Securing the Cloud
Glenn SolomonFeb 2016
• 1 team in the US and China
• $2.6 billion under management
• 6 funds | 150+ investments
• 15 years | 27 IPOs
G L E N N S O L O M O N• Managing Partner
• 10 years at GGV Capital
• Enterprise, SaaS, Cloud, Security, Mobile
• goinglongblog.com | @glennsolomon
Cybercrime is a Growth Industry
Source: 2015 Verizon DBIR Report; ITRC ; HP 2015 Cost of Cyber Crime Study; The Global State of Information Security Survey 2015; McAfee Net Losses – Estimating the Cost of Cybercrime
42.8MSecurity Incidents
5,810Confirmed
Data Breaches
61Countries
$445BAnnual Cost to the Global
Economy
Data Breaches by the Numbers
1,023,108,267Data Records Lost or Stolen in 2014
2,803,306 records lost or stolen every day
116,793 records every hour
1,947 records every minute
32 records every second
Source: SafeNet – The Art of Data Protection, Feb 2015
Only 4% of breaches were “Secure Breaches” where encryption was used
and the stolen data was rendered useless
Data Breaches are across all Industries
Source: WSJ
Hackers & Their Weapons
ParticipantsHackers
HacktivistsCriminal OrganizationsCommercial Vendors
State Sponsored Terror Groups
Available to PurchaseHacking Tools
Zero-day ExploitsCredit Card Data
eCommerce/Social-Media Credentials
Key ParticipantsEastern Europe
RussiaChina
USLatin America
Source: RAND National Security Research Division
The Cybersecurity Landscape is Vast
Source: Momentum Partners
Common Threats & Victims
Identity Theft Phishing Social Engineering Cyber AttackCyber Extortion
When you protect your company, you need to focus on all possible weaknesses. Hackers only need to find one way in…
The Corporate Challenge
Source: 2015 Verizon DBIR Report; BTIG Security Report – Attack of the Clones
Cloud-based Applications
Social Networking
Virtualization BYOD
83 million software applications today;141 million by 2017
Stolen or weak credentials involved in 76% of cyber attacks
14% of attacks or exploits are on cloud services, applications,
or storage systems
Mobile security breaches have
affected 65% of global organizations in
the last 12 months
The Next Generation of Cyber Security
Source: BTIG Security Report – Attack of the Clones
Legacy Security Companies Next Generation Equivalent
Firewall/Intrusion Prevention System Next Generation Network Security
Antivirus Next Generation Endpoint/Malicious Detection
Web Gateway/URL Filtering Cloud Security & Data Protection
Authentication, Authorization & Accounting
Identity & Access Management – The New Perimeter
Secure Event Management Security Intelligence & Analytics
Data Security Data Security, Discovery, Clarification, Control & Intel
Data Loss Prevention Inside Threat Protection
Governance, Risk Management & Compliance
Compliance Automation and Data Governance
New Threat Vectors
Source: Immuniweb, Symantec Internet Security Threat Report 2015; Crowd Research Partners – Insider Threat Report
Social Media ProtectionWhile email remains a
significant attack vector, 70% of social media scams were
manually shared.
Advanced Persistent ThreatsZero-day exploits are almost impossible
to detect and will work 9 out of 10 cases because they have legal, financial
and banking industry experts, psychologists, and even ex-law
enforcement officers behind them.
Insider ThreatsPrivileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations.
This is followed by contractors, consultants, and regular employees.
Compromised account credentials, or when someone’s account is hijacked, are
also a big part of this risk.
New Threat Vectors
Internet of ThingsThese hubs, switches, and
router are increasingly used to target the network. They have
processing, storage, and internet connectivity.
Mobile Security & Protection
As more users rely on their mobile devices, more spam,
scams, and threats are tailored to these devices. Mobile
malware such as bootkits will become harder to remove.
Critical InfrastructureThe most significant trend is the use of malware to compromise
supervisory control and data acquisition (SCADA) systems,
including Homeless Management Information
System (HMIS), historians, andother connected devices.
Source: Symantec Internet Security Threat Report 2015; Crowd Research Partners – Insider Threat Report
Approaches Over Time1987-2009 2009-2014 2014 onward 2015 onward
Signatures Sandboxes Anomaly Detection Zero-Trust
APTAttack Sophistication Level
Hammertoss, Black Energy, etc
Endpoint
Content
Network
Source: Based on Agari presentation material
Modern Security Challenges in the CloudChallenge: Corporate services are migrating to the cloud
Secure Application Access
Privileged Access Management
Multi-FactorAuthentication FirewallsNetwork Access Control SSO
Challenge: Dynamic workloads due to multi-tiered apps & virtualization, containers, micro-services, etc.Protect Server to Server Interactions
Cloud Workload ManagementMachine Firewalls
Modern Security Challenges in the Cloud (cont)Challenge: Employees on websites via HTTP and mail –some malicious
Securing Employee to Internet
Cloud Policy ManagementCloud Access Security Brokers SaaS Data Encryption
Challenge: Rapid development cycles leave little room for security checksWeb App Security
RASPsWAFs CDNs
Emerging Protection for Emerging ThreatsInsider Threat Detection
Machine Learning to Spot Attacks
Industrial & Connected Device Security
Security Startups Raised $10.9B across 1074 Deals since 2010
Source: Momentum Partners, CB Insights
Additional ResourcesBooks Blogs
http://goinglongblog.com/
https://krebsonsecurity.com/
Q&A