ALERT to FIX in a MINUTE
ALERT to FIX in a MINUTE As Rich and I have been talking about for years, the ability to move to automated cloud security operations remains one of the most compelling
Supercharging Security Hub: Part 4, Taking Action
In our last post, we walked through the console and highlighted making the most of the Security Hub console and some tips and tricks to make it more useful. Today I want to dive into one of the best parts of Security Hub — taking actions on events and findings.
Security Ops Waiting Game
Security Ops Waiting Game Remember in the olden days, when central IT ruled the land? If an application required fixes or new capabilities, the business put in a change
Supercharging AWS Security Hub: Part 3, Taming the Console
In our last post we covered getting started with Security Hub and how to set up an optimized configuration, including prepping forward findings for alerting or remediation. Now although we’ve introduced the core capabilities, in this post we’ll walk through the different parts of the console...
Supercharging AWS Security Hub: Part 2, Get a Running Start
Continuing our dive into AWS Security hub let’s jump into setting up. Don’t worry, I won’t just rehash the AWS documentation; this post will cover our recommended configuration, how to push findings and events back into your security infrastructure...
Supercharging AWS Security Hub: Part 1, the Secret Weapon
Like many AWS services, Security Hub is one of those products that sneaks up on you. Security Hub was pretty anemic when it first launched; it appeared to just collect the results from a few AWS products and a dozen partners into some basic dashboards so Amazon could say they had a “security center”.
The Tragedy of Security Dies on the Crucible of DevOps
The Tragedy of Security Dies on the Crucible of DevOps Security ain’t what it used to be. Or perhaps it’s always been this way and it merely seems different
DisruptOps Welcomes Security Executive Matt Eberhart as Chief Operating Officer
DisruptOps Welcomes Security Executive Matt Eberhart as COO The cloud security automation platform player strengthens the executive team as growth accelerates. KANSAS CITY, Aug. 1, 2020 -- DisruptOps, a
ElectricEye v2.0
ElectricEye v2.0 We are thrilled to share the news that version 2.0 of ElectricEye has been published. You can check it out here: https://github.com/jonrau1/ElectricEye Over the past couple of months,
Advanced Techniques for Defending AWS ExternalID and Cross-Account AssumeRole Access
Advanced Techniques for Defending AWS ExternalIDs and Cross-Account AssumeRole Access Last month Kesten Broughton at Praetorian Security released some great research on third party cloud security products using Amazon’s
AWS Security Management with SecurityHub
AWS Security Management with SecurityHub Security has been a top concern with cloud adoption since its inception and as a result, security has been a top concern of cloud vendors
Easy Does It – Understanding Object Storage Public Data Exposure
Easy Does It — Understanding Object Storage Public Data Exposure One thing I’d like to avoid in narrating this journey through common Cloud Attack Killchains is the implication that
Hitting PaaS on Inadvertent Cloud Database Exposure
Hitting PaaS on Inadvertent Cloud Database Exposure As we hit the third installment in our Top 10 Cloud Attack Killchains series you’re probably starting to notice that none of these attacks
Unseen Exposure – Tackling the Pervasive Server Remote Access Issue
Unseen Exposure – Tackling the Pervasive Server Remote Access Issue One of my philosophies regarding the proliferation of relatively straightforward cloud security issues – those that are basically uncomplicated,
Don’t Start Static – Mitigating Cloud API Credential Exposure
Don’t Start Static – Mitigating Cloud API Credential Exposure And away we go! Here’s the first in our recently announced series on the Top 10 Cloud Attack Killchains
COVID-19, the Cloud, and Cloud Security
COVID-19, the Cloud, and Cloud Security COVID-19, social distancing, work from home…these are our current realities. How we got here and how we get past it are beyond
Stop Today’s Top 10 Cloud Attack Killchains
Stop Today’s Top 10 Cloud Attack Killchains Everyone knows that cloud-driven exposures and related cloud attack killchains are emerging at a furious pace. These are the top 10
DisruptOps Raises a Series A, Why Should You Care?
DisruptOps Raises a Series A, Why Should You Care? We are excited to share the news of closing our Series A funding round. You can read the announcement
DisruptOps Raises $9M Series A to Scale Cloud Security Operations
Press Release (ePRNews.com) - KANSAS CITY, Mo. - Mar 10, 2020 - DisruptOps Inc., the leader in Cloud Security Operations, has raised $9 million in Series A funding from
The Overly Complex Way CloudTrail and CloudWatch Events Work Together
The Overly-Complex Way CloudTrail and CloudWatch Events Work Together One of the most vexing issues in my cloud journey has been understanding how CloudTrail and CloudWatch Events
How to make the most out of AWS Guard Duty
This week, Amazon Web Services announced updates to Guard Duty findings to help reduce multiple alerts and false positives. Alert fatigue is one of the biggest complaints
The 4 Biggest Barriers to Cloud Adoption
The 4 Biggest Barriers to Cloud Adoption The cloud has fundamentally changed how enterprises structure their IT infrastructure and architecture. We’ve seen analyst reports positing that roughly 90% of
SSRF Defense Step 3: Eliminate Excessive IAM Data Access Permissions
SSRF Defense Step 3: Eliminate Excessive IAM Data Access PermissionsThe final guardrail in our SSRF Defense series is all about eliminating IAM policies with excessive data access permissions. For anyone
SSRF Defense Step 2: Manage IAM Role Location Restrictions
SSRF Defense Step 2: Manage IAM Role Location Restrictions The second guardrail in our SSRF Defense series is all about managing IAM role location restrictions. For anyone new to
SSRF Defense Step 1: Protect Data Storage Targets
SSRF Defense Step 1: Protect Data Storage Targets In previous posts Rich Mogull discussed using IAM Roles to break the attacker kill chain in AWS. We are excited to announce