Protecting Against Cloud Threats Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Many of the threats that face Cloud environment,
00:00
but let's talk about protecting against those threats.
00:00
In this lesson, we're going to cover
00:00
the controls against Cloud threats.
00:00
We're going to bring up some of the considerations
00:00
when implementing these controls.
00:00
Then overall, I really want to
00:00
stress the importance of defense in depth.
00:00
Here are some of our Cloud threats
00:00
again, external threats.
00:00
We had talked about this a little bit before,
00:00
the various types of attackers who
00:00
might want to try to compromise the system.
00:00
Well, the best way to prevent and protect
00:00
against external threats are by
00:00
limiting the attack surface.
00:00
We're talking about infrastructure here.
00:00
Hardening, meaning
00:00
basically hardening the infrastructure,
00:00
the hypervisor and
00:00
any virtual machines that are deployed in
00:00
your Cloud environment are central to
00:00
reducing the risk of external threats.
00:00
Hardening really means
00:00
eliminating any unnecessary services,
00:00
closing any unused ports,
00:00
making sure that the configurations are up-to-date.
00:00
In order to do that, you really want to ensure that you
00:00
have a secure baseline for configurations.
00:00
In the Cloud one of the benefits is that when
00:00
hypervisors or VMs are activated or turned on,
00:00
you can configure them so that they
00:00
check their configuration baseline against
00:00
your organization's security baseline
00:00
to ensure that they are up-to-date and compliant.
00:00
One of the other things to do is ensure that you
00:00
know where your sensitive data is kept.
00:00
We talked about the business impact analysis to
00:00
identify the most important assets
00:00
within your organization.
00:00
You want to make sure that those environments
00:00
have effective monitoring.
00:00
Another thing is to train your employees.
00:00
What should they be looking for?
00:00
What constitutes suspicious activity
00:00
in your Cloud network?
00:00
Then if they do see something,
00:00
you want to make sure that you have
00:00
a defined incident response
00:00
>> process and that you drill it
00:00
>> frequently so the employees please know what to do in
00:00
the event that an external threat is successful.
00:00
Then let's this talks about insider threats.
00:00
These are either intentional or accidental disclosures
00:00
of information or they
00:00
can be a number of
00:00
different things within your environment.
00:00
But how do you protect against insider threats?
00:00
Well, there really are
00:00
two opportunities to protect against insider threats.
00:00
Before the individual's hired
00:00
and then after they're hired.
00:00
Before someone is hired to work in a Cloud environment,
00:00
you want to ensure that you've done
00:00
extensive background checks on them,
00:00
especially if they're going to have access
00:00
to sensitive information,
00:00
either customer information or financial information.
00:00
Then it's important to test their skills to
00:00
ensure that you have an adequate understanding
00:00
of how well do they know how
00:00
to execute their job functions.
00:00
If their skills are weak,
00:00
they're more likely to make mistakes
00:00
that could compromise information.
00:00
Then there's after they're hired.
00:00
You've hired someone, you believe in their integrity,
00:00
you've done the background check,
00:00
you believe their skills are adequate.
00:00
Well, you need to make sure that they're well-trained
00:00
on the particulars of your Cloud environment,
00:00
as well as that their skills are kept up to
00:00
date to any changes in the technology.
00:00
Again, misconfigurations can result in
00:00
the accidental disclosure of
00:00
data or open up vulnerabilities.
00:00
We have trained our employees.
00:00
We should implement a number of controls to ensure
00:00
that employees are being kept on us,
00:00
such as mandatory vacations.
00:00
If fraud is being perpetrated within an environment,
00:00
forcing mandatory vacations will ensure that
00:00
potentially unmaintained scripts or
00:00
various backdoors potentially get exposed.
00:00
Another way of doing this as ensuring that jobs are
00:00
rotated on a fairly regular basis so that
00:00
one individual doesn't have
00:00
complete control over a particular area.
00:00
Another way of running this
00:00
is implementing two-person integrity.
00:00
Transactions or major configuration changes
00:00
or changes to the environment
00:00
needs to be improved by at least two people
00:00
or they need to work in tandem to implement them.
00:00
This prevents bigger mistakes
00:00
or insider threats from
00:00
>> being realized by one individual.
00:00
>> Another thing to prevent insider threats
00:00
is employee data masking.
00:00
We talked about this in Domain 2.
00:00
That data really should
00:00
only be available to people based on
00:00
the need to know what they need to
00:00
access this data in order to
00:00
>> perform their job function.
00:00
>> Any other data, especially sensitive data,
00:00
should be masked or redacted
00:00
to prevent the individual from seeing it.
00:00
Let us talk about stolen lost devices.
00:00
Remember, the Cloud is
00:00
accessed remotely through the Internet.
00:00
Therefore, any endpoint that potentially
00:00
has access or credentials
00:00
>> to it becomes a real liability.
00:00
>> Protecting devices before they
00:00
become stolen is really the main way
00:00
of protecting against this threat.
00:00
First, you want to encrypt any endpoints,
00:00
any laptops or workstations that
00:00
have the ability to access your Cloud environment.
00:00
You want to disable or destroy any USB ports to prevent
00:00
data from being exfiltrated and
00:00
>> stored on external media.
00:00
>> Then, especially in the case
00:00
of things that are lost or stolen,
00:00
you want to ensure that the laptop
00:00
or the mobile device is
00:00
configured with remote wiping capability so that
00:00
you can wipe all that data to prevent
00:00
the possibility that even
00:00
if it's encrypted that it's somehow decrypted.
00:00
You want to be able to have
00:00
remote wiping enabled to prevent that data
00:00
from ever being even examined. Then malware.
00:00
We talked about how malware is
00:00
less of an impact on software as a service,
00:00
but could potentially have a really high impact
00:00
the platform and infrastructure as a service.
00:00
You want to install
00:00
anti-malware agents or applications
00:00
on your host or virtual machines.
00:00
You want to employ regular patching to
00:00
ensure that the latest vulnerabilities are addressed.
00:00
This can be very difficult
00:00
because patches really should be
00:00
tested before they're
00:00
>> implemented in a Cloud environment.
00:00
>> However, it is important to
00:00
stay up-to-date with patching and
00:00
prioritize patches that are applicable to
00:00
the applications and software that you're
00:00
using within your Cloud environments.
00:00
You want to configure your virtual machines to check
00:00
their configurations to ensure that they
00:00
have the latest around the
00:00
>> patches that you've deployed.
00:00
>> Then again, when it comes to malware,
00:00
user awareness training is
00:00
essential to prevent people from
00:00
accidentally introducing malware to
00:00
environments through phishing campaigns.
00:00
Then we've also talked about how
00:00
the SIM Solution is really essential
00:00
to detect malware that
00:00
may be present in your environments.
00:00
Proper baselining of the
00:00
>> network is essential to capture
00:00
>> and know when there are
00:00
deviations and what malware maybe present.
00:00
Finally, natural disasters.
00:00
We're going to talk a lot more about this in detail in
00:00
our disaster recovery lessons.
00:00
But for now we want to understand that.
00:00
We want to make sure that our hosting provider,
00:00
or if we are the hosting provider,
00:00
that we have redundant sources of power
00:00
to maintain the conditions within our datacenter.
00:00
We also may want to engage and
00:00
ensure that we have backups
00:00
in different geographic regions that are
00:00
unaffected by the same natural disaster.
00:00
We covered a lot of
00:00
different controls against these threats.
00:00
I hope you see that,
00:00
especially when it comes to training employees
00:00
and enforcing monitoring,
00:00
as well as policies,
00:00
that this is how we employ defense in depth.
00:00
That these controls are all stacked on
00:00
each other and complement each other
00:00
in case a threat were to
00:00
move through your Cloud-based environment.
00:00
I want you to think about which of
00:00
these controls were you unfamiliar with.
00:00
Many of them can appear on the test.
00:00
I want you to think about which of these controls you
00:00
need to learn about more and understand their context.
00:00
Then it also, on a personal level,
00:00
did you hear about any controls that should
00:00
be implemented at your organization?
00:00
Did this discussion bring up
00:00
any potential gaps you have when it comes to
00:00
controls or improvements to
00:00
your level of defense in depth?
00:00
In summary, we talked about the controls
00:00
for Cloud-based threats,
00:00
and we also talked about how defense in depth
00:00
provides the greatest protection against these threats.
00:00
I'll see you in the next lesson.
Up Next