Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 10_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 On-premise vs. Third Party Security Controls Provided by Major CSPs Firewall and ACLs 1PS/IDS Web Application Firewall Third Party Only Third Party Only Third Party Only Third Party Only Application Gateway Cloud Armor Oracle Dyn WAF Cloud Internet Services (WAF) AWS Firewall Manager SIEM Log Analytics AWS Security Hub Advanced Log Analytics Azure Monitor Stackdriver Monitoring Oracle Security Monitering and Amazon GuardDuty Stackdriver Logging Analytics Cloud Activity Tracker Antimalware Third Party Only Microsoft Antimalware/ Third Party Only Third Party Only Third Party Only Privileged Access Management Third Party Only Azure AD Privileged Identity Management Third Party Only Third Party Only Third Party Only Data Loss Prevention (OLP) Amazon Macie Information Protection (AIP) Cloud Data Loss Prevention API Third Party Only Third Party Only Vulnerability Assessment Amazon Inspector AWS Trusted Advisor Azure Security Center Cloud Security Scanner Security Vulnerability Assessment Service Cloud Security Advisor Vulnerability Advisor Email Protection Third Party Only Office Advanced Threat Various controls embedded in G-Suite Third Party Only Third Party Only HTTPS Load Balancing Third Party Only Cloud Load Balancer Google VPN Dynamic Routing Gateway (DRG) Secure Gateway Cloud Key Management Cloud Infrastructure Key Management Key Protect Cloud Security (PAM) SSL Decryption Azure Security Center Protection Elastic Load Reverse Proxy VPC VPN Virtual Network SSTP Customer Gateway AWS Transit Gateway Key Management Key Management Service Key Vault (KMS) Service 18M Log Analysis IPSec VPN On-premise vs. Third Party Security Controls Provided by Major CSPs (Cont’d) AWS MFA Built-in DDoS defense Built-in DDOS defense Cloud Internet Services Azure Active Directory Oracle Cloud Infrastructure IAM Cloud IAM APPID Oracle Cloud Infrastructure IAM App 1D Azure Active Directory h/S3 Bucket Load Balancer Elastic Load Balancer/CloudFront Azure Audit Logs Azure Load Balancer Security Key Enforcement VPC Flow Logs Access Oracle Cloud fi ture Audit pa Cloud Load Balancing HTTPS Load Balancing Cloud Infrastructure Load Balancing Log Analysis with LogDNA Cloud Load Balancer LAN Virtual Private Cloud (VPC) Virtual Network VPC Network Virtual Cloud Network (VCN) VIANS WAN Direct Connect ExpressRoute/MPLS Dedicated interconnects FastConnect Direct Link Endpoint Protection Third Party Only Microsoft Defender ATP Third Party Only Third Party Only Third Party Only Certificate Management AWS Certificate Manager Third Party Only Third Party Only Third Party Only Certificate Manager Amazon EC2 Container Service Azure Container Service Kubernetes Engine Oracle Container Services Containers-Trusted Compute AWS CloudTrail AWS Compliance Center Azure Policy Cloud Security Command Third Party Only Third Party Only AWS Backup Azure Backup Object Versioning Cloud Storage Nearline Archive Storage 18M Cloud Backup Container Security (ECS) Governance Risk and Compliance Monitoring Backup and Recovery (ACS) Amazon 3 Glacier Azure Site Recovery Center On-premise vs. Third Party Security Controls Provided by Major CSPs On-premise security controls are provided by cloud platforms to ensure reliable customer service. Generally, third-party tools are required to secure the cloud infrastructure in terms of the security controls that are not provided by the CSP. Before taking any technology decisions, organizations should review their requirements and the existing tools provided by each CSP based on a self-check or requirement-driven approach. Module 10 Page 1384 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 For example, = How many security tools are currently required in the organization? = What risks can the security tools reduce/address? = Rationalize the existing security vendors and tools. Matching the requirements with the solutions offered by the cloud vendor can help in making an effective technology decision regarding the selection of cloud provider. Additionally, it should be ensured that the third-party products can be integrated with the cloud platform. The security system should combine the third-party controls with the security controls provided by the CSP. ON-PREMISE AWS.. Firewall and ACLs Security Groups AWS Network ACLs AZURE GOOGLE. Network Security | Groups (NSGs). Third Party Only Third Party Only Cloud Oracle Dyn WAF | Internet ¥.. VPC Firewall e ieh Appscation Firewall (WAF) AWS WAF AWS Fi Il WS Firewa Application Gatewa PP v Cloud Armor. SIEM Log Analytics AWS Security Hub A GuardD mazon GuardDuty Advanced Lo. 8 Analytics Azure Monitor Stackdriver Monitoring Stackdri tac. river Logging Lists. Security G roups Third P Or:lry arty Services : Oracle Security Monitoring and Analytics Microsoft Third Party Only Cloud VCN Security. Third Party Only Antimalware IBM Cloud Armor IPS/IDS Manager Third Party Only ORACLE IBM Log Analysis Cloud Activi oud Activity Tracker Third Part Antimalware/ Third Party Only Third Party Only Onllry arty Azurg AD Privileged Identity Management Third Party Only Third Party Only Third Party Only Information Protection (AIP) Cloud Data Loss Prevention API Th. I NG Pty Oty Third Party Only Cloud S \S/ecluntyb'l't Azure Security Center Privileged Access Management Third Party Only (PAM) Data Loss Prevention (DLP) ASRERON vl Amazon Inspector M. MERCH. ] bilit ulnerability Assessment ::VS Trusted visor Email Protection Third Party Only SSL Decryption yp Reverse Proxy VPN SIS SeciRy Ceiter. Office Advance:d Threat Protection lasti Load Elastic Balancer Application Gateway VPC Customer Virtual Network Gateway AWS Transit Gateway Module 10 Page 1385. oud Security Scanner Various controls embedded in G-. ulnerability Assessment Service Third Party Only Suite HTT! P S.Load Balancing Google VPN SSTP it Third Party Only Cloud Security Advisor | bil Vu r?era ility Advisor. Aiked Pty Only Cloud Load Balancer Dyna.mic IPSec VPN Routing Secure Gateway (DRG) Gateway Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Cloud Key Management. Encryption At Rest Key Management. Service (KMS) Cloud Key Key Vault Infrastructure Management. Key Service.. | Elastic Block Storage Storage Encryption for Data at Rest Management Part of Google Cloud Platform Cloud AWS Shield 1AM 1AM MFA AWS MFA. A Cloud IAM...zure e Directory CloudWatch/S3 Logging/Auditing Bucket Azure Audit Logs g Elastic Load Balancer/CloudFront Azure Load Balancer ty Y Cryp.to Oracle Cloud Infrastructure IAM Cloud Internet. Services Cloud IAM APPID Oracle Cloud K Infrastructure IAM VPC Flow Logs Oracle Cloud Access Transparency Infra.structure Audit Cloud Load Cloud TIPS Hyper Protect Services SRRy Koy Enforcement Balancing. Block Volume B BiDoS defense Cloud Identit Directory A | Cloud Armor : i A?ure At Centralized Load Balancer Built-in DDoS defense Cloud Security Infrastructure T DDoS Ny FrOtec Load o Infrastructure H.Loa Balancing Load Balancing App ID. Log Analysis with LogDNA Cloud Load Balancer LAN Virtual Private Cloud (VPC) i | Network Virtual VPC Network Virtual Cloud Network (VCN) VLANSs WAN. Direct Connect ExpressRoute/MPLS Dedicated. FastConnect ’. Direct Link Endpoint. Microsoft Defender interconnects.. Protection Third Party Only ATP Third Party Only Third Party Only Certificate Management AWS Certificate Manager i Party OnlyI Third hird P Party OnlyI Third Third ird P Party Only.. Container Security Amazon EC2.. | Container Service (ECS) Governance Risk AWS CloudTrail and Compliance AWS Compliance Monitoring Center Backup and AWS Backup Recovery Amazon S3 Glacier - Azure Container Service (ACS) Kubernetes Engine & Oracle. Container Services Cloud Security Azure Policy Command Third Party Only Certificate Manager Containers- Trusted Compute Third Part Third Party Only Center onl Y v Object : Azure Backup. Azure Site Recovery Versioning Cloud Storage. Archive Storage Nearline I1BM Cloud Backup Table 10.9: On-premise vs. third-party security controls provided by major CSPs Module 10 Page 1386 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Cloud Security Tools Qualys Cloud Platform @ An end-to-end IT security solution that provides a continuous, always-on assessment of the global security and compliance posture, with visibility ;. 2 across all IT assets irrespective of where they reside O © o Qualys WannaCry Dashboard TOP § LOL/OBIOLETE OPERATING SYSTEMS MISEING M517.010 paTCH LATEST THREATS FROM LIVE FEED WANNACRY RANSOMEWARE DETECTED « AUTH ONLY CloudPassage Halo https://www.cloudpassage.com McAfee MVISION Cloud https://www.mcafee.com CipherCloud https://www.ciphercloud.com Netskope Security Cloud ASSETS WITH WANNACRY https://www.netskope.com Prisma Cloud _L\%fl_/—/—— https://www.paloaltonetworks.com https//www.qualys.com Copyright © by EC- IL All Rights Reserved. Reproduction is Strictly Prohibited. Cloud Security Tools Some tools for securing cloud environment include the following: = Qualys Cloud Platform Source: https://www.qualys.com Qualys Cloud Platform is an end-to-end IT security solution that provides a continuous, always-on assessment of the global security and compliance posture, with visibility across all IT assets irrespective of where they reside. It includes sensors that provide continuous visibility, and all cloud data can be analyzed in real-time. It responds to threats immediately, performs active vulnerability in internet control message protocol timestamp request, and visualizes results in one place with AssetView. Module 10 Page 1387 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing @ Exam 212-82 Qualys WannaCry SEARCH Dashboard TOP 5 EOL/OBSOLETE OPERATING SYSTEMS LATEST THREATS FROM LIVE FEED —— S— — pr— — e MISSING M517-010 PATCH WANNACRY RANSOMEWARE DETECTED - AUTH ONLY ASSETS WITH WANNACRY _R%fl_/—/_ Figure 10.67: Screenshot of Qualys Cloud Platform Additional cloud security tools include the following: * CloudPassage Halo (https.//www.cloudpassage.com) = McAfee MVISION Cloud (https://www.mcafee.com) = CipherCloud (https://www.ciphercloud.com) = Netskope Security Cloud (https://www.netskope.com) = Prisma Cloud (https.//www.paloaltonetworks.com) Module 10 Page 1388 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.