As a leader in its industry, Legendary Entertainment is transforming into a digital business with an aggressive strategy for cloud adoption. In this session, hear from Legendary CISO Dan Meacham and McAfee VP of Cloud Engineering Slawomir Ligier as they discuss how security accelerated that transformation. Topics include Legendary’s primary focus areas for security on AWS, creating a hybrid cloud security platform, gaining visibility into workloads, preventing lateral threat movement and attacks, and building a successful DevOps workflow that integrates security.
2. 2
Today’s Agenda and Key Takeaways
Agenda
▪ Enterprise Customer Cloud Journey Challenges
▪ Legendary Entertainment’s Cloud Transformation
▪ How MVISION Cloud helped Legendary Entertainment
Key Takeaways
▪ IaaS cloud workloads on AWS must be carefully designed and continuously
audited to help reduce risk and potential data loss
▪ Monitoring cloud activity and users for anomalous behavior can help to
identify insider threats and compromised accounts
▪ Storing business data in Amazon S3 introduces different considerations that
didn’t exist in the traditional datacenter model
3. 3
IaaS Fastest Growing Segment of Cloud
Source: Gartner Forecasts Worldwide Public Cloud Revenue press release, April 12, 2018
IaaS 35.9% CAGR
SaaS 22.2% CAGR
4. 4
31%
13%
11%
16%
8%
5%
5%
7%
2%
2%
IaaS,
24%
Misc,
10%
Enterprise
SaaS, 66%
Where is Your Sensitive Data in the Cloud?
Enterprise SaaS and IaaS Top Concerns:
▪ Data Visibility
▪ User Behavior / Threat Detection
▪ Security Compliance / Configuration
Zero-to-60 for IaaS
▪ More than 3x growth
▪ Continued enterprise push for cloud
transformation
6. 6
Where is Your Sensitive Data in the Cloud?
Average organization has
14 misconfigured IaaS services
running at a given time
7. 7
Where is Your Sensitive Data in the Cloud?
Average organization experiences
1,527 DLP incidents in IaaS/PaaS
per month
8. 8
Where is Your Sensitive Data in the Cloud?
How do I detect malicious or
insider activity in clouds I do not
control?
9. 9
3.8 PB
On-Prem Data
(2 Shows)
15 TB
One Character Model
2 PB
Data in AWS
58
Films
Box Office
$16 Billion
325
Employees
Single Show
2,000
10. 10
2013—Cloud First
Architecture
2014—95% IaaS / SaaS
2015 —User Centric
Security Architecture
2016—SSO and
Device Management
2017—CASB
2018—CASB
Insider Threat
Business Requirements
▪ Cloud First
▪ Secure Collaboration
▪ User Trust Model that supports
Cloud, SSO, and BYOD
Security Requirements
▪ Secure sensitive data
▪ Secure the device
▪ Enable employees and partners to
work from anywhere
11. 11
IaaS Key CASB Use Cases
2. Managing Rogue IaaS Accounts
Discover shadow IT usage and reclaim control of risky IaaS usage.
1. Security Configuration Monitoring of IaaS Resources
Identify IaaS resources with security settings that are non-compliant to CIS Level 1, 2 policies.
3. Visibility of Confidential Data
Gain visibility of regulated/high-value data stored in Amazon S3 Storage.
4. Activity Monitoring, Advanced Threat Protection
Capture an audit trail of activity for forensic investigations. Detect compromised accounts.
12. 12
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
IaaS
13. 13
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
IaaS
14. 14
Security Configuration Audit
Manage regulated/high-value data being stored in the cloud.
▪ 102 Unique Configuration
Checks and Policies
▪ Continuously monitor IaaS
security settings for
misconfiguration
15. 15
Security Configuration Audit
Manage regulated/high-value data being stored in the cloud.
▪ As IaaS admins correct
misconfigured settings,
McAfee automatically resolves
the incident
16. 16
Introducing MVISION Cloud “Shift Left”
What is CloudFormation?
▪ Agile Organizations use AWS CloudFormation Templates
▪ Allows for rapid rollout, preconfigured systems
MVISION Cloud “Shift Left” provides audit of AWS
CloudFormation
▪ Head off security and compliance issues BEFORE rollout
▪ Reduce risk for systems pushed into production
▪ Streamline DevSecOps
AWS
CloudFormation
17. 17
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
IaaS
18. 18
Managing Rogue IaaS Instances
Discover shadow AWS usage and reclaim control of risky IaaS usage.
▪ Enforce governance policies
and coach users to approved
IaaS platform
19. 19
Managing Rogue IaaS Instances
Discover shadow AWS usage and reclaim control of risky IaaS usage.
▪ Identify risky or unsanctioned
IaaS platforms in use
▪ Identify AWS Accounts not
under management
20. 20
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
IaaS
21. 21
Visibility of Confidential Data
Gain visibility of regulated/high-value data stored in Amazon S3 Storage
▪ Perform on-demand scans to
identify sensitive or protected
data stored in IaaS storage
services
▪ Remediate with Amazon S3
Encryption, Stronger Policies, or
Network Boundaries
22. 22
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
IaaS
Activity Monitoring
& Forensics
23. 23
Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
▪ Categorizes 100s of activities
into 13 categories for easy
filtering/navigation
24. 24
Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
▪ Expand the scope of an
investigation and browse a
geo-location map
25. 25
Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations
▪ Investigate activities for a
specific user centered around
an incident
26. 26
Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations
▪ IP reputation to identify access
by a malicious IP such as a TOR
network
27. 27
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
IaaS
Advanced Threat
Detection
29. 29
Advanced Threat Protection
Detect compromised accounts, insider threats, and malware
▪ No pre-defined policies or
thresholds, automatic models
based on activity
35. 35
As You Progress on Your Cloud Journey…
Storing and identifying regulated business data in Amazon S3 storage
introduces different considerations that didn’t exist in a
traditional datacenter model
Rapid Cloud Adoption planning
must be carefully designed and
continuously audited to help
reduce risk and potential data loss
Monitor cloud activity and users
for anomalous behavior can help to
identify insider threats and
compromised accounts