The need for protecting cloud hosted servers is the same as you would for traditional on-premise servers; that just because you’re hosting in the cloud doesn’t mean you can go lax on security. Systems still need to be patched and security measures still need to be put in place. If a breach does take place having an endpoint solution in place can speed up detection, allow for visibility into the attack, and stop the attack from causing further damage. For this presentation I built out a test lab in AWS and let someone hack the servers to see what happens. I will talk about what we saw when we opened RDP to the internet, what the bad guys did once they got in, including someone running a dating website scam, and someone trying to kick me off my own servers. I will show how the data events, system events, and user events can be used to help gain visibility. How monitoring entry and exit points can lead to finding unusual behavior. Also, how you should be monitoring what applications get put on servers in the cloud.
After completing this session, the learner will have an understanding of:
1. Monitor Exit and Entry Points: Not only should you be able to tell who did what on your cloud platform, but you should also create alerts to warn you of unusual activities.
2. Maintain Visibility and Control: Log system, user, and data events to gain visibility necessary for identifying sensitive data in the cloud and then implement automated, immediate responses to keep your organization secure.
3. Other Learning Points: Importance of having strong passwords, why you should use a standard images to deploy servers and why RDP and SSH should never be opened to the internet.
Brian is currently a Sales Engineer with Digital Guardian providing Data Loss Prevention (DLP) and Endpoint Detection and Response (EDR). Prior to joining DG, Brian was at InteliSecure as a DLP Professional Service Engineer. Brian also created a DLP testing website called dlptest.com (www.dlptest.com) which allows for easy testing of DLP policies and reveals DLP capabilities.