1 / 38

A 360 o Approach to Securing your Cloud Stack

A 360 o Approach to Securing your Cloud Stack. Hari Srinivasan Director of Product Management,Qualys. THR2337. What does modern IT look like?. ON-PREMISES. CLOUD. CONTAINER. SERVERLESS. Hybrid & Varied. 3. Qualys 2018. 26 September 2018. #1 Challenge in adopting newer technologies ….

danniej
Download Presentation

A 360 o Approach to Securing your Cloud Stack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A 360o Approach to Securing your Cloud Stack Hari Srinivasan Director of Product Management,Qualys THR2337

  2. What does modern IT look like? ON-PREMISES CLOUD CONTAINER SERVERLESS Hybrid & Varied.. 3 Qualys 2018 26 September 2018

  3. #1 Challenge in adopting newer technologies… …Security 4 Qualys 2018 26 September 2018

  4. Qualys, 2018 Cloud means … ON-PREMISES PUBLIC CLOUD HYBRID DEPLOYMENT

  5. Cloud Shared Security Responsibility Model You Cloud Provider Customer are responsible for securing your data and workloads Varies by layers 6 Qualys 2018 26 September 2018

  6. Cloud Security Needs for Workloads SaaS IaaS PaaS 7 Qualys 2018 26 September 2018

  7. Cloud WorkloadRisks/Threats • Vulnerable Software and Applications exploitable from outside and within • Non-standard/Non-compliant configurations • Undetected breaches, malware infections • Lack of deployment hygiene – expired certificates (attacks are via SSL) • Unauthorized File and Configuration changes • Un encrypted Data (at Rest and In Flight), privilege escalations • Untracked ephemeral instances Impacts to security program Qualys, 2018

  8. Cloud Inventory & Security Posture Dashboard • Visibility into your cloud instances inventory • Identify your security coverage • View Security posture 9 Qualys 2018 26 September 2018

  9. Cloud Security Needs for Infrastructure • Misconfigurations • Malicious behavior • Non-standard deployments Network access Accounts & Users Administrative access 10 Qualys 2018 26 September 2018

  10. Extended Visibility and Continuous Security Assessments Web Services or Foundation Benchmarks For Azure, CIS 1.0.0 Azure Foundations Benchmark Qualys, 2018

  11. Cloud Security needs.. Visibility Continuous Automated & #Transparent Orchestration across the Hybrid IT Qualys, 2018

  12. What Does the Modern IT Team Look Like?

  13. DevOps + Security != DevSecOps 14 Qualys 2018 26 September 2018

  14. 15 Qualys 2018 26 September 2018

  15. DevSecOps is a Shift in Thinking… • Time • An opportunity to dodifferent and betterthings earlier in thedevelopment lifecycle • Techniques • Think likeDevelopers: • Automation,Integration,Self-Service • Tools • Collaborate withsecurity vendors: • DevOps Integrations,APIs, Self-service UIs Qualys, 2018

  16. The Right Security Tools for the DevOps Process… Qualys, 2018

  17. DevOps/DevSecOps Requirements… • AUTOMATION & ACTIONABLE DATA …. DevSecOps Engineer Responsible for automating security checks and remediating viable security threats in development/deployment practices DEVELOPERS 18 Qualys 2018 26 September 2018

  18. Infrastructure Web Applications Containers AUTOMATE SECURITY

  19. 1. Infrastructure

  20. Qualys, 2018 CASE STUDY Customer Case Studies A Retail Company Top US Bank Reduced application releases from 2 weeks to 24 hrs byautomating security with Qualys into DevOps Enabling DevOps with automated agent deployment via Google Security Command Center

  21. Qualys, 2018 Top US Bank Before: Lack of Security Automation Delays Release Vulnerability Management Teams Machine Builders VM SCAN/REPORT 48 HOURS VM SCAN/REPORT 48 HOURS Two weeks until the Image is certified for production

  22. Qualys, 2018 Top US Bank After: Introduce Security at the Source Bake Security into Gold Images APPROVE and PUBLISH CI/CD PIPELINE QUALYS ASSESSON DEVINSTANCES HARDENDEDINSTANCES QualysScanner QualysScanner OS IMAGE QualysAgent Public Fix Vulns. & Config. Issues OS Bake OS Approved Gold Image Verify QualysAgent Live Instances Custom Less than 24 Hrs

  23. Qualys, 2018 Retail Company – Case Study (WIP) Challenge: Adopting a multi cloud strategy Problem?Developers want to be independent Ops wants to simplify the process of security tools rollout Security wants to participate into DevOps in Azure Solution? Utilizing Qualys integration with Azure Security Center Utilize ASC automation to bake agents into test subscription and review reports with ASC

  24. 2. Web Applications

  25. Use Case: Automated Integration into DevOps Selenium Selenium Qualys WAS Qualys WAS Jira Issues Jira Issues 26 Qualys, 2018 26 सयपटमबर 2018 • Image Source: https://www.smashingmagazine.com/2015/01/basic-test-automation-for-apps-games-and-mobile-web/

  26. Qualys, 2018 Qualys Web Security Assessmentsusing Jenkins CI/CD Staging Environment Test / QA Environment Dev Environment Developers Qualys Scanner Appliance WAS Engine HTTP Source Control API Jenkins

  27. Qualys, 2018 Web Application Assessment Jenkins Plug-in

  28. 3. Containers

  29. Qualys, 2018 Secure the complete container pipeline PRE-DEPLOYMENT PHASE POST-DEPLOYMENT PHASE HOST RUNTIME REGISTRY BUILD

  30. Qualys, 2018 Image Vulnerability Analysis in CI/CD Blocking vulnerable images entering repositories DEVELOPERS AUTOMATEDTESTS PASS DOCKERREPOSITORIES QUALYSVULNERABILITYANALYZER FAIL

  31. Qualys, 2018 Actionable Vulnerability Information

  32. Qualys Integrated Security Apps ASSET MANAGEMENT Certificate Inventory Cloud Inventory Asset Inventory CMDB Sync Maintain full, instant visibility of all your global IT assets Synchronize asset information from Qualys into ServiceNow CMDB Inventory of all your cloud assets across AWS, Azure, GCP and others Inventory of TLS/SSL digital certificates on a global scale IT SECURITY Continuous Monitoring Indication of Compromise Threat Protection Vulnerability Management Alerts you in real time about network irregularities Continuously monitor endpoints to detect suspicious activity Pinpoint your most critical threats and prioritize patching Continuously detect and protect against attacks, anytime, anywhere Certificate Assessment Container Security Assess all your digital certificates for TLS/SSL vulnerabilities Discover, track, and continuously protect containers COMPLIANCE MONITORING Policy Compliance PCI Compliance Security Configuration Assessment File Integrity Monitoring Assess security configurations of IT systems throughout your network Automate, simplify and attain PCI compliance quickly Automate configuration assessment of global IT assets Log and track file changes across global IT systems Cloud Security Assessment Security Assessment Questionnaire Get full visibility and control across all public cloud instances Minimize the risk of doing business with vendors and other third parties WEB APPLICATION SECURITY Web Application Scanning Web Application Firewall Secure web applications with end-to-end protection Block attacks and virtually patch web application vulnerabilities 33 Qualys, 2018 26 सयपटमबर 2018

  33. Qualys Security Conference 2018 Qualys security coverage for Azure Azure Resources – Storage, Virtual Network,.. Azure Virtual Machine Azure Web App Azure Container Engine SECURITY CENTER INTEGRATION VULNERABILITY MGMT. POLICY COMPLIANCEFILE INTEGRITY MONITORING INDICATORS OF COMPROMISE PATCH MANAGEMENT * CONTAINER SECURITY WEB APPLICATION SCANNING WEB APPLICATION FIREWALL CLOUD INVENTORY* CLOUD SECURITY ASSESSEMENT* CLOUD DATABASE SCAN* 34 Microsoft Ignite 2018 26 September 2018 * Roadmap for 2018

  34. Qualys Secure Azure Hybrid Cloud Azure Azure Stack 35 Qualys, 2018 26 सयपटमबर 2018

  35. Visibility – Get Started with a FREE Service CloudView A FREE inventory and monitoring service for your public clouds * FREE version is for Cloud Inventory, defaults to 3 accounts per cloud, can be extended further

  36. Please evaluate this sessionYour feedback is important to us! Please evaluate this session through MyEvaluations on the mobile appor website. Download the app:https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations

More Related