9 hours 29 minutes
C. S A. Guides describes several major categories of seconds providers in this video. We're going to review all of them. The list is up there. I'm going to be moving through different slides pretty quickly, and I'm not going to sit here and read off the list. But then we'll recap it at the end.
On popular category of SEC *** providers is identity access management services. So this could be Federated Identity Brokers.
And we covered this in previous videos. The whole Federated Identity. What is the role of a Federated Identity broker? This includes company senses, Okada and off zero. You may leverages Seconds provider to improve your authentication. So implementing a multi factor authentication service, outsourcing parts of it and pieces
so that you're leveraging this cloud hosted capabilities to realize that.
And then, finally, there's directory as a service. So Cloud based directory services thes include things like Azure Active Directory To say was AWS is directory services. Casby is a cloud application security broker. You may recall it intercepts communication going from your organization
to cloud services, specifically looking at the SAS services,
and this allows from monitoring enforcing policies, providing risk ratings of the SAS providers being used and even integrating with data loss prevention. We covered this topic much more extensively in data and encryption domain, so I'm not going to reiterate it. But if you do feel a little fuzzy about it, by all means, go back and check out that video
Web security gateways are similar to a cast and all the traffic flows through the Web security Gateway and these air used to provide real time protection off that traffic by examining and analyzing that. So, for example, it could be enforcing access policies. It could insulate you
and intercepting that and destroying that for you. Very similar, but a little more broad than a cast, because the cast keep in mind is focused on the SAS providers used, whereas the Web security gateways are gonna be focusing on all Web usage and access, even if it's just traditional websites that aren't assassin provider
email security is very common sec *** use. This is where the inbound and outbound email gets scanned in, reviewed by the third party that's operating in the cloud, so this will filter fishing or virus type attachments. It can even break out your spam and creates and prevention policies so your employees don't get overrun.
You can even employ policy based encryption. I've seen this where you put in the subject line bracket encrypt bracket.
And then this utility sitting there is going to see an email like that, and it's gonna automatically encrypt that email and send it off to the to the recipient. And there was. Recipients will have to go through different actions to view that encrypted email. And then, finally, another area that email security seconds can provide is digital signatures, which is often used
for a non repudiation.
Ah, fancy way of saying proving the person that sent it was indeed the individual that sent the email and that their identity was not being falsely assumed.
That gas provides security assessments as well. So it's gonna be a cloud based tool that assesses the services that are cloud services, or it can even be used to assess on Prem services. Remember, we talked about seconds can do on Prem Cloud or hybrid,
for that matter. There are some main categories. This kind of seconds provider is going to look at.
It's going to do traditional vulnerability assessments so might look at your eye as environment and the service running their or the on premise servers. Port scanning, trying to figure out. Do you have the necessary patches and so forth? It could do application security capabilities. So static application security testing, dynamic application,
security, testing, even run time application. Security protection. That's the rasp.
That's the last one. I don't think we've touched on that much cloud. Platform assessments can also be done. So not just assessing the I as the virtual machines themselves, but the overall cloud assets and the way they're configured, the way you have virtual net works set up the way you've done micro segmentation, hopefully
feedback to make sure you haven't unduly exposed any storage accounts for anonymous read only access to the entire Internet and even going so far as to make sure that you have set up the management plane so that those administrative accounts have tohave MF a enabled. Before those individuals can log into the management plane.
There's a lot of directions that thes assessment kind of tools can look at,
so some are going to be better at solving certain areas and problems than others. And this is why it's important that you have a good feel for what kind of assessments you really want, outsource and can make that determination. Is it worth your money to pay for a provider and the services that are being given?
Web application Firewalls are great. This is so when you are hosting an application on your Web server and you want to have some sort of filtering for all those incoming requests from various users across the general Internet. So it's gonna analyze the intake traffic. It's gonna filter it out. It's going to recognize if someone's
sending you http post, let's say with
sequel injection attacks or what could look like they're trying to do some sequel injection attacks. Maybe you wanna block a certain I p ranges that you don't want anybody coming to your site If they're coming. Visa vee these eyepiece. That air traditionally considered the dark Web right, and they've been using onion and kind of masquerading their I p.
The way the application firewall says, Well, that's nice, but we just don't want you coming to our site.
We're not willing to accept traffic from the dark Web. And another big thing that's incorporated is anti de DOS capabilities. So that distributed denial of service attack. This is the example of where the, um Seconds provider is insulating the client because they're getting all the traffic. First,
they're recognizing what's going on, and they're not forwarding the D DAS onto your actual Web servers
that air providing your Web application.
Intrusion detection intrusion prevention systems have been around for quite a while. They monitor behavioral patterns within your network. They detect anomalies, behaviors that they feel are risky. And in this case, because we're talking about a cloud based I. D. S and then a cloud based I ps, that information gets fed to the provider
and it gets analyzed in their cloud environment. And then the necessary alerts, actions and so forth that you've set up
are going to transpire If it feels like there's an intrusion going on.
Security information and event management is kind of similar. In that sense, it aggregates lots of log data event data. It looks a virtual networks. It looks a real networks applications, servers. All that data is analyzed. It applies your rule sets, and it triggers real time reports or alerts. The key thing is the cloud seem,
collects and analyzes the data itself in the cloud, as opposed to on premise,
encryption and key management. Type seconds providers allow you to encrypt data and manage encryption keys. Major cloud providers include this kind of a service, and it's often limited to just the keys related to the cloud provider assets.
We previously discussed key management. So definitely go back to that video if you want to see more detail about
data encryption and how you manage keys and using cloud providers, clean management capabilities, HSM key stores and so forth.
And finally, there's business continuity. Disaster Recovery. This is where you have your backup data is being moved over to a cloud platform, so this could be when you have an on Prem servers, workloads, data center or of course, storage,
and you're moving that off to a cloud. It's even possible to do cloud to cloud. But if you start going down that path in that line of thinking, just bear in mind some of our prior conversations about being cloud agnostic and the difficulty in having sufficient competencies with numerous cloud providers within your organization to truly
allow you to fail over from one cloud provider toe another cloud provider. So it's
not is common that you're going to see this kind of surface used in business continuity or disaster recovery across cloud providers. But I have seen vendors advertising it when you're going through the implementation. It could include some sort of ah ah local gateway, especially when we're talking on Prem
to Cloud Provider. And that's toe optimize the data communications
between your on premise systems and the cloud provider. Ah, great examples of this include AWS Cloud endure. They bought that company, and it's a great service that they have to perform this as well as deserves site recovery capabilities. In this video, we went over major categories that the C. S. A guidance outlines for
SEC *** providers. This included identity access management services,
cloud application, security, broker's Web, security gateways, email, security, security assessments, Web application, firewalls, system incident and event management, key management and encryption, as well as business continuity and disaster recovery.
This course prepares you to take the CCSK certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.