Upload
amazon-web-services
View
587
Download
1
Embed Size (px)
Citation preview
Defending Your Workloads
Against the Next Zero-Day Attack
DVO207
Mark Nunnikhoven, Trend Micro
October 2015
2012 re:Invent
Cloud Security Is a Shared ResponsibilitySPR203 : http://bit.ly/2012-spr203
2013 re:Invent
How to Meet Strict Security & Compliance Requirements in the CloudSEC208: http://bit.ly/2013-sec208
How Trend Micro Build Their Enterprise Security Offering on AWSSEC307: http://bit.ly/2013-sec307
2014 re:Invent
Updating Security Operations for the CloudSEC313(R): http://bit.ly/2014-sec313
Customer Perspectives on Implementing Security Controls with AWSSEC314: http://bit.ly/2014-sec314
2015 re:Invent
Lessons from a CISO: How to Securely Scale Teams, Workloads, and
BudgetsDVO206: http://bit.ly/2015-dvo206
Defending Your Workloads Against the Next Zero-Day AttackDVO207: http://bit.ly/2015-dvo207
Even when there is patch, average time to deploy is 176 days
It’s a problem now
No long-term fix
Evolving situationZero-day
Event Timeline Event Action Action Timeline
1989-08-05 8:32 Added to codebase
+27 days, 10:20:00 Release to public
9141 days, 21:18:35 Initial report React Clock starts
1 day, 22:19:13 More details React
2 days, 7:30:12 Official patch :: CVE-2014-6271 Patch 4 days, 5:49:25
5 days, 9:16:35 Limited disclosure :: CVE-2014-6271 React
2 days, 4:37 More details React
3:44:00 More details React
Event Timeline Event Action Action Timeline
1989-08-05 8:32 Added to codebase
+27 days, 10:20:00 Release to public
9141 days, 21:18:35 Initial report React Clock starts
2 days, 7:30:12 Official patch :: CVE-2014-6271 Patch 4 days, 5:49:25
3:29:09 Official patch :: CVE-2014-7169 Patch 9 days, 19:17:00
3:15:00 Official patch :: CVE-2014-7186, CVE-2014-7187 Patch 4 days, 17:30:00
1 day, 11:55:00 Official patch :: CVE-2014-6277 Patch 1 day, 11:55:00
2 days, 20:24:00 Official patch :: CVE-2014-6278 Patch 2 days, 20:24:00
http://aws.amazon.com/architecture: Web application hosting reference architecture
http://aws.amazon.com/architecture: Web application hosting reference architecture
More in the Auditing Security Checklist for Use of AWS
AWS
IAM roles
Security groups
Network segmentation
http://aws.amazon.com/architecture: Web application hosting reference architecture
More in the Auditing Security Checklist for Use of AWS
You
All instances protected
Workload-specific rules
Centrally managed
http://aws.amazon.com/architecture: Web application hosting reference architecture
Follow @marknca for more…
ResolveReact
Deploy green/blue
Integrity monitoring
Operational Technique
Real-time control
Review configuration
Intrusion prevention
Operational Technique
Real-time control