Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Leoswaldo Macias - Protecting your App in the Cloud

Leoswaldo Macias - Protecting your App in the Cloud

DevOps Days GDL 2020 - February 20th


DevOpsDays GDL

February 21, 2020

More Decks by DevOpsDays GDL

Other Decks in Technology


  1. Protecting your App in the Cloud @LeoswaldoMacias

  2. Misconception

  3. Shared Responsibility Model

  4. “If you have access to change it then it is

    yours, if not, then it’s theirs”
  5. Incident Prevention A process to set instruments/tools/services to avoid possible

    threats or impacts during an attack Incident Response Plan What to do when once we are impacted
  6. Compliance Updates Maintain your instances up to date (OS, Libraries)

    Network Does this need to be public accessible? What ports should I let in? What traffic should go out? Encryption At rest In transit Secret Management Keep your secret data secret
  7. Network: Content Delivery Network CDN Content Delivery Network Your App

  8. Network: Web Application Firewalls Firewall Layer 3 and 4 WAF

    Contains Layer 7 attacks by inspecting for: • SQL Injections • XSS • Origin Geographically requests • String appearances • … and more
  9. At least you know How soon or late? What are

    the actions taken?
  10. Incident Response Plan • Preparation • Detection • Containment •

    Investigation • Recovery • Lesson Learn
  11. Preparation Log everything you can (this will also help for

    auditing) • Application Logs • Server Logs • Network Logs (Traces) • Access Logs and more Design the infrastructure to prevent single point of failure
  12. Detection Monitoring and Alerting • Behaviour rules like traffic spikes,

    CPU and Memory consumption • Traffic from countries not served • Sign in failures Page System :(
  13. Containment Use automated processes to isolate any further impact like:

    • Creating Network rules Make sure the impacted surface does not grow
  14. Investigation • Analyze logs and timelines • Check which alarming

    systems triggered • Check Dashboards
  15. Recovery Get your environment to normal state

  16. Lessons Learned Make sure all missings are documented and ARs

    are assigned and tracked
  17. Take Away #1 All applications are subject to exploits

  18. Take Away #2 I’d rather invest more money on security

    checks, tools, automation, than risking customer/company data
  19. Take Away #3 Security is a shared responsibility to be

    carried among all company employees, not only the Security crew
  20. Thanks! @LeoswaldoMacias leoswaldo.mancilla@wizeline.com