You Are Here:Home > Blog


By |September 10th, 2020|

ALERT to FIX in a MINUTE As Rich and I have been talking about for years, the ability to move to automated cloud security operations remains one of the most compelling opportunities for improving security in the cloud. The ability to have an alert trigger automated remediations will change your security

Security Ops Waiting Game

By |September 1st, 2020|

Security Ops Waiting Game Remember in the olden days, when central IT ruled the land? If an application required fixes or new capabilities, the business put in a change order, and the IT folks got to it at some point? That seems like eons ago because in cloud-time it

DisruptOps Welcomes Security Executive Matt Eberhart as Chief Operating Officer

By |August 3rd, 2020|

DisruptOps Welcomes Security Executive Matt Eberhart as COO The cloud security automation platform player strengthens the executive team as growth accelerates. KANSAS CITY, Aug. 1, 2020 -- DisruptOps, a cloud detection and response platform, today announced the addition of Matt Eberhart, as the company's first Chief Operating Officer. This

ElectricEye v2.0

By |July 27th, 2020|

ElectricEye v2.0 We are thrilled to share the news that version 2.0 of ElectricEye has been published.  You can check it out here: Over the past couple of months, DisruptOps has been contributing to ElectricEye, an open source project created by Jonathan Rau.  Working with Jonathan, we set out

Advanced Techniques for Defending AWS ExternalID and Cross-Account AssumeRole Access

By |July 14th, 2020|

Advanced Techniques for Defending AWS ExternalIDs and Cross-Account AssumeRole Access Last month Kesten Broughton at Praetorian Security released some great research on third party cloud security products using Amazon’s preferred cross-account connection technique - AWS IAM Assume Role Vulnerabilities Found in Many Top Vendors. The opening paragraph is a

Easy Does It – Understanding Object Storage Public Data Exposure

By |May 6th, 2020|

Easy Does It — Understanding Object Storage Public Data Exposure One thing I’d like to avoid in narrating this journey through common Cloud Attack Killchains is the implication that cloud platform providers are doing an inherently bad job. The main providers are incredibly secure, and tend to release all

Unseen Exposure – Tackling the Pervasive Server Remote Access Issue

By |April 2nd, 2020|

Unseen Exposure – Tackling the Pervasive Server Remote Access Issue One of my philosophies regarding the proliferation of relatively straightforward cloud security issues – those that are basically uncomplicated, yet challenging to address based on sheer volume – is that “simple doesn’t scale”. That’s to say that while many

DisruptOps Raises $9M Series A to Scale Cloud Security Operations

By |March 10th, 2020|

Press Release ( - KANSAS CITY, Mo. - Mar 10, 2020 - DisruptOps Inc., the leader in Cloud Security Operations, has raised $9 million in Series A funding from Drive Capital and existing investor Rally Ventures to scale go-to-market capabilities and accelerate product development to meet growing market demands.

SSRF Defense Step 3: Eliminate Excessive IAM Data Access Permissions

By |October 15th, 2019|

SSRF Defense Step 3: Eliminate Excessive IAM Data Access PermissionsThe final guardrail in our SSRF Defense series is all about eliminating IAM policies with excessive data access permissions. For anyone new to this series, these solutions are based on Rich Mogull's post on breaking the kill chain in AWS using IAM

RDP Scanning in AWS

By |August 29th, 2019|

AWS RDP Scanning I came across a great post from Joseph Wood at HP last week, on the recent dramatic increase in RDP scanning in AWS -- specifically scanning of the RDP port.  Down in the comments someone asked, “Why anyone would allow port 3389 from the Internet?” That seems to

What You Need to Know About AWS Security Monitoring, Logging, and Alerting

By |August 26th, 2019|

What You Need to Know About AWS Security Monitoring, Logging, and Alerting In terms of AWS security, first the good news: Amazon Web Services offers an impressive collection of security monitoring and logging capabilities. Now the bad news: these tools are entirely too fragmented and complex, with a range

Build Your Own Multi-Cloud Security Monitoring in 30 Minutes or Less with StreamAlert

By |July 16th, 2019|

One of the most difficult problems in cloud security is building comprehensive multi-account/multi-cloud security monitoring and alerting. I’d say maybe 1 out of 10 organizations I assess or work with have something effective in place when I first show up. That’s why I added a major monitoring lab based

The 3-Step Process to Start Monitoring Your AWS Cloud Environments

By |June 13th, 2019|

The 3-Step Process to Start Monitoring Your AWS Cloud Environments The following recommendations will help you outline a path to setting up a proper monitoring program for your AWS instances or cloud environments. Before we jump into our best practices for monitoring your AWS accounts, we highly recommend that you

AWS vs. Azure vs. GCP: A Security Pro’s Quick Cloud Comparison

By |June 12th, 2019|

The Security Pro's Quick Cloud Comparison: AWS, Azure, or GCP? Over the past year I've noticed a very large uptick in production workloads, often from large organizations, moving beyond AWS and into Azure and GCP. This isn't necessarily real multi-cloud -- just the reality of competing services becoming more

The Top 3 Reasons for Utilizing a Cloud Management Platform

By |June 6th, 2019|

The Top 3 Reasons for Utilizing a Cloud Management Platform Before implementing an AWS monitoring solution, address the “Whats” and “Whys”. An IT department gains many advantages by using the cloud, but the three we hear most are increased agility, flexibility, and usability. However, gaining such advantages could also lead

The Top 10 Most Commonly Used Guardrails for Automating Routine Monitoring Tasks

By |June 4th, 2019|

The Top 10 Most Commonly Used Guardrails for Automating Routine Monitoring Tasks These are our top 10 most requested or frequently run ops that help our customers automate the routine tasks required to manage and secure their AWS instances. There are many advantages to writing Guardrails to enforce best practices

DisruptOps Selected as Finalist for 2019 RSA Conference Innovation Sandbox Contest

By |February 5th, 2019|

DisruptOps recognized for providing automated guardrails for multi-cloud infrastructures through its security operations platform. KANSAS CITY, MISSOURI – February 5, 2019 – DisruptOps today has been named one of 10 finalists for the RSA® Conference 2019 Innovation Sandbox Contest for its work in automating cloud management. On Monday, March

Something You Probably Should Include When Building Your Next Threat Models

By |November 12th, 2018|

We are working on our threat models here at DisruptOps, so I decided to refresh my knowledge of different approaches. One thing that quickly stood out is that nearly none of the threat modeling documentation or tools I’ve seen covers the CI/CD pipeline. This. Is. A. Problem. Include your pipeline in

Three of the Most Crucial Sections That Make Up the DevSecOps Roadmap

By |November 6th, 2018|

As I mentioned in our (DevSec)Ops vs. Dev(SecOps) post, we’ve been traveling around to a couple of DevOpsDays conferences presenting our Quick and Dirty DevSecOps talk. One of the things I tend to start with early in the talk is the fact that, like DevOps, DevSecOps is not a product. Or something you can deploy

DisruptOps Introduces Cloud Management Platform for Automated Security and Operations

By |October 17th, 2018|

Company secures $2.5 million seed round investment led by Rally Ventures Kansas City, MO — October 17, 2018 DisruptOPS Inc. today introduces its SaaS-based cloud management platform to implement automated control of cloud infrastructure.  Through the continuous assessment and enforcement of security, operational and economic guardrails, enterprises can realize the

Why Everyone Automates in Cloud

By |September 28th, 2018|

If you see me speaking about cloud it’s pretty much guaranteed I’ll eventually say “Cloud security starts with architecture and ends with automation.” I’m nothing if not repetitive. This isn’t a quip, it’s based on working heavily in cloud for nearly a decade with organizations of all size. The one

(DevSec)Ops vs. Dev(SecOps)

By |September 26th, 2018|

I just got back from the Boston DevOps Days. I really enjoy hanging around DevOps and cloud people. The energy of these conferences is great, and they are genuinely excited about transforming how their organizations build and deploy applications. Many don't have a negative perception of security folks, but they

What Security Managers Need to Know About Amazon S3 Exposures (1/2)

By |August 16th, 2018|

The accidental (or deliberate) exposure of sensitive data on Amazon S3 is one of those deceptively complex issues. On the surface it seems entirely simple to avoid, yet despite wide awareness we see a constant stream of public exposures and embarrassments, combined with a healthy dollop of misunderstanding and victim

Get Started with Avada Crypto

    Looking for help? Get in touch with us