preventing hybrid cloud environments from being breached

Download Preventing Hybrid Cloud Environments from Being Breached

Post on 20-Feb-2017

268 views

Category:

Technology

2 download

Embed Size (px)

TRANSCRIPT

  • PROTECTING CLOUD ENVIRONMENTS FROM BEING BREACHED

    Anthony Bettini

    FlawCheck

  • ANTHONY BETTINIFOUNDER & CEO

    Working in cybersecurity since 1996 (Netect, Bindview Team RAZOR, Guardent, Foundstone Labs, McAfee Avert Labs, Intel, Appthority, FlawCheck)

    Original vulnerabilities discovered in PGP, ISS, Symantec, Microsoft, Apple, etc.

    Founded Appthority, which did static & dynamic analysis of mobile apps and was named the Most Innovative Company of the Year at RSA Conference 2012

    Most recently, founded FlawCheck, the only scalable malware & vulnerability inspection platform for containers

    12+ cybersecurity patents (additional in progress)

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 2

  • WHAT IS HYBRID CLOUD?Putting some workloads in an organizations datacenter (private cloud)

    Putting some other workloads in a public cloud (AWS, Azure, etc.)

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 3

  • WHY HYBRID CLOUD?Top 3 enterprise reasons

    1. Cost

    2. Cost

    3. Cost

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 4

  • ENTERPRISE PUBLIC CLOUD

    Typically hosts an enterprises least sensitive data & workloads

    Strong risk aversion on the enterprise side, due to lack of trust in the cloud service providers operational security controls

    Concerns about regulatory compliance & audit

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 5

  • PUBLIC CLOUD EXPECTATIONS

    Enterprise

    Lower cost

    Increased trust (more security, better regulatory compliance assurances)

    Cloud Service Providers

    More revenue

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 6

  • CLOUD SERVICE PROVIDERS

    Easiest path to more revenue is giving customers what they want (lower cost & increased security)

    One way to potentially lower cost? Containers

    One way to potentially increase security? Containers

    Huge push in the Cloud Service Provider space to examine migrating to containers

    But from a security perspective, containers only provide isolation

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 7

  • PREDICTIONS FROM HEDVIG

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 8

  • Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 9

  • Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 10

  • ENTERPRISE TOP CONCERN

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 11

    42%

    21%

    16%

    11% 11%

    0%

    5%

    10%

    15%

    20%

    25%

    30%

    35%

    40%

    45%

    RECENT ENTERPRISE SURVEY BY FLAWCHECKVulnerabilities & Malware Policy Enforcement Isolation Auditability Network Perimeter Security

  • METAPHOR

    Vulnerabilities Malware

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 12

  • WHY ARE VULNERABILITIES A CONCERN?

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 13

  • WHY IS MALWARE A CONCERN?

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 14

  • Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 15

    CONTAINERS ARE EPHEMERAL

  • ELASTICSEARCH

    CVE-2014-3120 is a RCE bug in ElasticSearch (prior to 1.2.0)

    Ben Hall @ Ocelot Uproar was running ElasticSearch in a Docker container and it was breached via CVE-2014-3120 (first publicly-admitted breach of a Docker container environment in-the-wild (ITW)?)

    CVE-2014-3120 actively exploited in the wild and MetaSploit plugin available (works against dockerized ElasticSearch):

    https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/elasticsearch/script_mvel_rce.rb

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 16

    CVE-2014-3120

  • FLAWCHECK

    Automated solution for detecting vulnerabilities & malware in containers

    Takes seconds per container (supports parallelization & concurrent analysis for limitless scale)

    Runs on-premise or in the cloud

    Supports Docker on OpenStack

    Checks containers before they reach production environments

    Provides continuous monitoring solution

    Checkpoint inserted into the data pipeline to layer policy on top of containers

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 17

  • TEARING APART CONTAINERS What did we find?

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 18

  • BEGIN TO TRUST IMAGES

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 19

  • MODERN ANALOGY

    Launched in 2008 Launched in 2014

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 20

  • ANDROID MALWARE

    Started without doing security inspection of Android apps

    Today, performs static & dynamic analysis of Android apps, via Google Bouncer, with the hopes of finding malware

    Long list of Android malware:

    http://forensics.spreitzenbarth.de/android-malware/

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 21

  • DOCKER HUB

    Docker Hub Overall

    >15,000 pre-built containers

    >500 million downloads

    >30% of containers have vulnerabilities

    No security inspection by Docker

    Docker Hub Official Images

    ~100 official images (tag: latest)

    Blue-ribbon from Docker

    >90% of official images have vulnerabilities

    No security inspection by Docker

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 22

  • HYBRID CLOUD PROTECTION

    Isolation: Find a solution with strong isolation (e.g. Docker with Intel Clear Containers)

    Vulnerability Inspection: Ensure application workloads dont have vulnerabilities that could lead to data exfiltration (e.g. FlawCheck)

    Malware Inspection & Integrity Checking: Ensure workloads are malware-free (e.g. FlawCheck)

    Policy Compliance: Ensure your orchestration system enforces & logs what is happening to production, when it happens, and if it meets enterprise policy

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 23

  • THANK YOU

    Anthony Bettini

    Founder & CEO

    spadidar@flawcheck.com

    @AnthonyBettini

    Are you using Docker in development environments but concerned about the security of running it in production?

    Register today for FlawCheck Private Registrys free plan, which includes vulnerability & malware inspection services for 1 private repository:

    https://console.flawcheck.com/register

    Thursday, January 14, 2016 CONFIDENTIAL & PROPRIETARY. COPYRIGHT 2016 FLAWCHECK INC. ALL RIGHTS RESERVED 24

Recommended

View more >