Hack the Cloud Hack the Company: the Cloud Impact on Enterprise Security

Presented at AppSec USA 2015, Sept. 24, 2015, 11:30 a.m. (55 minutes)

iSEC Partners routinely carry out Attacker Modeled Penetration Tests that use any and all means possible to gain entry to a company. The goal is to test organizations against true-to-life attack and penetration activities that real attackers use in the breaches that make headline News (and the breaches that don't). Organizations that use Cloud Services to provision an operating environment to support a product, or use Cloud Service Providers to outsource elements of traditional enterprise IT into the Cloud, can find those very aspects used against them in an attack. While the potential attack surface for a breach changes, in many ways the use of Cloud infrastructure can make it easier for an attacker to gain access to critical systems and data. In this session the speaker will describe methods of penetration used during recent tests, illustrating how Cloud Services are viable entry points that lead to significant compromises. The following areas will be discussed: - Common mistakes in deploying Internet-facing Cloud infrastructure - Replication and communication paths between Cloud and on-premises infrastructure - Effective ways for attackers to gain access to the Cloud Service administration console - How the use of Cloud Services is weakening enterprise IT security - Methods for securing Cloud Services, closing vulnerabilities and protecting the company This session is a must-see for enterprise security professionals, software developers, system administrators and penetration testers.

Presenters:

• Kevin Dunn - Senior Vice President for Consultancy - NCC Group
  Kevin Dunn is Senior Vice President for Consultancy for NCC Group. Kevin has been a professional security consultant for over 15 years, working on diverse projects and challenging technologies for the world's largest and most demanding companies. His current responsibilities include delivering security consultancy while managing a talented highly technical team of Pentesters. Kevin works closely with Fortune 100 companies, covering Oil & Gas, Finance and Software sectors, developing strategic security assessment and advisory services for NCC Group brands from his office base of operations in Austin, TX. Over his career, he has worked on lots of physical penetration tests, site audits, and design or implementation projects for physical security.

Links:

• https://appsecusa2015.sched.com/event/3Vgb/hack-the-cloud-hack-the-company-the-cloud-impact-on-enterprise-security

Similar Presentations:

• Diana Initiative 2020 Virtual / Guardians of the cloud: the sysadmin's guide to cloud security
• ToorCon: Seattle (Beta) (2007) / Anycast Cloud Bursting
• Black Hat Europe 2017 / Detecting Threats In The Cloud With The Cloud