Download - Preventing Hybrid Cloud Environments from Being Breached

PROTECTING CLOUD ENVIRONMENTS FROM BEING BREACHED

Anthony Bettini

FlawCheck

ANTHONY BETTINIFOUNDER & CEO

Working in cybersecurity since 1996 (Netect, Bindview Team RAZOR, Guardent, Foundstone Labs, McAfee Avert Labs, Intel, Appthority, FlawCheck)

Original vulnerabilities discovered in PGP, ISS, Symantec, Microsoft, Apple, etc.

Founded Appthority, which did static & dynamic analysis of mobile apps and was named the Most Innovative Company of the Year at RSA Conference 2012

Most recently, founded FlawCheck, the only scalable malware & vulnerability inspection platform for containers

12+ cybersecurity patents (additional in progress)

Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 © FLAWCHECK INC. ALL RIGHTS RESERVED 2

WHAT IS HYBRID CLOUD?Putting some workloads in an organization’s datacenter (private cloud)

Putting some other workloads in a public cloud (AWS, Azure, etc.)


WHY HYBRID CLOUD?Top 3 enterprise reasons

1. Cost

2. Cost

3. Cost


ENTERPRISE PUBLIC CLOUD

Typically hosts an enterprises least sensitive data & workloads

Strong risk aversion on the enterprise side, due to lack of trust in the cloud service provider’s operational security controls

Concerns about regulatory compliance & audit


PUBLIC CLOUD EXPECTATIONS

Enterprise

Lower cost

Increased trust (more security, better regulatory compliance assurances)

Cloud Service Providers

More revenue


CLOUD SERVICE PROVIDERS

Easiest path to more revenue is giving customers what they want (lower cost & increased security)

One way to potentially lower cost? Containers

One way to potentially increase security? Containers

Huge push in the Cloud Service Provider space to examine migrating to containers

But from a security perspective, containers only provide isolation …


PREDICTIONS FROM HEDVIG


ENTERPRISE TOP CONCERN


42%

21%

16%

11% 11%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

RECENT ENTERPRISE SURVEY BY FLAWCHECKVulnerabilities & Malware Policy Enforcement Isolation Auditability Network Perimeter Security

METAPHOR

Vulnerabilities Malware


WHY ARE VULNERABILITIES A CONCERN?


WHY IS MALWARE A CONCERN?



CONTAINERS ARE EPHEMERAL

ELASTICSEARCH

CVE-2014-3120 is a RCE bug in ElasticSearch (prior to 1.2.0)

Ben Hall @ Ocelot Uproar was running ElasticSearch in a Docker container and it was breached via CVE-2014-3120 (first publicly-admitted breach of a Docker container environment in-the-wild (ITW)?)

CVE-2014-3120 actively exploited in the wild and MetaSploit plugin available (works against dockerized ElasticSearch):

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/elasticsearch/script_mvel_rce.rb


CVE-2014-3120

FLAWCHECK

Automated solution for detecting vulnerabilities & malware in containers

Takes seconds per container (supports parallelization & concurrent analysis for limitless scale)

Runs on-premise or in the cloud

Supports Docker on OpenStack

Checks containers before they reach production environments

Provides continuous monitoring solution

Checkpoint inserted into the data pipeline to layer policy on top of containers


TEARING APART CONTAINERS What did we find?


BEGIN TO TRUST IMAGES


MODERN ANALOGY

Launched in 2008 Launched in 2014


ANDROID MALWARE

Started without doing security inspection of Android apps

Today, performs static & dynamic analysis of Android apps, via Google Bouncer, with the hopes of finding malware

Long list of Android malware:

http://forensics.spreitzenbarth.de/android-malware/


DOCKER HUB

Docker Hub Overall

>15,000 pre-built containers

>500 million downloads

>30% of containers have vulnerabilities

No security inspection by Docker

Docker Hub Official Images

~100 official images (tag: latest)

Blue-ribbon from Docker

>90% of official images have vulnerabilities

No security inspection by Docker


HYBRID CLOUD PROTECTION

Isolation: Find a solution with strong isolation (e.g. Docker with Intel Clear Containers)

Vulnerability Inspection: Ensure application workloads don’t have vulnerabilities that could lead to data exfiltration (e.g. FlawCheck)

Malware Inspection & Integrity Checking: Ensure workloads are malware-free (e.g. FlawCheck)

Policy Compliance: Ensure your orchestration system enforces & logs what is happening to production, when it happens, and if it meets enterprise policy


THANK YOU

Anthony Bettini

Founder & CEO

[email protected]

@AnthonyBettini

Are you using Docker in development environments but concerned about the security of running it in production?

Register today for FlawCheck Private Registry’s free plan, which includes vulnerability & malware inspection services for 1 private repository:

https://console.flawcheck.com/register


Download - Preventing Hybrid Cloud Environments from Being Breached

Top Related