Stories from the Security Operations Center
-
Upload
alert-logic -
Category
Technology
-
view
129 -
download
7
Transcript of Stories from the Security Operations Center
STORIES FROM THE SECURITY OPERATIONS CENTER (S.O.C.)
Paul Fletcher
Cyber Security Evangelist, Alert Logic
Complexity of defending web applications and workloads
Web App
AttacksOWASP
Top 10
Platform /
Library
Attacks
System /
Network
Attacks
Network Topology
Popular Web Application Attacks
Source: blog.sucuri.net
Recent SQL Injection Vulnerabilities
Today’s Attacks Have Several Stages
Initial Attack:
Word Press
XMLRPC Attack
Initial Attack: Word Press XMLRPC Attack
Athletic Apparel Shop Brick & Mortar and e-commerce
Application stack Custom code written in XML
Word Press content management system
MySQL database
Detection method Intrusion Detection System (IDS)
Log collection and analysis
Web Application Firewall (WAF)
Word Press XMLRPC Attack
Word Press XMLRPC Attack
Word Press XMLRPC Attack
Mitigating WP XMLRPC Attacks
Mitigating WP XMLRPC Attacks
Mitigating WP XMLRPC Attacks
Exfiltration:
SQL Injection
Exfiltration: SQL Injection Attack
SQL Injection Attack
SQL Injection Attack
What do you see?
Attack:
Response:
SQL Injection Attack
Impact of Web App Attacks – Key Takeaways
• Web Apps are becoming more prevalent in organizations
- Use of open source versus traditional applications
• Web App attacks are “gateway” attacks
- Yahoo breach started with a Word Press hack
- 9,000 C&C servers compromised by Word Press hack
- Shadow IT
• Early Stage Detection
- Prevents our customers from dealing with large scale breaches
How Alert Logic Detects Threats
Thank You.