Thanksgiving + re:Invent – Who’s Watching Your Cloud?

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Thanksgiving and re:Invent are nearly upon us, and that means attackers will once again have their annual ~9-day window where development and security teams are busy eating turkey (or Tofurky) and spending time in Vegas. From an attacker’s perspective, this combination is liquid gold. If you knew that every year between Thanksgiving and re:Invent, you had 9+ days where eyes on glass were at their lowest, would you not take advantage of this? I know I would. Yet despite this knowledge, we continue to see companies not taking advantage of security standards – such as the CIS benchmarks – or public cloud provider APIs to automate monitoring the security posture of their cloud environments.


It’s re:Invent. Do you know where your access keys are?

Back in 2017 on the last day of re:Invent, we had a haggard-looking attendee frantically run up to the RedLock booth (definitely not the first time or likely the last). We’ll call him Aditya to protect the innocent. Aditya asked if we could help not only with the hygiene of his company’s AWS accounts but also detect the compromise of access keys (the answer is “yes” to both). He proceeded to explain what had happened over the last few days as large portions of both development and security teams had basked in deep knowledge sharing at re:Invent. The story unfolded in an increasingly common way: a developer had inadvertently uploaded an access key to GitHub, and an attacker found that key and was then able to spin up massive amounts of compute (likely for cryptomining). This not only generated a six-figure bill but also permitted the attacker to exfiltrate data from several key resources. Remember Aditya’s haggard look? Now you understand.


Unless public cloud provider APIs are a core pillar of your security program, you are still operating with an on-premises mindset.


Standards & automation to the rescue

Public cloud services, such as Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, all provide greater agility, scalability and infrastructure consistency than traditional data centers. However, the risk of data loss and business disruption remain because many companies have not yet organized their cybersecurity programs to take advantage of the API-driven nature of public cloud platforms. What does this mean from a practical standpoint?

Unless public cloud provider APIs are a core pillar of your security program, you are still operating with an on-premises mindset. It is these very APIs that will allow your team to continuously monitor compliance with a security standard (we very much like the CIS benchmarks) as well as glean powerful telemetry data around the status of your access keys. Likewise, it is these very APIs that give you the capability to not only monitor compliance but also take corrective action. But those rich APIs don’t do you or your security program any good unless your processes and tools take advantage of them.


Get your house in order before Thanksgiving + re:Invent

Aditya was clearly someone who knew the technical merits of AWS. However, from an organizational standpoint, his company made at least two critical errors: 1) no clear adoption of security standards, and 2) no continuous monitoring of the security posture of their cloud environment. While most large organizations have dozens of on-premises security tools at their disposal, many are severely underinvested when it comes to public cloud. Public cloud providers have attempted to bridge this gap by providing cloud-native security controls. However, many of these tools are nascent and only solve narrow problems related to their cloud. This doesn’t help the estimated 81% of companies that have a multi-cloud strategy.

In order to enjoy the upcoming Thanksgiving holiday as well as an amazing week of learning and networking at re:Invent, do yourself a favor and get a free risk assessment of your cloud footprint. RedLock is API-based, without agents or proxies. This means, within minutes, you’ll have a solid understanding of which actions you need to take before digging into that turkey (or “plant-based roast”) and boarding your flight to Vegas.

The post Thanksgiving + re:Invent – Who’s Watching Your Cloud? appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?