Leoswaldo Macias - Protecting your App in the Cloud

Protecting your App in the Cloud @LeoswaldoMacias

Misconception

Shared Responsibility Model

“If you have access to change it then it is
yours, if not, then it’s theirs”

Incident Prevention A process to set instruments/tools/services to avoid possible
threats or impacts during an attack Incident Response Plan What to do when once we are impacted

Compliance Updates Maintain your instances up to date (OS, Libraries)
Network Does this need to be public accessible? What ports should I let in? What traffic should go out? Encryption At rest In transit Secret Management Keep your secret data secret

Network: Content Delivery Network CDN Content Delivery Network Your App
WAF

Network: Web Application Firewalls Firewall Layer 3 and 4 WAF
Contains Layer 7 attacks by inspecting for: • SQL Injections • XSS • Origin Geographically requests • String appearances • … and more

At least you know How soon or late? What are
the actions taken?

Incident Response Plan • Preparation • Detection • Containment •
Investigation • Recovery • Lesson Learn

Preparation Log everything you can (this will also help for
auditing) • Application Logs • Server Logs • Network Logs (Traces) • Access Logs and more Design the infrastructure to prevent single point of failure

Detection Monitoring and Alerting • Behaviour rules like traffic spikes,
CPU and Memory consumption • Traffic from countries not served • Sign in failures Page System :(

Containment Use automated processes to isolate any further impact like:
• Creating Network rules Make sure the impacted surface does not grow

Investigation • Analyze logs and timelines • Check which alarming
systems triggered • Check Dashboards

Recovery Get your environment to normal state

Lessons Learned Make sure all missings are documented and ARs
are assigned and tracked

Take Away #1 All applications are subject to exploits

Take Away #2 I’d rather invest more money on security
checks, tools, automation, than risking customer/company data

Take Away #3 Security is a shared responsibility to be
carried among all company employees, not only the Security crew

Thanks! @LeoswaldoMacias leoswaldo.mancilla@wizeline.com

Leoswaldo Macias - Protecting your App in the Cloud

Leoswaldo Macias - Protecting your App in the Cloud

DevOpsDays GDL

More Decks by DevOpsDays GDL

Other Decks in Technology

Featured

Transcript

Protecting your App in the Cloud @LeoswaldoMacias

Misconception

Shared Responsibility Model

“If you have access to change it then it is

Incident Prevention A process to set instruments/tools/services to avoid possible

Compliance Updates Maintain your instances up to date (OS, Libraries)

Network: Content Delivery Network CDN Content Delivery Network Your App

Network: Web Application Firewalls Firewall Layer 3 and 4 WAF

At least you know How soon or late? What are

Incident Response Plan • Preparation • Detection • Containment •

Preparation Log everything you can (this will also help for

Detection Monitoring and Alerting • Behaviour rules like traffic spikes,

Containment Use automated processes to isolate any further impact like:

Investigation • Analyze logs and timelines • Check which alarming

Recovery Get your environment to normal state

Lessons Learned Make sure all missings are documented and ARs

Take Away #1 All applications are subject to exploits

Take Away #2 I’d rather invest more money on security

Take Away #3 Security is a shared responsibility to be

Thanks! @LeoswaldoMacias leoswaldo.mancilla@wizeline.com