Make Cloud the Most Secure Environment for Business

Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

2

The average organization now uses 1,935 cloud apps

457638

8541018

11691353

169

259

333

409

513

582

626

897

1187

1427

1682

1935

2013 2014 2015 2016 2017 2018

Enterpr ise cloud apps Consumer cloud apps

an increase of 15% over last year

Source: McAfee Cloud Adoption Report, Nov 2018

3Source: Business @ Work Finance 2018, Okta

The average Financial Services organization uses 1,545 cloud apps

4Source: McAfee Cloud Adoption Report, Nov 2018

Most Cloud Apps are not Enterprise-ready

Office365, Workday, AWS, Azure?

Most Organizations:

38 days to patch a vulnerability regardless of security level

34 days to patch most critical CVEs

Source: Tcell Report on Security Patching

Mature Cloud Providers:

Weekly planned patching modelCritical vulnerabilities patched in 24 hours

Source: Tcell Report on Security Patching

Through 2020, public cloud infrastructure-as-a-service (IaaS) workloads will suffer at

least 60% fewer security incidents than those in traditional data centers

Source: Gartner

Microsoft’s annual security budget: $1bn

Source: Microsoft

Through 2022, at least 95% of cloud security failures will be the customer’s fault

Source: Gartner

Cloud security is a shared responsibility

12

Data Classification & Accountability

Client & End-Point Protection

Identity & Access Management

Application Level Controls

Network Control

Host Infrastructure

Physical Security

SaaSPaaSIaaS

Service Provider Responsibility

Customer Responsibility

Shared Responsibility

Shared Responsibility Model for Cloud

13

Client & End-Point Protection

Identity & Access Management

Data Classification & Accountability

Shared Responsibility Model for SaaS

14

Unmanageddevices

Collaboration Malware

Rogue Employee

Compromised Accounts

Shared Responsibility Model for SaaS

87% companies permit employees to use unmanaged devices to access business

apps

Source: McAfee Cloud Adoption Report, Nov 2018

21% of cloud data is sensitive

Source: McAfee Cloud Adoption Report, Nov 2018

83% of organizations worldwide admit that they store sensitive data in the cloud

Source: McAfee Cloud Adoption Report, Nov 2018

48.3% of files in the cloud are shared

19

12% of shared files are accessible to anyone with a link

14% of files shared with a personalemail address

Source: McAfee Cloud Adoption Report, Nov 2018

20

Cloud is the new favorite target of threat actors

Source: McAfee Cloud Adoption Report, Nov 2018

81% of all hacking-related breaches leveraged either stolen and/or weak passwords

Source: Verizon Data Breach Investigation Report 2018

Of All Organizations, Every Month

94%: at least 1 insider threat80%: at least 1 compromised account threat92%: stolen cloud credentials on dark web

Source: Verizon Data Breach Investigation Report 2018

23

Persistent Login AttackBrute Force Logins’ Distant Cousin

Attack MOEnumerate usernames (using first, middle and last names)§ 5-60 different username combinations attempted per User§ Number of attempts vary proportionally, to the value of the

User

Attempt logins for each of the usernames§ Multiple IPs used, one attempt by one IP using one password

Threat Objectives

Assess the organization’s O365 authentication framework (username validation, SSO, MFA etc)

Identify valid usernames, system accounts etc; and if they federate to an SSO/MFA

Compromise O365 accounts

24

KnockKnock Attack

Attack MOTarget system accounts, that do not have MFA or federate to an SSO

Target admins & accounts that have higher privileged access (non-federated authaccounts like *.onmicrosoft.com for O365)

Threat Objectives Compromise high privilege system accountsWiden a breach using malware or phishing leading to deep-set infiltration

Rogue Machines

Originating Geos& Networks

LargeEnterprises

Service Accounts

25

Identifying cloud threats is like finding a needle in the “CloudStack”

100M:1 events:threats

Source: McAfee Cloud Adoption Report, Nov 2018

26

16%

31%

8%7%

13%

11%

5%5%

Salesforce

Office 365Google Docs2%

Slack2%

AWS

CustomApps

BoxServiceNow

High-RiskShadow

Med/Low-RiskShadow

Office 365 contains the most sensitive data, at 31%

Source: McAfee Cloud Adoption Report, Nov 2018

Threats in Office365 have grown 63% in past two years

28

Shared Responsibility Model for IaaS/PaaS

Data Classification & Accountability

Client & End-Point Protection

Identity & Access Management

Application Level Controls

Network Control

Host Infrastructure

Physical Security

29

Compromised Accounts

MalwareMisconfiguration

Provisioning Sprawl

Containers and Workloads

Rogue Use

Workload to Workload Communication

Shared Responsibility Model for IaaS/PaaS

30

AWS dominates in terms of user access count

Source: McAfee Cloud Adoption Report, Nov 2018

31

Most organizations have a multi-cloud strategy

Source: McAfee Cloud Adoption Report, Nov 2018

Average organization has 14 misconfigured IaaS services running at a given time

Source: McAfee Cloud Adoption Report, Nov 2018

33

Top 10 most commonly misconfigured AWS services

1. EBS Data encryption is not turned on2. There’s unrestricted outbound access3. Access to resources is not provisioned using IAM roles4. EC2 security group port misconfigured5. EC2 security group inbound access misconfigured6. Unencrypted AMI 7. Unused security groups 8. VPC Flow logs disabled9. Multi-factor authentication not enabled for IAM users10.S3 bucket encryption not turned on

Source: McAfee Cloud Adoption Report, Nov 2018

34Source: McAfee Cloud Adoption Report, Nov 2018

35

Attack MOIdentify publicly readable, writeable or AWS user readable, writeable buckets

Identify publicly modifiable or AWS user modifiable ACLs

Plant malware in the publicly accessible AWS buckets

Threat ObjectivesLeak hundreds of thousands of records from misconfigured S3 buckets

Distribute malware using trusted-IaaS instances

GhostWriter Threat

Average organization experiences 1,527 DLP incidents in IaaS/PaaS per month

Source: McAfee Cloud Adoption Report, Nov 2018

In 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience 33%

fewer security failures

Source: Gartner

Security of the past is inadequate

Source: Gartner

39

EnterpriseData center

Network

Enterprise Data and Applications wereSecured by Locking Everything Down

Devices

Security of the Past was Network-centric

40

SaaS

IaaS/PaaS

Enterprise Data Creation and Access in the Cloud Bypasses Existing Network Security Infrastructure

Security of the Cloud has to be Cloud-native

41

SaaS

IaaS/PaaS

Security of the Cloud has to be Cloud-native

… and has to be convenient enough!

42

Cloud-native Security – Regaining Visibility w/o Friction

Devices

IaaS/PaaS

Cloud-native Security Platform

Connect and Regain Visibility

SaaS

43

Devices

Cloud-native Security Platform

Connect and Regain Visibility

Enforce Threat and Data Protection Policies

IaaS/PaaS

SaaS

Cloud-native Security – Enforcing Control w/o Friction

44

Managed and Unmanaged

Devices

SaaS

IaaS/PaaS

Apply persistent protection to sensitive data and take real-time action to correct policy violations

Control

Gain complete visibility into data, workloads, containers

and user behavior in the cloud

Visibility

Cloud-native Security Platform

45

Cloud increasingly is home to sensitive enterprise data

Data sharing in the cloud is increasing

Data loss and threat vectors span SaaS and IaaS/PaaS

Cloud security is a shared responsibility

Making Cloud the Most Secure Environment for Business

Deploy cloud-native security platform

Thank you!