2017 samsung sds cyber security conference 클라우드기반 … · cyber security conference...
TRANSCRIPT
Copyright © 2017 Samsung SDS Co., Ltd. All rights reserved | Confidential
Oct 25, 2017
Samsung SDS
클라우드 기반효율적
보안 모니터링
2017 Samsung SDS
Cyber Security Conference
Agenda
I. Introduction
- Definition of Cloud Computing
- Shared Responsibility Model
II. Challenge
- Security Misconfiguration
- Hacked Cloud Account
III. Solution
- Cloud Access Security Broker
- Management & Alert
IV. Conclusion
Agenda
I. Introduction
- Definition of Cloud Computing
- Shared Responsibility Model
II. Challenge
- Security Misconfiguration
- Hacked Cloud Account
III. Solution
- Cloud Access Security Broker
- Management & Alert
IV. Conclusion
Copyright © 2017 Samsung SDS All rights reserved | Confidential 3 23
Definition of Cloud Computing Ⅰ. Introduction
Essential
Characteristics
Rapid Elasticity Measured Service
Broad Network Access Resource Pooling
On-demand Self-service
Service
Model
Deployment
Model
Hybrid Cloud
Infra
as a
Service
Platform
as a
Service
Software
as a
Service
Public
Cloud
Community
Cloud
Private
Cloud
Copyright © 2017 Samsung SDS All rights reserved | Confidential 4 23
Shared Responsibility Model
On-Premises IaaS PaaS SaaS
User
Networking
Storage
Server
Hypervisor
Guest OS
Middleware
Runtime
Data
Application
Physical
Networking
Storage
Server
Hypervisor
Guest OS
Middleware
Runtime
Data
Application
Physical
Networking
Storage
Server
Hypervisor
Guest OS
Middleware
Runtime
Data
Application
Physical
Networking
Storage
Server
Hypervisor
Guest OS
Middleware
Runtime
Data
Application
Physical
Pro
vid
er
Pro
vid
er
Pro
vid
er
User
User
Ⅰ. Introduction
Account Account AccountApplication
Copyright © 2017 Samsung SDS All rights reserved | Confidential 5 23
Hypervisor
Server/Storage
Networking
Physical
Shared Responsibility Model (cont.) Ⅰ. Introduction
IaaS
Application
/Data
Runtime
Middleware
Guest OS
Request
ResponsePhysical
Networking
Storage
Server
Hypervisor
Pro
vid
er
Guest OS
Middleware
Runtime
Data
Application
User
Account
Agenda
I. Introduction
- Definition of Cloud Computing
- Shared Responsibility Model
II. Challenge
- Security Misconfiguration
- Hacked Cloud Account
III. Solution
- Cloud Access Security Broker
- Management & Alert
IV. Conclusion
Copyright © 2017 Samsung SDS All rights reserved | Confidential 7 23※ Source : AWS Architecture Center, Reference Architecture for WordPress Hosting
Security Misconfiguration Ⅱ. Challenge
Anti-DDoSFirewall
WAF
IDS/IPS
Anti-WebShell
DB Access
Control
Legacy
Hacker
Cloud
Admin
Copyright © 2017 Samsung SDS All rights reserved | Confidential 8 23
Security Misconfiguration (cont.) Ⅱ. Challenge
Root Cause Incident in 2017
Copyright © 2017 Samsung SDS All rights reserved | Confidential 9 23
Security Misconfiguration (cont.) Ⅱ. Challenge
※ Source : AWS Management Console
Copyright © 2017 Samsung SDS All rights reserved | Confidential 10 23
Security Misconfiguration (cont.) Ⅱ. Challenge
※ Source : Project Heisenberg Cloud - Cross-Cloud Adversary Analytics - RAPID7 LABS - NOV16
Project Heisenberg Cloud : Services Exposed by Users of Cloud Environments
Amazon Azure Digital Ocean Google Rackspace Softlayer
Windows 1.2% 1.9% 0.3% 0.3% 4.0% 10.8%
Database 4.3% 3.6% 10.4% 2.5% 7.1% 22.4%
Mail 1.8% 1.4% 13.0% 0.4% 15.3% 34.0%
Shell 35.3% 17.7% 86.4% 74.1% 34.5% 42.7%
Web 74.2% 70.9% 80.3% 53.5% 83.1% 80.7%
22.4%
86.4% 74.1%
Copyright © 2017 Samsung SDS All rights reserved | Confidential 11 23
Ⅱ. Challenge
※ Source : Microsoft Security Intelligence Report (SIR) Volume 22 Highlights (Jan-Mar 2017)
0%
50%
100%
150%
200%
250%
300%
350%
400%
450%
JAN FEB MAR
2016 2017
Observed Accounts Under Attack During the First Three Months of 2016 & 2017
Hacked Cloud Account
Copyright © 2017 Samsung SDS All rights reserved | Confidential 12 23
Hacked Cloud Account (cont.)
SaaS
Networking
Storage
Server
Hypervisor
Guest OS
Middleware
Runtime
Data
Application
Physical
Ⅰ. Introduction
Account
IaaS
Networking
Storage
Server
Hypervisor
Guest OS
Middleware
Runtime
Data
Application
Physical
Account
Access, Session
Control
View, Modify, Delete, Download
& Encrypt All Data
View, Modify, Delete, Download
& Encrypt All Data
Login & Authentication + Password Policy + Auditing & Logging
User, Admin IP
Restrict
Agenda
I. Introduction
- Definition of Cloud Computing
- Shared Responsibility Model
II. Challenge
- Security Misconfiguration
- Hacked Cloud Account
III. Solution
- Cloud Access Security Broker
- Management & Alert
IV. Conclusion
Copyright © 2017 Samsung SDS All rights reserved | Confidential 14 23
Detect
Ⅲ. Solution
Authentication, Authorization
& Accounting
Machine Learning
& Big-data
24×7 Monitoring
& Dashboard
Manage Alert
!
Groupware CASB
Cloud Access Security Broker
SIEM
Security Information
& Event Management
Copyright © 2017 Samsung SDS All rights reserved | Confidential 15 23
Cloud Access Security Broker Ⅲ. Solution
Copyright © 2017 Samsung SDS All rights reserved | Confidential 16 23
Cloud Access Security Broker (cont.) Ⅲ. Solution
Cloud Marketplace
Cloud Broker Platform
Cloud management
SaaS
PaaS
IaaS
Cloud Platform
Virtualization Software/Mgmt
Hardware
Copyright © 2017 Samsung SDS All rights reserved | Confidential 17 23
Security Whitepapers CASB
Cloud Access Security Broker (cont.) Ⅲ. Solution
Bigdata Machine Learning
Audit
Copyright © 2017 Samsung SDS All rights reserved | Confidential 18 23
Cloud Access Security Broker (cont.) Ⅲ. Solution
CASB CASB CASB CASB
Copyright © 2017 Samsung SDS All rights reserved | Confidential 19 23
Management & Alert
Employer
Groupware Alert DashboardSIEM
Audit Log
Audit Log
Ⅲ. Solution
On-premise CASB
Employee
CASBUnmanaged
API Call
INTERNET
INTERNET
PaaS SaaSIaaS
Agenda
I. Introduction
- Definition of Cloud Computing
- Shared Responsibility Model
II. Challenge
- Security Misconfiguration
- Hacked Cloud Account
III. Solution
- Cloud Access Security Broker
- Management & Alert
IV. Conclusion
Copyright © 2017 Samsung SDS All rights reserved | Confidential 21 23
Ⅳ. Conclusion
Security ConvenienceConvenience
SecurityThreat
Copyright © 2017 Samsung SDS Co., Ltd. All rights reserved
삼성SDS 천준호 수석보
+82-2-6440-6256