Slide 1

Slide 1 text

Protecting your App in the Cloud @LeoswaldoMacias

Slide 2

Slide 2 text

Misconception

Slide 3

Slide 3 text

Shared Responsibility Model

Slide 4

Slide 4 text

“If you have access to change it then it is yours, if not, then it’s theirs”

Slide 5

Slide 5 text

Incident Prevention A process to set instruments/tools/services to avoid possible threats or impacts during an attack Incident Response Plan What to do when once we are impacted

Slide 6

Slide 6 text

Compliance Updates Maintain your instances up to date (OS, Libraries) Network Does this need to be public accessible? What ports should I let in? What traffic should go out? Encryption At rest In transit Secret Management Keep your secret data secret

Slide 7

Slide 7 text

Network: Content Delivery Network CDN Content Delivery Network Your App WAF

Slide 8

Slide 8 text

Network: Web Application Firewalls Firewall Layer 3 and 4 WAF Contains Layer 7 attacks by inspecting for: ● SQL Injections ● XSS ● Origin Geographically requests ● String appearances ● … and more

Slide 9

Slide 9 text

At least you know How soon or late? What are the actions taken?

Slide 10

Slide 10 text

Incident Response Plan ● Preparation ● Detection ● Containment ● Investigation ● Recovery ● Lesson Learn

Slide 11

Slide 11 text

Preparation Log everything you can (this will also help for auditing) ● Application Logs ● Server Logs ● Network Logs (Traces) ● Access Logs and more Design the infrastructure to prevent single point of failure

Slide 12

Slide 12 text

Detection Monitoring and Alerting ● Behaviour rules like traffic spikes, CPU and Memory consumption ● Traffic from countries not served ● Sign in failures Page System :(

Slide 13

Slide 13 text

Containment Use automated processes to isolate any further impact like: ● Creating Network rules Make sure the impacted surface does not grow

Slide 14

Slide 14 text

Investigation ● Analyze logs and timelines ● Check which alarming systems triggered ● Check Dashboards

Slide 15

Slide 15 text

Recovery Get your environment to normal state

Slide 16

Slide 16 text

Lessons Learned Make sure all missings are documented and ARs are assigned and tracked

Slide 17

Slide 17 text

Take Away #1 All applications are subject to exploits

Slide 18

Slide 18 text

Take Away #2 I’d rather invest more money on security checks, tools, automation, than risking customer/company data

Slide 19

Slide 19 text

Take Away #3 Security is a shared responsibility to be carried among all company employees, not only the Security crew

Slide 20

Slide 20 text

Thanks! @LeoswaldoMacias [email protected]