Unseen Exposure – Tackling the Pervasive Server Remote Access Issue
Unseen Exposure – Tackling the Pervasive Server Remote Access Issue One of my philosophies regarding the proliferation of relatively straightforward cloud security issues – those that are basically uncomplicated,
Don’t Start Static – Mitigating Cloud API Credential Exposure
Don’t Start Static – Mitigating Cloud API Credential Exposure And away we go! Here’s the first in our recently announced series on the Top 10 Cloud Attack Killchains
COVID-19, the Cloud, and Cloud Security
COVID-19, the Cloud, and Cloud Security COVID-19, social distancing, work from home…these are our current realities. How we got here and how we get past it are beyond
Stop Today’s Top 10 Cloud Attack Killchains
Stop Today’s Top 10 Cloud Attack Killchains Everyone knows that cloud-driven exposures and related cloud attack killchains are emerging at a furious pace. These are the top 10
DisruptOps Raises a Series A, Why Should You Care?
DisruptOps Raises a Series A, Why Should You Care? We are excited to share the news of closing our Series A funding round. You can read the announcement
DisruptOps Raises $9M Series A to Scale Cloud Security Operations
Press Release (ePRNews.com) - KANSAS CITY, Mo. - Mar 10, 2020 - DisruptOps Inc., the leader in Cloud Security Operations, has raised $9 million in Series A funding from
The Overly Complex Way CloudTrail and CloudWatch Events Work Together
The Overly-Complex Way CloudTrail and CloudWatch Events Work Together One of the most vexing issues in my cloud journey has been understanding how CloudTrail and CloudWatch Events
How to make the most out of AWS Guard Duty
This week, Amazon Web Services announced updates to Guard Duty findings to help reduce multiple alerts and false positives. Alert fatigue is one of the biggest complaints
The 4 Biggest Barriers to Cloud Adoption
The 4 Biggest Barriers to Cloud Adoption The cloud has fundamentally changed how enterprises structure their IT infrastructure and architecture. We’ve seen analyst reports positing that roughly 90% of
SSRF Defense Step 3: Eliminate Excessive IAM Data Access Permissions
SSRF Defense Step 3: Eliminate Excessive IAM Data Access PermissionsThe final guardrail in our SSRF Defense series is all about eliminating IAM policies with excessive data access permissions. For anyone
SSRF Defense Step 2: Manage IAM Role Location Restrictions
SSRF Defense Step 2: Manage IAM Role Location Restrictions The second guardrail in our SSRF Defense series is all about managing IAM role location restrictions. For anyone new to
SSRF Defense Step 1: Protect Data Storage Targets
SSRF Defense Step 1: Protect Data Storage Targets In previous posts Rich Mogull discussed using IAM Roles to break the attacker kill chain in AWS. We are excited to announce
Yes, Finding Public S3 Buckets is Automated and Easy
Yes, Finding Public S3 Buckets Is Automated and Easy Attackers are automating the discovery of public AWS S3 buckets. Are you automating your security defense? We found a list of
RDP Scanning in AWS
AWS RDP Scanning I came across a great post from Joseph Wood at HP last week, on the recent dramatic increase in RDP scanning in AWS -- specifically scanning of the
What You Need to Know About AWS Security Monitoring, Logging, and Alerting
What You Need to Know About AWS Security Monitoring, Logging, and Alerting In terms of AWS security, first the good news: Amazon Web Services offers an impressive collection of
Preventing the Next CapitalOne Cloud Breach
Configuration mistakes. This is not a new issue. IT and Security Operations teams have been struggling with managing configurations for as long as they have existed. As organizations start down the cloud
Breaking Attacker Kill Chains in AWS: IAM Roles
Over the past year I’ve seen a huge uptick in interest for concrete advice on handling security incidents inside the cloud, with cloud native techniques. As organizations move
Dev, Sec and Ops: Communications Breakdown
One of my favorite movie quotes of all time is from Cool Hand Luke: “What we’ve got here… is failure to communicate.” It’s so apropos because better communication could help avoid a majority
Cloud Security CoE Shared Services
As we return to our Cloud Security Center of Excellence series, we talked about the need for a CoE structure as well as our preferred organizational model. Now let's dig
Build Your Own Multi-Cloud Security Monitoring in 30 Minutes or Less with StreamAlert
One of the most difficult problems in cloud security is building comprehensive multi-account/multi-cloud security monitoring and alerting. I’d say maybe 1 out of 10 organizations I assess or work
The 3-Step Process to Start Monitoring Your AWS Cloud Environments
The 3-Step Process to Start Monitoring Your AWS Cloud Environments The following recommendations will help you outline a path to setting up a proper monitoring program for your AWS instances
AWS vs. Azure vs. GCP: A Security Pro’s Quick Cloud Comparison
The Security Pro's Quick Cloud Comparison: AWS, Azure, or GCP? Over the past year I've noticed a very large uptick in production workloads, often from large organizations, moving beyond
So, You Want to Start Monitoring Your AWS Account?
So, You Want to Start Monitoring Your AWS Account? Before implementing an AWS monitoring solution, address “What” and “Why”. Before we jump into our recommendations for best practices for monitoring
The Top 3 Reasons for Utilizing a Cloud Management Platform
The Top 3 Reasons for Utilizing a Cloud Management Platform Before implementing an AWS monitoring solution, address the “Whats” and “Whys”. An IT department gains many advantages by using the
The Top 10 Most Commonly Used Guardrails for Automating Routine Monitoring Tasks
The Top 10 Most Commonly Used Guardrails for Automating Routine Monitoring Tasks These are our top 10 most requested or frequently run ops that help our customers automate the routine