CloudSploit
Follow
13 Followers
Follow CloudSploit on their other social channels!
About Us
Founded:
2015
Company Size:
2-10 employees
Company Type:
Private
Location:
USA
Website:
Security configuration monitoring for AWS. Founded in 2015 as an open source project, CloudSploit now detects hundreds of thousands of potential security risks each month through its background scanning platform. With each scan, CloudSploit securely connects to an AWS account through the AWS APIs, ...
Read more
Promoted Content
Get notified within seconds of potential security risks occurring in your AWS account
Follow
CloudSploit Compliance Scanning Scans AWS Infrastructure for Compliance with Privacy Standards
One of the most common business requirements data handlers face is the numerous data privacy standards present as industry standards. Each industry has their own variation, each with their own specific requirements — but regardless of the standard or the applied dataset, compliance is extremely important. Until now, CloudSploit has offered amazing tools for configuration monitoring to ensure security — now, that same amazing toolset is being expanded to ensure ...
Follow
AWS re:Invent — Industry Trends and Security in 2018
In many ways, AWS is often seen as a leader in the cloud space. This is for good reason — AWS represents a wide range of business, small and large, as well as a variety of individual users, and as such, where AWS goes in terms of trend is largely where the industry trend itself is going. This can be very useful for anyone in the industry, but it’s even more useful for security vendors — tracking announcements at AWS can inform what the industry is going ...
Follow
re:Invent Highlights — Day Four
Thought re:Invent technically runs for another day, the fourth day is traditionally the final day in terms of large announcements — this certainly rings true for this year as well, with several significant announcements from Amazon and associates.Amazon announced a massive expansion of their Alexa service that will be business-centric. The application, the full details of which is still to be hammered out, will in theory connect office products and enterprise devices to leverag ...
Follow
re:Invent Highlights — Day Two
Day two of re:Invent has shaped up to be just as interesting as the first, with some very interesting announcements from some rather large hitters. Let’s take a look at today’s announcements in this, the second part of our ongoing re:Invent coverage.One of the most notable additions to AWS announced at re:Invent is the inclusion of new services from the MongoDB team. MongoDB Stitch, a backend-as-a-service implementation, was announced alongside Atlas, a database-as-a-service offering ...
Follow
re:Invent Highlights — Day One
For cloud security managers, re:Invent is almost a Christmas morning of security announcements, new featuresets, and demonstrations designed to convey important lessons gleaned throughout the previous year. re:Invent 2017 is shaping up to be no exception, with a veritable bevy of content to discuss. This is the first of our re:Invent Highlights series, where we take a look at each day of re:Invent, highlight the biggest announcements, the largest lessons learned, and the best the event has to&nb ...
Follow
The Importance of Continual Auditing in the Cloud
Guest post by: Yatta!The concept of “the cloud” is an amazingly powerful and novel solution for many providers and users. The idea of shifting from physical infrastructure to the digital space is an attractive one, especially when consideration is given to the impact of such a migration in terms of economy, ease of access, and ease of use. Due to this alluring nature, many organizations have rushed to adopt cloud-based solutions in recent years, and have garnered a large amount ...
Follow
Introducing: S3 Security Visualizer
Over the past several weeks, the security of AWS S3 buckets have come under increasing scrutiny. While the S3 service itself has not suffered any known breaches, customer misconfigurations have created some big headaches for some equally big companies.The root of the issue lies in the fact that S3 has multiple security settings, unlike most of AWS’s other services. Notably, you can configure access to S3 using custom ACLs, bucket policies, as well as IAM roles. While each of these settings ...
Follow
537
Elevating Permissions in AWS IAM
Privilege escalation, in the traditional sense, is “a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.” [1]While the term “privilege escalation” is most often used to describe attacks on physical corporate networks, the same risks exist for networks in the cloud. While the methodologies differ quite significantly, the end result is usually the same: attackers ...
Follow
372
CloudSploit Historical Analysis for AWS Security
In working with some of our larger customers, one request that frequently comes up is the ability to see which of many AWS accounts are in compliance for a particular check. This request usually comes from the security team — the group responsible for ensuring the security of a vast number of AWS accounts across the organization.To help these security teams, and anyone looking for a broad view across their entire collection of AWS accounts, CloudSploit is releasing a new tool, ca ...
Follow
363
CloudFormation Security Check
Describing infrastructure as code has become a powerful tool for operations teams. AWS CloudFormation has enabled this practice within AWS environments by accepting JSON (and now YAML) templates that describe the AWS resources that should be created. As with all AWS services, these resources must be configured properly to prevent introducing security risks into your environment.Until now, CloudSploit’s scans have been reactive in nature — detecting risks after they ar ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel