Hitting PaaS on Inadvertent Cloud Database Exposure As we hit the third installment in our Top 10 Cloud Attack Killchains series you’re probably starting to notice that none of these attacks take a rocket scientist to
Unseen Exposure – Tackling the Pervasive Server Remote Access Issue One of my philosophies regarding the proliferation of relatively straightforward cloud security issues – those that are basically uncomplicated, yet challenging to address based
What You Need to Know About AWS Security Monitoring, Logging, and Alerting In terms of AWS security, first the good news: Amazon Web Services offers an impressive collection of security monitoring and logging capabilities. Now the bad news: these
Configuration mistakes. This is not a new issue. IT and Security Operations teams have been struggling with managing configurations for as long as they have existed. As organizations start down the cloud path, the problem becomes more acute. There are simply too
Over the past year I’ve seen a huge uptick in interest for concrete advice on handling security incidents inside the cloud, with cloud native techniques. As organizations move their production workloads to the cloud, it doesn’t take long
One of my favorite movie quotes of all time is from Cool Hand Luke: “What we’ve got here… is failure to communicate.” It’s so apropos because better communication could help avoid a majority of problems -- at work and in life. Alas, a
As we return to our Cloud Security Center of Excellence series, we talked about the need for a CoE structure as well as our preferred organizational model. Now let's dig in a bit more and discuss a bit more specifically
One of the most difficult problems in cloud security is building comprehensive multi-account/multi-cloud security monitoring and alerting. I’d say maybe 1 out of 10 organizations I assess or work with have something effective in place when I first show
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.