SlideShare uma empresa Scribd logo

AWS Chicago May 22 Security event - Redlock CSI report

AWS Chicago
AWS Chicago

Thank you to the RedLock team for sharing their Cloud Security Index report findings at the May 22nd AWS Chicago user group!

Tecnologia
1 de 17
Baixar para ler offline
Cloud Security Trends + 14 Tips to Fortify Your Public Cloud Environment Published by the RedLock CSI Team May 2018 Edition Cloud Threat Defense
Introduction Key Takeaways 01 - Account compromises fueling new attack vectors 02 - Cryptojacking goes mainstream 03 - Effective compliance must be omnipresent 04 - Beyond the specter of “Spectre” and “Meltdown” About the Report Ready to Take Action? 3 6 7 9 11 13 15 16 © 2018 RedLock Inc. All rights reserved. 2 Table of Contents
3© 2018 RedLock Inc. All rights reserved. Introduction This edition of RedLock’s Cloud Security Trends marks the report’s one year anniversary, and it’s been a sobering year in terms of public cloud breaches, disclosures and attacks. This report highlights key learnings from these incidents along with research by the RedLock Cloud Security Intelligence (CSI) team to shed light on the trends that we can expect this year.
2016 Oct Dec 2017 Jan May Oct Oct Nov Jun 2018 Feb Apr Jan 51% 25% 24% - Major companies impacted: Uber, OneLogin, Tesla, Aviva, Gemalto - RedLock research results: On average, 27% of organizations experienced potential account compromises - Major companies impacted: Deep Root Analytics, FedEx, Under Armour - RedLock research results: On average, 51% of organizations publicly exposed at least one cloud storage service - Major companies impacted: Tesla, Gemalto, Aviva - RedLock research results: 25% of organizations currently have cryptojacking activity in their environments - Major companies impacted: MongoDB, Elasticsearch, Intel, Drupal - RedLock research results: 24% of organizations have hosts missing high-severity patches in public cloud Account Compromises Risky Configurations Cryptojacking Vulnerabilities 27% 4© 2018 RedLock Inc. All rights reserved.
5© 2018 RedLock Inc. All rights reserved. The absence of a physical network boundary to the internet, the risk of accidental exposure by users with limited security expertise, decentralized visibility, and the dynamic nature of the cloud increases an organization’s attack surface by orders of magnitude. The shared responsibility model of cloud security clearly outlines the respective responsibilities of cloud service providers and their customers. The RedLock CSI team would like to remind you that your organization’s obligations in the shared responsibility model include: * Monitoring and remediating resource misconfigurations * Detecting and remediating anomalous user activities * Detecting and remediating suspicious network traffic * Identifying vulnerable hosts
KEY1. Account compromises fueling new attack vectors While organizations are ramping up security efforts to deter malicious actors from stealing credentials and access keys, new threats are always at-hand, such as those presented via Instance Metadata APIs. 2. Cryptojacking goes mainstream Unfettered access to expensive and high-powered public cloud compute resources is leading to increased cryptojacking attacks. 3. Effective compliance must be omnipresent Confidential data is moving to the cloud and organizations must prove compliance. Employing additional controls such as encryption and security frameworks, such as NISF CSF and CIS, still need to be operationalized. 4. Beyond the specter of “Spectre” and “Meltdown” Vulnerability management at scale is extremely complex in the cloud and is a key requirement of GDPR. Organizations need to consider how they will address the issue for their public cloud environments. 6© 2018 RedLock Inc. All rights reserved. Key Takeaways
01 7© 2018 RedLock Inc. All rights reserved. Account compromises fueling new attack vectors 43% 20% 27% of access keys have not been rotated in the last 90 days of organizations are allowing root user activities of organizations with potential account compromises Relative to last year, we have seen mixed trends with respect to account compromises. Organizations are becoming more knowledgeable and implementing best practices to avert cloud account compromises, but new attack vectors continue to present themselves. In addition to finding leaking credentials in GitHub repositories, unprotected Kubernetes administrative interfaces, and public Trello boards, the RedLock CSI team found yet another attack vector - public cloud instance metadata APIs. Public cloud instance metadata is data about your instance that can be used to configure or manage the running instance. Essentially, an instance’s metadata can be queried via an API to obtain access credentials to the public cloud environment by any process running on the instance. The overarching trend, however, is clear; account compromises will continue to evolve and organizations must be vigilant and take steps to defend against these threats. Key Findings The most concerning finding from the CSI team was that organizations’ need to do a much better job managing their access keys, as 43% of them had not been rotated in over 90 days. This is a big concern because access keys tend to have overly permissive access, thus creating greater exposure. It is a security best practice to rotate access keys
8© 2018 RedLock Inc. All rights reserved. Tips • Eliminate the use of root accounts for day-to-day operations • Enforce multi-factor authentication on all privileged user accounts • Implement a policy to automatically force periodic rotation of access keys • Automatically disable unused accounts and access keys • Implement user and entity behavior analytics solutions to identify malicious behavior 01significantly to this broader understanding. Additional investigation by the RedLock CSI team determined that 27% of organizations have users whose accounts have potentially been compromised. This result is up from our February 2018 trend report that showed 16%. This negative trend underscores that cloud security remains a porous environment. on a more frequent schedule to limit exposure should they fall into the wrong hands. The CSI team also found an encouraging trend; only 20% of organizations are allowing the root user account to be used to perform activities - down significantly from 73% last year. This trend indicates organizations are getting the message about managing root user accounts and RedLock’s CSI reports have contributed Account compromises fueling new attack vectors
9© 2018 RedLock Inc. All rights reserved. 85% 25% of resources do not restrict outbound traffic at all of organizations had cryptojacking activity within their environments Despite the recent ups and downs of cryptocurrency valuations, interest in illicit cryptomining remains high. Even with the recent disclosures by RedLock’s CSI team on cryptomining at Tesla, the practice of stealing cloud compute resources to mine cryptocurrency seems to have accelerated. One possible explanation for this, according the team, is the ransomware market is becoming saturated and overpriced, and hackers are setting their sights on new revenue streams - in this case cryptojacking. Another reason cryptojacking continues to proliferate is that attackers are using advanced evasion techniques when mining cryptocurrencies. The CSI team detailed some of these creative skills including in it’s blog post. Key Findings Surprisingly, 85% of resources associated with security groups do not restrict outbound traffic at all. This reflects an increase from one year ago when that statistic was 80%. The research found an increasing number of organizations were not following network security best practices and had misconfigured or risky configurations. Industry best practices mandate that outbound access should be restricted to prevent accidental data loss or data exfiltration in the event of a breach. In terms of cryptojacking, the team discovered that 25% of organizations had cryptojacking activity within their environments up from 8% last 02 Cryptojacking goes mainstream
10© 2018 RedLock Inc. All rights reserved. Tips • Implement a “deny all” default outbound firewall policy • Monitor north-south and east-west network traffic to identify any suspicious activities including cryptojacking • Monitor user activity for any unusual or abnormal behavior, such as unusual attempts to spin off new compute instances 02quarter. The team forecasted that cryptojacking would increase as it gained traction in the hacker community, but this rapid, dramatic growth was still unexpected. The rise of cryptojacking and seemingly misuse of security groups highlights the need for a holistic approach to security in the cloud. A combination Cryptojacking goes mainstream of configuration, user activity, network traffic, and host vulnerability monitoring is necessary to detect advanced threats in public cloud environments.
03 11© 2018 RedLock Inc. All rights reserved. Effective compliance must be omnipresent 49% 30% 23% of databases are not encrypted of CIS compliance checks fail of organizations fail NIST CSF compliance assessments 2018 continued 2017’s trend of significant data exposures resulting from cloud misconfigurations. FedEx and MyFitnessPal (Under Armour) both reported millions of exposed consumer records resulting from unsecured cloud storage services. Given the prevalence of cybersecurity standards - NIST CSF, CIS, PCI, SOC2, HIPAA and soon GDPR (General Data Policy Regulation), organizations are under pressure to ensure compliance across their cloud environments. The RedLock CSI team assessed the preparedness of organizations based on fundamental security best practices and the results suggest optimism and disappointment. Moreover, the results underscore that organizations must do better in all areas, as spotty compliance is not compliance at all. Key Findings The RedLock CSI team’s analysis uncovered some positive news; there is a growing trend to encrypt databases. A year ago, the team found that 82% of databases were not encrypted. Today that number stands at 49% - a 67% improvement in one year. As discussed in previous RedLock CSI reports, encryption is an important technique that could help meet the pseudonymization requirement for GDPR and should be enforced as a security best practice. A broader assessment against industry compliance standards revealed that on average
12© 2018 RedLock Inc. All rights reserved. Tips • Ensure cloud resources are automatically discovered when they are created, and monitored for compliance across all cloud environments. • Implement policy guardrails to ensure that resource configurations adhere to industry standards such as NIST CSF, CIS, SOC 2, PCI, and HIPAA. • Integrate configuration change alerts into DevOps and SecOps workflows to automatically resolve issues. regarding their compliance goals and intentions. The speed of cloud innovation is accelerating, with cloud providers adding hundreds of new features each year and developers are leveraging those features to add new apps on a continuous basis. In the end, it may just be that organizations are lagging behind in their quest to maintain compliance and ensure security in this fast paced environment. 03 Effective compliance must be omnipresent organizations fail 30% of CIS Foundations best practices, 50% of PCI requirements, and 23% of NIST CSF requirements. Compared to last year’s analysis, improvements are inconsistent and still point to the fact that organizations have a lot of work to do to make compliance a reality across their cloud environments. These disappointing results do not necessarily indicate that organizations are disingenuous
13© 2018 RedLock Inc. All rights reserved. 24% 39% of organizations have hosts missing critical patches in public cloud of vulnerable hosts flagged as compromised by Amazon GuardDuty We are now a few months into the reality of living with the Spectre and Meltdown vulnerabilities, and now understand their longer term impacts and the technology providers are releasing solutions. For example, Intel announced changes to the Xeon and Core processors specifically designed to guard against these vulnerabilities. Amazon, Microsoft, and Google promptly patched and updated their environments to ensure a safer operating environment. But as proactive as the industry has been, it’s only a matter of time until we face the next global host vulnerability threat. Accordingly, the RedLock CSI team assessed host vulnerability management in the cloud to determine the state of affairs. Key Findings The research revealed that 24% of organizations have hosts missing high-severity patches in public cloud, which seemingly confirms data from the February 2018 report that 83% of vulnerable hosts were receiving suspicious traffic from the internet. While many organizations have traditional vulnerability scanning tools made for on-premise data centers and networks, organizations are unable to map the data from these tools to gain cloud-specific context. For example, identifying cloud resources that are communicating with outside IPs or suspicious IPs in an ephemeral environment is a problem traditional vulnerability scanning tools were not designed to solve. 04 Beyond the specter of “Spectre” and “Meltdown”
14© 2018 RedLock Inc. All rights reserved. Tips • Correlate vulnerability data with resource configuration data to identify vulnerable hosts. • Correlate network traffic data to determine whether the vulnerabilities are actually network exploitable and prioritize remediation accordingly. • Correlate vulnerability data with cloud configuration and network traffic data to identify the riskiest assets, and determine whether the vulnerabilities are actually exploitable from the internet. 04Vulnerability management at scale is extremely complex in the cloud and is a key requirement of GDPR. In this dynamic environment, it is often hard to pinpoint specific questionable cloud resources, or understand the real exploitability and risks associated with them. Traditional vulnerability scanning tools fall short on delivering actionable results to users. Further, host vulnerability data needs to be correlated with host configurations in the cloud that can help identify the business purpose of the host and help prioritize patching. RedLock’s integration with Amazon GuardDuty, a threat detection service launched in November 2017, indicates that 39% of these hosts are actually exhibiting activity patterns associated with instance compromise or reconnaissance by attackers. This is an increase of 160% is about 6 months. This increase may be explained by the broader acceptance of GuardDuty since its launch; however it also indicates that organizations need to be more proactive with vulnerability management in the cloud. Beyond the specter of “Spectre” and “Meltdown”
15© 2018 RedLock Inc. All rights reserved. About the Report ABOUTAbout the Report RedLock CSI Team RedLock enables effective threat defense across Amazon Web Services, Microsoft Azure, and Google Cloud environments. The RedLock Cloud 360™ platform takes a new AI-driven approach that correlates disparate security data sets to provide comprehensive visibility, detect threats, and enable rapid response across fragmented cloud environments. With RedLock, organizations can ensure compliance, govern security, and enable security operations across public cloud environments. The RedLock Cloud Security Intelligence (CSI) team consists of elite security analysts, data scientists, and data engineers with deep security expertise. The team’s mission is to enable organizations to confidently adopt public cloud by researching cloud threats, advising organizations on cloud security best practices, and frequently publishing out-of-the-box policies in the RedLock Cloud 360™ platform. The CSI team has discovered millions of exposed records that contain sensitive data belonging to dozens of organizations ranging from small businesses to Fortune 50 companies. The team notifies the affected organizations and publishes security advisories to raise awareness about the issues. Report Methodology The data in this report is based on analysis across the public cloud environments monitored by RedLock, which comprises of over twelve million resources that are processing petabytes of network traffic. In addition, the team also actively probed the internet for vulnerabilities in public cloud environments.
ACTIONReady to Take Action? Get a Free Risk Assessment Get started in minutes and obtain a free risk assessment across your cloud footprint without hindering agile development. It will provide the following insights: Are there any resources with risky configurations? Are there unpatched hosts in your environment? Have there been any network intrusions? Are there any insider threats? Have any accounts been compromised? More information: https://info.redlock.io/cloud-risk-assessment Download Cloud Security Buyer’s Guide Download the Cloud Security Buyer’s Guide to get 20+ tips based on the NIST Cybersecurity Framework and manage risks across your public cloud computing environment. More information: https://info.redlock.io/lp-nist-csf-cloud-security 16© 2018 RedLock Inc. All rights reserved.
“With RedLock, we have full visibility so we can be sure our cloud environment is secure, risk is reduced and any threats that do present themselves can be remediated right away” - David Pace Global Information Security Western Asset Management (WAM) To learn more: Call: +1.650.665.9480, Visit: www.redlock.io © 2018 RedLock Inc. All rights reserved. RedLock and RedLock logo are registered US trademarks of RedLock Inc. RedLock Cloud 360 is a trademark of RedLock Inc. All other registered trademarks are the properties of their respective owners.

Recomendados

How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Ulf Mattsson
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security report
Gabe Akisanmi
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
Wultra
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 

Recomendados

How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Ulf Mattsson
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security report
Gabe Akisanmi
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
Wultra
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Christopher Korban
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
Rahul Neel Mani
 
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
Ulf Mattsson
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out for
Cigniti Technologies Ltd
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
Ulf Mattsson
 
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourState of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power Hour
Adam Pennington
 
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat Security Conference
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Argyle Executive Forum
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
MITRE - ATT&CKcon
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016
Nathan CAVRIL
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Adam Pennington
 
Building securable infrastructures
Building securable infrastructures Building securable infrastructures
Building securable infrastructures
Steven Aiello
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
MITRE - ATT&CKcon
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus Pandemic
Ulf Mattsson
 
A Case study scenario on collaborative Portal Risk Assessment
A Case study scenario on collaborative Portal Risk Assessment A Case study scenario on collaborative Portal Risk Assessment
A Case study scenario on collaborative Portal Risk Assessment
Victor Oluwajuwon Badejo
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
Blueliv
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Michael Bunn
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
Scalar Decisions
 
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Black Duck by Synopsys
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIs
Steven Aiello
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
SBWebinars
 

Mais conteúdo relacionado

Mais procurados

How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
Ulf Mattsson
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
MITRE - ATT&CKcon
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus Pandemic
Ulf Mattsson
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Michael Bunn
 

Mais procurados (20)

Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out for
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourState of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power Hour
 
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
 
Building securable infrastructures
Building securable infrastructures Building securable infrastructures
Building securable infrastructures
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus Pandemic
 
A Case study scenario on collaborative Portal Risk Assessment
A Case study scenario on collaborative Portal Risk Assessment A Case study scenario on collaborative Portal Risk Assessment
A Case study scenario on collaborative Portal Risk Assessment
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
 
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
 

Semelhante a AWS Chicago May 22 Security event - Redlock CSI report

Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationFive Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
Christopher Doman
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
Susan Darby
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
Enterprise Technology Management (ETM)
 

Semelhante a AWS Chicago May 22 Security event - Redlock CSI report (20)

4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIs
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
WP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdfWP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdf
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
 
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationFive Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Module 1 - Evolution to Secure DevOps.pptx
Module 1 - Evolution to Secure DevOps.pptxModule 1 - Evolution to Secure DevOps.pptx
Module 1 - Evolution to Secure DevOps.pptx
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
 
CyberArk Stock Pitch
CyberArk Stock PitchCyberArk Stock Pitch
CyberArk Stock Pitch
 
The Jisc vulnerability assessment management service – part 2: how to avoid t...
The Jisc vulnerability assessment management service – part 2: how to avoid t...The Jisc vulnerability assessment management service – part 2: how to avoid t...
The Jisc vulnerability assessment management service – part 2: how to avoid t...
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
 

Mais de AWS Chicago

Mais de AWS Chicago (20)

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptx
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptx
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdf
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptx
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptx
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptx
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Último (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

AWS Chicago May 22 Security event - Redlock CSI report

  • 1. Cloud Security Trends + 14 Tips to Fortify Your Public Cloud Environment Published by the RedLock CSI Team May 2018 Edition Cloud Threat Defense
  • 2. Introduction Key Takeaways 01 - Account compromises fueling new attack vectors 02 - Cryptojacking goes mainstream 03 - Effective compliance must be omnipresent 04 - Beyond the specter of “Spectre” and “Meltdown” About the Report Ready to Take Action? 3 6 7 9 11 13 15 16 © 2018 RedLock Inc. All rights reserved. 2 Table of Contents
  • 3. 3© 2018 RedLock Inc. All rights reserved. Introduction This edition of RedLock’s Cloud Security Trends marks the report’s one year anniversary, and it’s been a sobering year in terms of public cloud breaches, disclosures and attacks. This report highlights key learnings from these incidents along with research by the RedLock Cloud Security Intelligence (CSI) team to shed light on the trends that we can expect this year.
  • 4. 2016 Oct Dec 2017 Jan May Oct Oct Nov Jun 2018 Feb Apr Jan 51% 25% 24% - Major companies impacted: Uber, OneLogin, Tesla, Aviva, Gemalto - RedLock research results: On average, 27% of organizations experienced potential account compromises - Major companies impacted: Deep Root Analytics, FedEx, Under Armour - RedLock research results: On average, 51% of organizations publicly exposed at least one cloud storage service - Major companies impacted: Tesla, Gemalto, Aviva - RedLock research results: 25% of organizations currently have cryptojacking activity in their environments - Major companies impacted: MongoDB, Elasticsearch, Intel, Drupal - RedLock research results: 24% of organizations have hosts missing high-severity patches in public cloud Account Compromises Risky Configurations Cryptojacking Vulnerabilities 27% 4© 2018 RedLock Inc. All rights reserved.
  • 5. 5© 2018 RedLock Inc. All rights reserved. The absence of a physical network boundary to the internet, the risk of accidental exposure by users with limited security expertise, decentralized visibility, and the dynamic nature of the cloud increases an organization’s attack surface by orders of magnitude. The shared responsibility model of cloud security clearly outlines the respective responsibilities of cloud service providers and their customers. The RedLock CSI team would like to remind you that your organization’s obligations in the shared responsibility model include: * Monitoring and remediating resource misconfigurations * Detecting and remediating anomalous user activities * Detecting and remediating suspicious network traffic * Identifying vulnerable hosts
  • 6. KEY1. Account compromises fueling new attack vectors While organizations are ramping up security efforts to deter malicious actors from stealing credentials and access keys, new threats are always at-hand, such as those presented via Instance Metadata APIs. 2. Cryptojacking goes mainstream Unfettered access to expensive and high-powered public cloud compute resources is leading to increased cryptojacking attacks. 3. Effective compliance must be omnipresent Confidential data is moving to the cloud and organizations must prove compliance. Employing additional controls such as encryption and security frameworks, such as NISF CSF and CIS, still need to be operationalized. 4. Beyond the specter of “Spectre” and “Meltdown” Vulnerability management at scale is extremely complex in the cloud and is a key requirement of GDPR. Organizations need to consider how they will address the issue for their public cloud environments. 6© 2018 RedLock Inc. All rights reserved. Key Takeaways
  • 7. 01 7© 2018 RedLock Inc. All rights reserved. Account compromises fueling new attack vectors 43% 20% 27% of access keys have not been rotated in the last 90 days of organizations are allowing root user activities of organizations with potential account compromises Relative to last year, we have seen mixed trends with respect to account compromises. Organizations are becoming more knowledgeable and implementing best practices to avert cloud account compromises, but new attack vectors continue to present themselves. In addition to finding leaking credentials in GitHub repositories, unprotected Kubernetes administrative interfaces, and public Trello boards, the RedLock CSI team found yet another attack vector - public cloud instance metadata APIs. Public cloud instance metadata is data about your instance that can be used to configure or manage the running instance. Essentially, an instance’s metadata can be queried via an API to obtain access credentials to the public cloud environment by any process running on the instance. The overarching trend, however, is clear; account compromises will continue to evolve and organizations must be vigilant and take steps to defend against these threats. Key Findings The most concerning finding from the CSI team was that organizations’ need to do a much better job managing their access keys, as 43% of them had not been rotated in over 90 days. This is a big concern because access keys tend to have overly permissive access, thus creating greater exposure. It is a security best practice to rotate access keys
  • 8. 8© 2018 RedLock Inc. All rights reserved. Tips • Eliminate the use of root accounts for day-to-day operations • Enforce multi-factor authentication on all privileged user accounts • Implement a policy to automatically force periodic rotation of access keys • Automatically disable unused accounts and access keys • Implement user and entity behavior analytics solutions to identify malicious behavior 01significantly to this broader understanding. Additional investigation by the RedLock CSI team determined that 27% of organizations have users whose accounts have potentially been compromised. This result is up from our February 2018 trend report that showed 16%. This negative trend underscores that cloud security remains a porous environment. on a more frequent schedule to limit exposure should they fall into the wrong hands. The CSI team also found an encouraging trend; only 20% of organizations are allowing the root user account to be used to perform activities - down significantly from 73% last year. This trend indicates organizations are getting the message about managing root user accounts and RedLock’s CSI reports have contributed Account compromises fueling new attack vectors
  • 9. 9© 2018 RedLock Inc. All rights reserved. 85% 25% of resources do not restrict outbound traffic at all of organizations had cryptojacking activity within their environments Despite the recent ups and downs of cryptocurrency valuations, interest in illicit cryptomining remains high. Even with the recent disclosures by RedLock’s CSI team on cryptomining at Tesla, the practice of stealing cloud compute resources to mine cryptocurrency seems to have accelerated. One possible explanation for this, according the team, is the ransomware market is becoming saturated and overpriced, and hackers are setting their sights on new revenue streams - in this case cryptojacking. Another reason cryptojacking continues to proliferate is that attackers are using advanced evasion techniques when mining cryptocurrencies. The CSI team detailed some of these creative skills including in it’s blog post. Key Findings Surprisingly, 85% of resources associated with security groups do not restrict outbound traffic at all. This reflects an increase from one year ago when that statistic was 80%. The research found an increasing number of organizations were not following network security best practices and had misconfigured or risky configurations. Industry best practices mandate that outbound access should be restricted to prevent accidental data loss or data exfiltration in the event of a breach. In terms of cryptojacking, the team discovered that 25% of organizations had cryptojacking activity within their environments up from 8% last 02 Cryptojacking goes mainstream
  • 10. 10© 2018 RedLock Inc. All rights reserved. Tips • Implement a “deny all” default outbound firewall policy • Monitor north-south and east-west network traffic to identify any suspicious activities including cryptojacking • Monitor user activity for any unusual or abnormal behavior, such as unusual attempts to spin off new compute instances 02quarter. The team forecasted that cryptojacking would increase as it gained traction in the hacker community, but this rapid, dramatic growth was still unexpected. The rise of cryptojacking and seemingly misuse of security groups highlights the need for a holistic approach to security in the cloud. A combination Cryptojacking goes mainstream of configuration, user activity, network traffic, and host vulnerability monitoring is necessary to detect advanced threats in public cloud environments.
  • 11. 03 11© 2018 RedLock Inc. All rights reserved. Effective compliance must be omnipresent 49% 30% 23% of databases are not encrypted of CIS compliance checks fail of organizations fail NIST CSF compliance assessments 2018 continued 2017’s trend of significant data exposures resulting from cloud misconfigurations. FedEx and MyFitnessPal (Under Armour) both reported millions of exposed consumer records resulting from unsecured cloud storage services. Given the prevalence of cybersecurity standards - NIST CSF, CIS, PCI, SOC2, HIPAA and soon GDPR (General Data Policy Regulation), organizations are under pressure to ensure compliance across their cloud environments. The RedLock CSI team assessed the preparedness of organizations based on fundamental security best practices and the results suggest optimism and disappointment. Moreover, the results underscore that organizations must do better in all areas, as spotty compliance is not compliance at all. Key Findings The RedLock CSI team’s analysis uncovered some positive news; there is a growing trend to encrypt databases. A year ago, the team found that 82% of databases were not encrypted. Today that number stands at 49% - a 67% improvement in one year. As discussed in previous RedLock CSI reports, encryption is an important technique that could help meet the pseudonymization requirement for GDPR and should be enforced as a security best practice. A broader assessment against industry compliance standards revealed that on average
  • 12. 12© 2018 RedLock Inc. All rights reserved. Tips • Ensure cloud resources are automatically discovered when they are created, and monitored for compliance across all cloud environments. • Implement policy guardrails to ensure that resource configurations adhere to industry standards such as NIST CSF, CIS, SOC 2, PCI, and HIPAA. • Integrate configuration change alerts into DevOps and SecOps workflows to automatically resolve issues. regarding their compliance goals and intentions. The speed of cloud innovation is accelerating, with cloud providers adding hundreds of new features each year and developers are leveraging those features to add new apps on a continuous basis. In the end, it may just be that organizations are lagging behind in their quest to maintain compliance and ensure security in this fast paced environment. 03 Effective compliance must be omnipresent organizations fail 30% of CIS Foundations best practices, 50% of PCI requirements, and 23% of NIST CSF requirements. Compared to last year’s analysis, improvements are inconsistent and still point to the fact that organizations have a lot of work to do to make compliance a reality across their cloud environments. These disappointing results do not necessarily indicate that organizations are disingenuous
  • 13. 13© 2018 RedLock Inc. All rights reserved. 24% 39% of organizations have hosts missing critical patches in public cloud of vulnerable hosts flagged as compromised by Amazon GuardDuty We are now a few months into the reality of living with the Spectre and Meltdown vulnerabilities, and now understand their longer term impacts and the technology providers are releasing solutions. For example, Intel announced changes to the Xeon and Core processors specifically designed to guard against these vulnerabilities. Amazon, Microsoft, and Google promptly patched and updated their environments to ensure a safer operating environment. But as proactive as the industry has been, it’s only a matter of time until we face the next global host vulnerability threat. Accordingly, the RedLock CSI team assessed host vulnerability management in the cloud to determine the state of affairs. Key Findings The research revealed that 24% of organizations have hosts missing high-severity patches in public cloud, which seemingly confirms data from the February 2018 report that 83% of vulnerable hosts were receiving suspicious traffic from the internet. While many organizations have traditional vulnerability scanning tools made for on-premise data centers and networks, organizations are unable to map the data from these tools to gain cloud-specific context. For example, identifying cloud resources that are communicating with outside IPs or suspicious IPs in an ephemeral environment is a problem traditional vulnerability scanning tools were not designed to solve. 04 Beyond the specter of “Spectre” and “Meltdown”
  • 14. 14© 2018 RedLock Inc. All rights reserved. Tips • Correlate vulnerability data with resource configuration data to identify vulnerable hosts. • Correlate network traffic data to determine whether the vulnerabilities are actually network exploitable and prioritize remediation accordingly. • Correlate vulnerability data with cloud configuration and network traffic data to identify the riskiest assets, and determine whether the vulnerabilities are actually exploitable from the internet. 04Vulnerability management at scale is extremely complex in the cloud and is a key requirement of GDPR. In this dynamic environment, it is often hard to pinpoint specific questionable cloud resources, or understand the real exploitability and risks associated with them. Traditional vulnerability scanning tools fall short on delivering actionable results to users. Further, host vulnerability data needs to be correlated with host configurations in the cloud that can help identify the business purpose of the host and help prioritize patching. RedLock’s integration with Amazon GuardDuty, a threat detection service launched in November 2017, indicates that 39% of these hosts are actually exhibiting activity patterns associated with instance compromise or reconnaissance by attackers. This is an increase of 160% is about 6 months. This increase may be explained by the broader acceptance of GuardDuty since its launch; however it also indicates that organizations need to be more proactive with vulnerability management in the cloud. Beyond the specter of “Spectre” and “Meltdown”
  • 15. 15© 2018 RedLock Inc. All rights reserved. About the Report ABOUTAbout the Report RedLock CSI Team RedLock enables effective threat defense across Amazon Web Services, Microsoft Azure, and Google Cloud environments. The RedLock Cloud 360™ platform takes a new AI-driven approach that correlates disparate security data sets to provide comprehensive visibility, detect threats, and enable rapid response across fragmented cloud environments. With RedLock, organizations can ensure compliance, govern security, and enable security operations across public cloud environments. The RedLock Cloud Security Intelligence (CSI) team consists of elite security analysts, data scientists, and data engineers with deep security expertise. The team’s mission is to enable organizations to confidently adopt public cloud by researching cloud threats, advising organizations on cloud security best practices, and frequently publishing out-of-the-box policies in the RedLock Cloud 360™ platform. The CSI team has discovered millions of exposed records that contain sensitive data belonging to dozens of organizations ranging from small businesses to Fortune 50 companies. The team notifies the affected organizations and publishes security advisories to raise awareness about the issues. Report Methodology The data in this report is based on analysis across the public cloud environments monitored by RedLock, which comprises of over twelve million resources that are processing petabytes of network traffic. In addition, the team also actively probed the internet for vulnerabilities in public cloud environments.
  • 16. ACTIONReady to Take Action? Get a Free Risk Assessment Get started in minutes and obtain a free risk assessment across your cloud footprint without hindering agile development. It will provide the following insights: Are there any resources with risky configurations? Are there unpatched hosts in your environment? Have there been any network intrusions? Are there any insider threats? Have any accounts been compromised? More information: https://info.redlock.io/cloud-risk-assessment Download Cloud Security Buyer’s Guide Download the Cloud Security Buyer’s Guide to get 20+ tips based on the NIST Cybersecurity Framework and manage risks across your public cloud computing environment. More information: https://info.redlock.io/lp-nist-csf-cloud-security 16© 2018 RedLock Inc. All rights reserved.
  • 17. “With RedLock, we have full visibility so we can be sure our cloud environment is secure, risk is reduced and any threats that do present themselves can be remediated right away” - David Pace Global Information Security Western Asset Management (WAM) To learn more: Call: +1.650.665.9480, Visit: www.redlock.io © 2018 RedLock Inc. All rights reserved. RedLock and RedLock logo are registered US trademarks of RedLock Inc. RedLock Cloud 360 is a trademark of RedLock Inc. All other registered trademarks are the properties of their respective owners.