SlideShare une entreprise Scribd logo

Top 5 Cloud Security Errors and How to Avoid Them

Amazon Web Services
Amazon Web Services

This document summarizes the top 5 security errors found in customer research and breach analysis from July to October 2018. It finds that 49% of organizations leave databases unencrypted, 41% do not rotate account access keys regularly, 32% publicly expose Amazon S3 buckets, 29% enable root user activities, and 27% leave default network settings open. It then discusses why there are so many errors, including disparate point security products, and proposes an effective cloud security approach with integrated requirements across visibility, configurations, compliance, runtime security, and more.

1  sur  12
Télécharger pour lire hors ligne
Top 5 Security Errors and How to Avoid Them Fred Meek Manager, Systems Engineering
Key findings based on customer research and breach analysis July – October 2018
49% Of organizations leave their databases unencrypted • Encrypt, encrypt, encrypt! • Encryption of Amazon S3 buckets allows for that data to remain untampered with and valid for said audits down the road • Encryption of RDS protect information even if databases are compromised or copied in a malicious manner
41%Of account access keys have not been rotated in more than 90 days • Rotate Keys Regularly • Rotate ALL credentials, passwords, and API Access Keys on a regular basis
32%Of organizations publicly exposed at least 1 Amazon S3 bucket • Don’t let your Amazon S3 bucket policies atrophy • Strengthen Amazon S3 buckets with either IAM Policies, Amazon S3 Bucket Policies, or Amazon S3 Access Control Lists
29% Of organizations enable root user activities • Disable Root Account API Access Key • Create IAM admin users. At least 2, no more than 3 per IAM group • Grant access to billing information and tools • Disable/Remove the default AWS root user API access keys
27% Of organizations leave default network settings for at least 1 account • Always lock down the IP and port of which you will gain access to your AWS environment • Only turn on access when it is needed and off again once administrative work has been accomplished
Why So Many Security Errors? Disparate Point Product Offerings CSP NATIVE TOOLS CONTAINER SECURITY TOOLS 8 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary. OPSDEV SIEM NETWORK MONITORING TOOLS • Silo'd tools • Can’t correlate across network, user and config • Not multi-cloud • Limited Compliance • DIY security - too much data, too much noise • Very expensive • Only provides part of the story CASB • IP addresses are elastic in cloud • Lacks cloud-native context GRC TOOLS • Not built for cloud • Great user & data context, lacks infrastructure context (network traffic, vuln, etc.) • Lacks threat hunting and incident response • Higher TCO, requires constant upkeep with CSPs • Limited coverage OPEN SOURCE TOOLS
Effective Cloud Security: Series of Integrated Security Requirements 9 | © 2016, Palo Alto Networks. Confidential and Proprietary. What’s actually happening? Who is making changes and why? What do I have in the cloud? Are my hosts and containers secure? Is my app & data secure? Network Security / Flow Logs / Threat Intel Credentials / Actions / Identity Asset Inventory Runtime Security / Image & Vuln Scanning DLP / Serverless / AppSec Am I compliant? Configurations / Compliance Reporting
The Problems We Can Help You Solve 10 | © 2016, Palo Alto Networks. Confidential and Proprietary. Network Security / Flow Logs / Threat Intel Credentials / Actions / Identity Visibility / Configurations / Compliance Runtime Security / Image & Vuln Scanning DLP / Serverless / AppSec • Real-time network visibility and incident investigations • Suspicious/malicious traffic detection • Virtual firewall for in-line protection (VM-series) • Account & access key compromise detection • Anomalous insider activity detection • Privileged activity monitoring • Asset inventory tracking and cloud “time machine” • Compliance scanning (CIS, PCI, GDPR, etc.) • Configuration best practices • Runtime security* • Static image analysis (vulnerabilities and compliance)* • Configuration monitoring (for cloud native) • Serverless* • DLP & malware scanning * Potential future roadmap
The Most Complete Cloud Security Offering 11 | © 2018, Palo Alto Networks. All Rights Reserved. Detective control Infrastructure security Incident response Data protection Visit Our Booth to Learn More
THANK YOU

Recommandé

Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...Amazon Web Services
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Amazon Web Services
 
Breaking down monolithic applications into microservices - DEM06-S - Chicago ...
Breaking down monolithic applications into microservices - DEM06-S - Chicago ...Breaking down monolithic applications into microservices - DEM06-S - Chicago ...
Breaking down monolithic applications into microservices - DEM06-S - Chicago ...Amazon Web Services
 
WildRydes Serverless Data Processing Workshop
WildRydes Serverless Data Processing WorkshopWildRydes Serverless Data Processing Workshop
WildRydes Serverless Data Processing WorkshopAmazon Web Services
 
Twelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitTwelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitAmazon Web Services
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitAmazon Web Services
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Machine learning for developers & data scientists with Amazon SageMaker - AIM...
Machine learning for developers & data scientists with Amazon SageMaker - AIM...Machine learning for developers & data scientists with Amazon SageMaker - AIM...
Machine learning for developers & data scientists with Amazon SageMaker - AIM...Amazon Web Services
 

Recommandé

Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...Amazon Web Services
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Amazon Web Services
 
Breaking down monolithic applications into microservices - DEM06-S - Chicago ...
Breaking down monolithic applications into microservices - DEM06-S - Chicago ...Breaking down monolithic applications into microservices - DEM06-S - Chicago ...
Breaking down monolithic applications into microservices - DEM06-S - Chicago ...Amazon Web Services
 
WildRydes Serverless Data Processing Workshop
WildRydes Serverless Data Processing WorkshopWildRydes Serverless Data Processing Workshop
WildRydes Serverless Data Processing WorkshopAmazon Web Services
 
Twelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitTwelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitAmazon Web Services
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitAmazon Web Services
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Machine learning for developers & data scientists with Amazon SageMaker - AIM...
Machine learning for developers & data scientists with Amazon SageMaker - AIM...Machine learning for developers & data scientists with Amazon SageMaker - AIM...
Machine learning for developers & data scientists with Amazon SageMaker - AIM...Amazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Amazon Web Services
 
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Amazon Web Services
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
 
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitDeep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitAmazon Web Services
 
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...Amazon Web Services
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Amazon Web Services
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
 
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Monitoring with container insights & anomaly detection - SVC308 - New York AW...
Monitoring with container insights & anomaly detection - SVC308 - New York AW...Monitoring with container insights & anomaly detection - SVC308 - New York AW...
Monitoring with container insights & anomaly detection - SVC308 - New York AW...Amazon Web Services
 
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Amazon Web Services
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Amazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Amazon Web Services
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Amazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAmazon Web Services
 
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitAmazon Web Services
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12Jim Kaplan CIA CFE
 

Contenu connexe

Tendances

Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Amazon Web Services
 
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Amazon Web Services
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
 
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitDeep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitAmazon Web Services
 
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...Amazon Web Services
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Amazon Web Services
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
 
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Monitoring with container insights & anomaly detection - SVC308 - New York AW...
Monitoring with container insights & anomaly detection - SVC308 - New York AW...Monitoring with container insights & anomaly detection - SVC308 - New York AW...
Monitoring with container insights & anomaly detection - SVC308 - New York AW...Amazon Web Services
 
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Amazon Web Services
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Amazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Amazon Web Services
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Amazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAmazon Web Services
 
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
 

Tendances (20)

Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
 
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitDeep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
 
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
 
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
Giving credit where credit’s due - myFICO’s cloud transformation - SVC204 - S...
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
Monitoring with container insights & anomaly detection - SVC308 - New York AW...
Monitoring with container insights & anomaly detection - SVC308 - New York AW...Monitoring with container insights & anomaly detection - SVC308 - New York AW...
Monitoring with container insights & anomaly detection - SVC308 - New York AW...
 
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
 
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
 

Similaire à Top 5 Cloud Security Errors and How to Avoid Them

Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitAmazon Web Services
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup SlidesJacksonMorgan9
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...Amazon Web Services
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights ManagementDavid J Rosenthal
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service ProviderTyrone Systems
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSShane Peden
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
How to Migrate to Cloud with Complete Confidence and Trust
How to Migrate to Cloud with Complete Confidence and TrustHow to Migrate to Cloud with Complete Confidence and Trust
How to Migrate to Cloud with Complete Confidence and TrustApcera
 

Similaire à Top 5 Cloud Security Errors and How to Avoid Them (20)

Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS Cloud
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights Management
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWS
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
 
Back to Front Vision for Mithi's Collaboration Environment
Back to Front Vision for Mithi's Collaboration Environment Back to Front Vision for Mithi's Collaboration Environment
Back to Front Vision for Mithi's Collaboration Environment
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
How to Migrate to Cloud with Complete Confidence and Trust
How to Migrate to Cloud with Complete Confidence and TrustHow to Migrate to Cloud with Complete Confidence and Trust
How to Migrate to Cloud with Complete Confidence and Trust
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Top 5 Cloud Security Errors and How to Avoid Them

  • 1. Top 5 Security Errors and How to Avoid Them Fred Meek Manager, Systems Engineering
  • 2. Key findings based on customer research and breach analysis July – October 2018
  • 3. 49% Of organizations leave their databases unencrypted • Encrypt, encrypt, encrypt! • Encryption of Amazon S3 buckets allows for that data to remain untampered with and valid for said audits down the road • Encryption of RDS protect information even if databases are compromised or copied in a malicious manner
  • 4. 41%Of account access keys have not been rotated in more than 90 days • Rotate Keys Regularly • Rotate ALL credentials, passwords, and API Access Keys on a regular basis
  • 5. 32%Of organizations publicly exposed at least 1 Amazon S3 bucket • Don’t let your Amazon S3 bucket policies atrophy • Strengthen Amazon S3 buckets with either IAM Policies, Amazon S3 Bucket Policies, or Amazon S3 Access Control Lists
  • 6. 29% Of organizations enable root user activities • Disable Root Account API Access Key • Create IAM admin users. At least 2, no more than 3 per IAM group • Grant access to billing information and tools • Disable/Remove the default AWS root user API access keys
  • 7. 27% Of organizations leave default network settings for at least 1 account • Always lock down the IP and port of which you will gain access to your AWS environment • Only turn on access when it is needed and off again once administrative work has been accomplished
  • 8. Why So Many Security Errors? Disparate Point Product Offerings CSP NATIVE TOOLS CONTAINER SECURITY TOOLS 8 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary. OPSDEV SIEM NETWORK MONITORING TOOLS • Silo'd tools • Can’t correlate across network, user and config • Not multi-cloud • Limited Compliance • DIY security - too much data, too much noise • Very expensive • Only provides part of the story CASB • IP addresses are elastic in cloud • Lacks cloud-native context GRC TOOLS • Not built for cloud • Great user & data context, lacks infrastructure context (network traffic, vuln, etc.) • Lacks threat hunting and incident response • Higher TCO, requires constant upkeep with CSPs • Limited coverage OPEN SOURCE TOOLS
  • 9. Effective Cloud Security: Series of Integrated Security Requirements 9 | © 2016, Palo Alto Networks. Confidential and Proprietary. What’s actually happening? Who is making changes and why? What do I have in the cloud? Are my hosts and containers secure? Is my app & data secure? Network Security / Flow Logs / Threat Intel Credentials / Actions / Identity Asset Inventory Runtime Security / Image & Vuln Scanning DLP / Serverless / AppSec Am I compliant? Configurations / Compliance Reporting
  • 10. The Problems We Can Help You Solve 10 | © 2016, Palo Alto Networks. Confidential and Proprietary. Network Security / Flow Logs / Threat Intel Credentials / Actions / Identity Visibility / Configurations / Compliance Runtime Security / Image & Vuln Scanning DLP / Serverless / AppSec • Real-time network visibility and incident investigations • Suspicious/malicious traffic detection • Virtual firewall for in-line protection (VM-series) • Account & access key compromise detection • Anomalous insider activity detection • Privileged activity monitoring • Asset inventory tracking and cloud “time machine” • Compliance scanning (CIS, PCI, GDPR, etc.) • Configuration best practices • Runtime security* • Static image analysis (vulnerabilities and compliance)* • Configuration monitoring (for cloud native) • Serverless* • DLP & malware scanning * Potential future roadmap
  • 11. The Most Complete Cloud Security Offering 11 | © 2018, Palo Alto Networks. All Rights Reserved. Detective control Infrastructure security Incident response Data protection Visit Our Booth to Learn More