
2 sesion de aprendizaje cuarto grado2 sesion de aprendizaje cuarto grado
2 sesion de aprendizaje cuarto grado
MANUEL CONDORI QUISPE
 
Expert advisor brokerzy forex
Expert advisor brokerzy forexExpert advisor brokerzy forex
Expert advisor brokerzy forex
Dariusz Partelski
 
Adverts
AdvertsAdverts
Adverts
Laura Irazoqui
 
6 betsy mineraleS
6 betsy mineraleS6 betsy mineraleS
6 betsy mineraleS
FATIMA BETSABE VALENZUELA FLORES
 
O οδυσσέας στον ανεμόμυλο
O οδυσσέας στον ανεμόμυλοO οδυσσέας στον ανεμόμυλο
O οδυσσέας στον ανεμόμυλο
theatropaizontas
 
LAK17 Reflective Writing Analytics
LAK17 Reflective Writing AnalyticsLAK17 Reflective Writing Analytics
LAK17 Reflective Writing Analytics
Simon Buckingham Shum
 
Baker 2 Vegas 2017 Medical Team Orientation
Baker 2 Vegas 2017 Medical Team Orientation Baker 2 Vegas 2017 Medical Team Orientation
Baker 2 Vegas 2017 Medical Team Orientation
Troy Pennington
 
CULMINACION DE LA RELACION LABORAL
CULMINACION DE LA RELACION LABORALCULMINACION DE LA RELACION LABORAL
CULMINACION DE LA RELACION LABORAL
Jose Rodriguez
 
GITN maakt een merk sterk.....
GITN maakt een merk sterk.....GITN maakt een merk sterk.....
GITN maakt een merk sterk.....
Louis Kester
 
Optics
OpticsOptics
Optics
hamid raza
 
Film trailer questionnaire with commentary
Film trailer questionnaire with commentaryFilm trailer questionnaire with commentary
Film trailer questionnaire with commentary
afkbbs_
 
Linear equations
Linear equationsLinear equations
Linear equations
jessica gonzalez
 
Rhabdomyosarcoma Of head and neck
Rhabdomyosarcoma Of head and neckRhabdomyosarcoma Of head and neck
Rhabdomyosarcoma Of head and neck
Prof. Ahmed Mohamed Badheeb
 
A estrela perdida
A estrela perdidaA estrela perdida
A estrela perdida
andreiasilva007
 
THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...
THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...
THE ANCIENT GREEK ARCHITECTURE / The history of Architecture from Prehistoric...
Konstantin Ivanovich Samoilov
 
Firma Sven De Ridder buigt verlies om in winst
Firma Sven De Ridder buigt verlies om in winstFirma Sven De Ridder buigt verlies om in winst
Firma Sven De Ridder buigt verlies om in winst
Thierry Debels
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & Compliance
Nuno Godinho
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
vivekbhat
 
Comportamientos digítales
Comportamientos digítalesComportamientos digítales
Comportamientos digítales
aolerlopezmariafernanda
 
Primer clase geometria arigossi
Primer clase geometria arigossiPrimer clase geometria arigossi
Primer clase geometria arigossi
moniprofe09
 
2 sesion de aprendizaje cuarto grado
2 sesion de aprendizaje cuarto grado2 sesion de aprendizaje cuarto grado
2 sesion de aprendizaje cuarto grado
MANUEL CONDORI QUISPE
 
Expert advisor brokerzy forex
Expert advisor brokerzy forexExpert advisor brokerzy forex
Expert advisor brokerzy forex
Dariusz Partelski
 
Adverts
AdvertsAdverts
Adverts
Laura Irazoqui
 
6 betsy mineraleS
6 betsy mineraleS6 betsy mineraleS
6 betsy mineraleS
FATIMA BETSABE VALENZUELA FLORES
 
O οδυσσέας στον ανεμόμυλο
O οδυσσέας στον ανεμόμυλοO οδυσσέας στον ανεμόμυλο
O οδυσσέας στον ανεμόμυλο
theatropaizontas
 
LAK17 Reflective Writing Analytics
LAK17 Reflective Writing AnalyticsLAK17 Reflective Writing Analytics
LAK17 Reflective Writing Analytics
Simon Buckingham Shum
 
Ad

Similar to Azure 101: Shared responsibility in the Azure Cloud (20)

클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
Amazon Web Services Korea
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
Alert Logic
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
North Texas Chapter of the ISSA
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
Alert Logic
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
ober64
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
Karun Chennuri
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
Patrick Sklodowski
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Alert Logic
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
CloudHesive
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
Hostway|HOSTING
 
Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool
sangam biradar
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
Alert Logic
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
Patrick Sklodowski
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
RogerChaucaZea
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
Amazon Web Services Korea
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
Alert Logic
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
North Texas Chapter of the ISSA
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
Alert Logic
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
ober64
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
Karun Chennuri
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
Patrick Sklodowski
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Alert Logic
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
CloudHesive
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
Hostway|HOSTING
 
Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool
sangam biradar
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
Alert Logic
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
Patrick Sklodowski
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
RogerChaucaZea
 
Ad

Recently uploaded (20)

Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 

Azure 101: Shared responsibility in the Azure Cloud

  • 1. SHARED SECURITY RESPONSIBILITY IN AZURE Speaker - Chris Camaclang
  • 2. Agenda • Intro + Housecleaning + Surveys • Hybrid Cloud Landscape • Threat Landscape • Security Best Practices • Alert Logic Solutions and Value
  • 3. Hybrid Cloud Today CLOUD FALLOVER (DIFFERENT GEOGRAPHY) INTERNALEXTERNAL PRIVATE CLOUD PUBLIC CLOUD DEMO SITES MOBILE PHONES PROSPECT CUSTOMER BIZ PARTNER MANAGER PM ARCHITECT DEVELOPER SUPPORT SMART PHONE SMART TV TABLET/iPAD DESKTOP CLOUDTOPNOTEBOOK NETBOOK PRODUCTION STAGING QA DEV/TEST DEMO SITESPERFORMANCE TESTING IT + DEV SUPP SERVICES OFFICE SERVICES TIM/TAM SERVICES DESKTOP SERVICES MONITORING SERVICES BIZ. SUPP. SERVICES TRANSFORMATION SERVICES ADOBE LC SERVICES MESSAGING SERVICES SECURITY SERVICES BIZ. INT. SERVICES CODE MANAGEMENT SERVICES TIM/TAM SERVICES MONITORING SERVICES SECURITY SERVICES PERFORMANCE TESTING SECURETUNNEL SECURETUNNEL SECURETUNNEL SECURE TUNNEL SECURE TUNNEL
  • 4. The Impact of a Breach is Far-Reaching and Long-Lived THE CYBER KILL CHAIN¹ THE IMPACT Financial loss Harm brand and reputation Scrutiny from regulators IDENTIFY & RECON INITIAL ATTACK COMMAND & CONTROL DISCOVER & SPREAD EXTRACT & EXFILTRATE 1. http://cyber.lockheedmartin.com/cyber-kill-chain-lockheed-martin-poster COMPANIES OF ALL SIZES ARE IMPACTED
  • 6. Threats by Customer Industry Vertical Source: Alert Logic CSR 2016 29% 48% 10% 11% 2% Finance-Insurance-Real Estate APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 56%25% 17% 0% 2% Retail-Wholesale APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 54% 21% 22% 1% 2% Information Technology APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY
  • 7. 1 49 56 86 125 155 172 197 525 908 Denial of Service Crimeware Physical Theft / Loss Payment Card Skimmers Everything Else Cyber-espionage Privilege Misuse Miscellaneous Errors POS Intrusions Web App Attacks Security risk is shifting to unprotected web applications Web app attacks are now the #1 source of data breaches But less than 5% of data center security budgets are spent on app security Source: Verizon UP 500% SINCE 2014 $23 to $1 Percentage of Breaches 10% 20% 30% 40% Source: Gartner Web App Attacks
  • 8. Cloud Security is a Shared, but not Equal, Responsibility • Security Monitoring • Log Analysis • Vulnerability Scanning • Network Threat Detection • Security Monitoring • Logical Network Segmentation • Perimeter Security Services • External DDOS, spoofing, and scanning monitored • Hypervisor Management • System Image Library • Root Access for Customers • Managed Patching (PaaS, not IaaS) • Web Application Firewall • Vulnerability Scanning • Secure Coding and Best Practices • Software and Virtual Patching • Configuration Management • Access Management (inc. Multi-factor Authentication) • Application level attack monitoring • Access Management • Configuration Hardening • Patch Management • TLS/SSL Encryption • Network Security Configuration CUSTOMER ALERT LOGICMICROSOFT
  • 10. 10 Best Practices for Security 1. Understand the Cloud Providers Shared Responsibility Model 2. Secure your code 3. Create access management policies 4. Data Classification 5. Adopt a patch management approach 6. Review logs regularly 7. Build a security toolkit 8. Stay informed of the latest vulnerabilities that may affect you 9. Understand your cloud service providers security model 10. Know your adversaries
  • 11. 1. Understand the Cloud Providers Shared Responsibility Model The first step to securing cloud workloads is understanding the shared responsibility model Microsoft will secure most of the underlying infrastructure, including the physical access to the datacenters, the servers and hypervisors, and parts of the networking infrastructure…but the customer is responsible for the rest. Taken from the Shared Responsibility for Cloud Computing whitepaper, published by Microsoft in March 2016
  • 12. 2. Secure Your Code • Test inputs that are open to the Internet • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • DevSecOps
  • 13. 3. Create Secure Access Management Policies • Simplify access controls (KISS) • Lock down Admin account in Azure • Enable MFA (Azure, hardware/software token) • Identify data infrastructure that requires access (*Lock down AzureSQL) • Define roles and responsibilities (delegating service admins) • Azure NSG (private vs public) • Continually audit access (Azure Audit Logs) • Start with a least privilege access model (RBAC) *avoid owner role unless absolutely necessary • Don’t store keys in code (e.g. secret keys) • AAD Premium – (*Security analytics and alerting)
  • 14. 4. Data Classification • Identify data repositories and mobile backups • Identify classification levels and requirements • Analyze data to determine classification • Build Access Management policy around classification • Monitor file modifications and users
  • 15. 5. Adopt a Patch Management Approach • Use trusted images (*Prevent users from launching untrusted images) • Constantly scan all vulnerabilities in your images and patch them • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC
  • 16. 6. Log Management Strategy • Monitoring for malicious activity • Forensic investigations • Compliance needs • System performance • All sources of log data is collected and retained • Data types (Windows, Syslog) • Azure AD behavior • Azure Audit Logs (services, instances…activity, powershell) • Azure SQL Logs • Azure App Services Logs • Review process • Live monitoring • Correlation logic
  • 17. 7. Build a Security Toolkit • Recommended Security Solutions • Antivirus • IP tables/Firewall • Backups • FIM • Intrusion Detection System (VNET ingress/egress) • Malware Detection • Web Application Firewalls (inspection at Layer 7) • Forensic Image of hardware remotely • Future Deep Packet Forensics • Web Filters • Mail Filters • Encryption Solutions • Proxies • Log collection • SIEM Monitoring and Escalation • Penetration Testing
  • 18. 8. Stay Informed of the Latest Vulnerabilities • Websites to follow • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat-report/
  • 19. 9. Understand Your Service Providers Security Model • Understand the security offerings from your provider • Probe into the Security vendors to find their prime service • Hypervisor exploits are patched by the service provider • Questions to use when evaluating cloud service providers
  • 20. 10. Understand your Adversaries
  • 21. Threats are 24x7 = Security Operations 24x7 Monitor intrusion detection and vulnerability scan activity Search for Industry trends and deliver intelligence on lost or stolen data Collect data from OSINT and Underground Sources to deliver Intelligence and Content Identify and implement required policy changes Escalate incidents and provide guidance to the response team to quickly mitigate Incidents Monitor for Zero-Day and New and Emerging attacks Cross product correlate data sources to find anomalies
  • 23. Cloud Security is a Shared, but not Equal, Responsibility • Security Monitoring • Log Analysis • Vulnerability Scanning • Network Threat Detection • Security Monitoring • Logical Network Segmentation • Perimeter Security Services • External DDOS, spoofing, and scanning monitored • Hypervisor Management • System Image Library • Root Access for Customers • Managed Patching (PaaS, not IaaS) • Web Application Firewall • Vulnerability Scanning • Secure Coding and Best Practices • Software and Virtual Patching • Configuration Management • Access Management (inc. Multi-factor Authentication) • Application level attack monitoring • Access Management • Configuration Hardening • Patch Management • TLS/SSL Encryption • Network Security Configuration CUSTOMER ALERT LOGICMICROSOFT
  • 24. Vulnerabilities + Change + Shortage Complexity of defending web applications and workloads Risks are moving up the stack 1. Wide range of attacks at every layer of the stack 2. Rapidly changing codebase can introduces unknown vulnerabilities 3. Long tail of exposures inherited from 3rd party development tools 4. Extreme shortage of cloud and application security expertise Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Perimeter & end-point security tools fail to protect cloud attack surface Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
  • 25. Block Analyze Allow Your Data Focus requires full stack inspection…and complex analysis Known Good Known Bad Suspicious Security DecisionYour App Stack Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Threats App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management
  • 26. APP+CONFIG ASSESMENT Your Data Focus requires full stack inspection…and complex analysis Known Bad Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management COLLECTION TECHNOLOGY
  • 27. Your Data Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management APP+CONFIG ASSESMENT COLLECTION TECHNOLOGY Integrated value chain delivering full stack security… Signatures & Rules Anomaly Detection Machine Learning ANALYTICS Petabytes of normalized data from 4000+ customers
  • 28. Your Data Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks App Transactions Log Data Network Traffic Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management APP+CONFIG ASSESMENT COLLECTION TECHNOLOGY Signatures & Rules Anomaly Detection Machine Learning ANALYTICS Integrated value chain delivering full stack security, experts included Petabytes of normalized data from 4000+ customers • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center 24/7 EXPERTS & PROCESS
  • 29. Web App Attacks OWASP Top 10 Platform / Library Attacks System / Network Attacks Web Apps Server-side Apps App Frameworks Dev Platforms Server OS Hypervisor Databases Networking Cloud Management CLOUD INSIGHT Signatures & Rules Anomaly Detection Machine Learning Integrated value chain delivering full stack security, experts included • Threat Intelligence • Security Research • Data Science • Security Content • Security Operations Center ACTIVEWATCHDETECTION & PROTECTION Web Security Manager Log Manager Threat Manager ALERT LOGIC CLOUD DEFENDER
  • 30. New capabilities focused on Web Attack Detection 1 Over 150 new web attack incidents 2 Improved OWASP Top 10 Coverage powered by Anomaly Detection 3 Advanced SQL Injection Detection powered by Machine Learning Web App Attacks OWASP top 10 Platform / library attacks App / System misconfig attacks Attacks Over 250 breaches detected in 2016
  • 31. Alert Logic solutions are easy to deploy • Use a combination of host based agents and appliances to collect network and application traffic • Agents also collect logs from the VM • Azure Activity Logs are collected via the Azure Monitor API • Azure SQL or App Services Logs are collected from Azure storage accounts • Appliances can be used to do internal scanning, or we can do external and PCI scanning from our cloud
  • 32. HOW IT WORKS: Alert Logic Threat Manager for 3 Tier Application Stack + Azure SQL VNET RESOURCE GROUP Alert Logic Web Traffic Threat Manager Appliance AutoScale AutoScale Azure SQL Database Tier Azure Storage Table SQL Logs Application Tier VM ScaleSets Web Tier VM ScaleSets Application Gateway VM
  • 33. 3-Tier applications using VMs only VNET RESOURCE GROUP Web Traffic Customer B Alert Logic Threat Manager Appliance VM AutoScale Application Tier VM ScaleSets AutoScale Web Tier VM ScaleSets Database Tier SQL VM AvailabilitySets VNET RESOURCE GROUP AutoScale Application Tier VM ScaleSets AutoScale Web Tier VM ScaleSets Database Tier SQL VM AvailabilitySets Web Traffic Customer A
  • 34. ARM Template automate appliance deployments https://github.com/alertlogic/al-arm-templates
  • 35. Agents can be baked into VM images, or automatically installed using DevOps toolsets https://supermarket.chef.io/cookbooks/al_agents
  • 36. Alert Logic – a Leader in Forrester’s 2016 NA MSSP WAVETM “Alert Logic has a head start in the cloud, and it shows. Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations.” - Forrester WAVETM Report
  • 37. Addressing Customers with Compliance Requirements Alert Logic Solution PCI DSS SOX HIPAA & HITECH Alert Logic Web Security Manager™ • 6.5.d Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others • 6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public- facing web applications. • DS 5.10 Network Security • AI 3.2 Infrastructure resource protection and availability • 164.308(a)(1) Security Management Process • 164.308(a)(6) Security Incident Procedures Alert Logic Log Manager™ • 10.2 Automated audit trails • 10.3 Capture audit trails • 10.5 Secure logs • 10.6 Review logs at least daily • 10.7 Maintain logs online for three months • 10.7 Retain audit trail for at least one year • DS 5.5 Security Testing, Surveillance and Monitoring • 164.308 (a)(1)(ii)(D) Information System Activity Review • 164.308 (a)(6)(i) Login Monitoring • 164.312 (b) Audit Controls Alert Logic Threat Manager™ • 5.1.1 Monitor zero day attacks not covered by anti-virus • 6.2 Identify newly discovered security vulnerabilities • 11.2 Perform network vulnerability scans quarterly by an ASV or after any significant network change • 11.4 Maintain IDS/IPS to monitor and alert personnel; keep engines up to date • DS5.9 Malicious Software Prevention, Detection and Correction • DS 5.6 Security Incident Definition • DS 5.10 Network Security • 164.308 (a)(1)(ii)(A) Risk Analysis • 164.308 (a)(1)(ii)(B) Risk Management • 164.308 (a)(5)(ii)(B) Protection from Malicious Software • 164.308 (a)(6)(iii) Response & Reporting Alert Logic Security Operations Center providing Monitoring, Protection, and Reporting
  • 38. Scalable Threat Intel Process Delivers Relevant Content FUSIONNORMALIZATION ENTITY RESOLUTION LINK ANALYSIS CLUSTERING ANALYSIS COMPLEX ANALYSIS EXTRACTION HONEYNET 3RD-PARTY INTEL VULNERABILITIES WATCHLISTS RESEARCH TELEMETRY Big Data ReputationReputation BlacklistsBlacklists Content CoverageContent Coverage Incident ModelingIncident Modeling Intelligence GatheringIntelligence Gathering Relevant VulnerabilitiesRelevant Vulnerabilities Increased Contextual Awareness Increased Contextual Awareness Increase Incident Understanding Increase Incident Understanding Key Service CapabilitiesAnalysis TechniquesThreat Analytics PlatformInput Sources
  • 39. Stopping Imminent Data Exfiltration INCIDENT ESCALATION Partner and customer notified with threat source information and remediation tactics 8 min FUTHER ANALYSIS Alert Logic Analyst confirms user IDs and password hashes leaked as part of initial attack 2 hours EXFILTRATION ATTEMPT PREVENTED Partner works with customer to mitigate compromised accounts 6 hours COMPROMISE ACTIVITY Discovered through inspection of 987 log messages indicative of a SQL injection attack Customer Type: Retail Threat Type: Advanced SQL Injection
  • 40. Preventing Ransomware Spread INCIDENT ESCALATION Critical risk of lateral movement through shared drives identified 14 min LATERAL MALWARE MOVEMENT PREVENTED Analyst performs forensic review of additional 8,000 log messages and 1,400 events that identifies additional attack vectors through related events 6 hours SUSPICOUS ACTIVITY Cryptowall detected on key gateway server in over 1,400 events (6,000 Packets) Customer Type: Retail Threat Type: Ransomware
  • 41. To Follow our Research & Contact Information Blog https://www.alertlogtic.com/resources/blog Newsletter https://www.alertlogic.com/weekly-threat-report/ Cloud Security Report https://www.alertlogic.com/resources/cloud-security-report/ Zero Day Magazine https://www.alertlogic.com/zerodaymagazine/ Twitter @AlertLogic For More Information on Alert Logic Solutions Chris Camaclnag [email protected] 206-673-4387