PROTECTING CLOUD ENVIRONMENTS FROM BEING BREACHED
Anthony Bettini
FlawCheck
ANTHONY BETTINI
FOUNDER & CEO
Working in cybersecurity since 1996 (Netect, Bindview Team RAZOR, Guardent,
Foundstone Labs,...
WHAT IS HYBRID
CLOUD?
Putting some workloads in an organization’s
datacenter (private cloud)
Putting some other workloads ...
WHY HYBRID
CLOUD?
Top 3 enterprise reasons
1. Cost
2. Cost
3. Cost
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. ...
ENTERPRISE PUBLIC CLOUD
Typically hosts an enterprises least sensitive data & workloads
Strong risk aversion on the enterp...
PUBLIC CLOUD EXPECTATIONS
Enterprise
Lower cost
Increased trust (more security, better
regulatory compliance assurances)
C...
CLOUD SERVICE PROVIDERS
Easiest path to more revenue is giving customers what they want (lower cost & increased
security)
...
PREDICTIONS FROM HEDVIG
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS ...
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 9
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 10
ENTERPRISE TOP CONCERN
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS R...
METAPHOR
Vulnerabilities Malware
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. AL...
WHY ARE VULNERABILITIES A
CONCERN?
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ...
WHY IS MALWARE A CONCERN?
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHT...
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 15
CONTAINERS A...
ELASTICSEARCH
CVE-2014-3120 is a RCE bug in ElasticSearch (prior to 1.2.0)
Ben Hall @ Ocelot Uproar was running ElasticSea...
FLAWCHECK
Automated solution for detecting vulnerabilities & malware in containers
Takes seconds per container (supports p...
TEARING APART
CONTAINERS
What did we find?
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHE...
BEGIN TO TRUST IMAGES
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RE...
MODERN ANALOGY
Launched in 2008 Launched in 2014
Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © F...
ANDROID MALWARE
Started without doing security
inspection of Android apps
Today, performs static & dynamic
analysis of And...
DOCKER HUB
Docker Hub Overall
>15,000 pre-builtcontainers
>500 million downloads
>30% of containers have vulnerabilities
N...
HYBRID CLOUD PROTECTION
Isolation: Find a solution with strong isolation (e.g. Docker with Intel Clear Containers)
Vulnera...
THANK YOU
Anthony Bettini
Founder & CEO
spadidar@flawcheck.com
@AnthonyBettini
Are you using Docker in development environ...
of 24

Preventing Hybrid Cloud Environments from Being Breached

Every week we are hearing about more organizations being breached. Whether it is healthcare organizations like Anthem, financial institutions like JP Morgan Chase, content providers like Sony Pictures Entertainment, or government institutions like the US Office of Personnel and Management, it seems like no one is invulnerable. Adjacent to this frustrating trend, is a total upheaval of the enterprise technology stack in the datacenter. Now the datacenter evolved to a private cloud and enterprises are interested in offloading, for cost efficiency purposes, some of those workloads to the public cloud. Hence the emergence of the hybrid cloud. The hybrid cloud presents unique security challenges that haven't existed before. With workloads moving between public and private clouds, across OpenStack environments and potentially in containers, how is an enterprise IT team supposed to protect their data and their company, from being breached? Is it even possible? FlawCheck believes data protection is not an insurmountable problem. But as technology changes and threads change, protection strategies and solutions also need to change. In this presentation, we’ll cover the risks associated with hybrid cloud environments, with a particular emphasis on malware, vulnerabilities, remediation management of hybrid cloud environments, and breach avoidance.
Published on: Mar 4, 2016
Published in: Technology      
Source: www.slideshare.net


Transcripts - Preventing Hybrid Cloud Environments from Being Breached

  • 1. PROTECTING CLOUD ENVIRONMENTS FROM BEING BREACHED Anthony Bettini FlawCheck
  • 2. ANTHONY BETTINI FOUNDER & CEO Working in cybersecurity since 1996 (Netect, Bindview Team RAZOR, Guardent, Foundstone Labs, McAfee Avert Labs, Intel, Appthority, FlawCheck) Original vulnerabilities discovered in PGP, ISS, Symantec, Microsoft, Apple, etc. Founded Appthority, which did static & dynamic analysis of mobile apps and was named the Most Innovative Company of the Year at RSA Conference 2012 Most recently, founded FlawCheck, the only scalable malware & vulnerability inspection platform for containers 12+ cybersecurity patents (additional in progress) Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 2
  • 3. WHAT IS HYBRID CLOUD? Putting some workloads in an organization’s datacenter (private cloud) Putting some other workloads in a public cloud (AWS, Azure, etc.) Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 3
  • 4. WHY HYBRID CLOUD? Top 3 enterprise reasons 1. Cost 2. Cost 3. Cost Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 4
  • 5. ENTERPRISE PUBLIC CLOUD Typically hosts an enterprises least sensitive data & workloads Strong risk aversion on the enterprise side, due to lack of trust in the cloud service provider’s operational security controls Concerns about regulatory compliance & audit Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 5
  • 6. PUBLIC CLOUD EXPECTATIONS Enterprise Lower cost Increased trust (more security, better regulatory compliance assurances) Cloud Service Providers More revenue Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 6
  • 7. CLOUD SERVICE PROVIDERS Easiest path to more revenue is giving customers what they want (lower cost & increased security) One way to potentially lower cost? Containers One way to potentially increase security? Containers Huge push in the Cloud Service Provider space to examine migrating to containers But from a security perspective, containers only provide isolation … Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 7
  • 8. PREDICTIONS FROM HEDVIG Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 8
  • 9. Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 9
  • 10. Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 10
  • 11. ENTERPRISE TOP CONCERN Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 11 42% 21% 16% 11% 11% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% RECENT ENTERPRISE SURVEY BY FLAWCHECK Vulnerabilities & Malware Policy Enforcement Isolation Auditability Network Perimeter Security
  • 12. METAPHOR Vulnerabilities Malware Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 12
  • 13. WHY ARE VULNERABILITIES A CONCERN? Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 13
  • 14. WHY IS MALWARE A CONCERN? Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 14
  • 15. Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 15 CONTAINERS ARE EPHEMERAL
  • 16. ELASTICSEARCH CVE-2014-3120 is a RCE bug in ElasticSearch (prior to 1.2.0) Ben Hall @ Ocelot Uproar was running ElasticSearch in a Docker container and it was breached via CVE-2014-3120 (first publicly-admitted breach of a Docker container environment in-the-wild (ITW)?) CVE-2014-3120 actively exploited in the wild and MetaSploit plugin available (works against dockerized ElasticSearch): https://github.com/rapid7/metasploit- framework/blob/master/modules/exploits/multi/elasticsearch/script_mvel_rce.rb Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 16 CVE-2014-3120
  • 17. FLAWCHECK Automated solution for detecting vulnerabilities & malware in containers Takes seconds per container (supports parallelization & concurrent analysis for limitless scale) Runs on-premise or in the cloud Supports Docker on OpenStack Checks containers before they reach production environments Provides continuous monitoring solution Checkpoint inserted into the data pipeline to layer policy on top of containers Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 17
  • 18. TEARING APART CONTAINERS What did we find? Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 18
  • 19. BEGIN TO TRUST IMAGES Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 19
  • 20. MODERN ANALOGY Launched in 2008 Launched in 2014 Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 20
  • 21. ANDROID MALWARE Started without doing security inspection of Android apps Today, performs static & dynamic analysis of Android apps, via Google Bouncer, with the hopes of finding malware Long list of Android malware: http://forensics.spreitzenbarth.de/ android-malware/ Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 21
  • 22. DOCKER HUB Docker Hub Overall >15,000 pre-builtcontainers >500 million downloads >30% of containers have vulnerabilities No security inspection by Docker Docker Hub Official Images ~100 official images (tag: latest) Blue-ribbon from Docker >90% of official images have vulnerabilities No security inspection by Docker Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 22
  • 23. HYBRID CLOUD PROTECTION Isolation: Find a solution with strong isolation (e.g. Docker with Intel Clear Containers) Vulnerability Inspection: Ensure application workloads don’t have vulnerabilities that could lead to data exfiltration (e.g. FlawCheck) Malware Inspection & Integrity Checking: Ensure workloads are malware-free (e.g. FlawCheck) Policy Compliance: Ensure your orchestration system enforces & logs what is happening to production, when it happens, and if it meets enterprise policy Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 23
  • 24. THANK YOU Anthony Bettini Founder & CEO spadidar@flawcheck.com @AnthonyBettini Are you using Docker in development environments but concerned about the security of running it in production? Register today for FlawCheck Private Registry’s free plan, which includes vulnerability & malware inspection services for 1 private repository: https://console.flawcheck.com/register Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 24

Related Documents