Mike is a 25-year security veteran, specializing in the sexy aspects of security, such as; protecting networks, protecting endpoints, security management, compliance, and helping clients navigate a secure evolution in their path to full cloud adoption. In addition to his role at DisruptOps, Mike is an Analyst & President of Securosis.
As organizations continue to move to the cloud for hosting applications and development, security teams must protect multiple attack surfaces, including the applications and cloud infrastructure. Additionally, attackers are automated and capable. While these attackers continuously probe and find access or vulnerabilities on many different levels, their success usually results from human error in code or infrastructure configurations, such as open admin ports and over privileged identity roles.
During this co-sponsored webinar, you will learn how to better secure both the application layer and cloud infrastructure, using both automated tools and capable penetration testers to uncover logic flaws and other soft spots. NetSPI and DisruptOps will share how to find and remediate your own vulnerabilities more efficiently, before the attackers do.
[post_title] => Securing The Cloud: Top Down and Bottom Up
[post_excerpt] => As organizations continue to move to the cloud for hosting applications and development, security teams must protect multiple attack surfaces, including the applications and cloud infrastructure.
[post_status] => publish
[comment_status] => closed
[ping_status] => closed
[post_password] =>
[post_name] => securing-the-cloud-top-down-and-bottom-up
[to_ping] =>
[pinged] =>
[post_modified] => 2023-03-16 09:07:10
[post_modified_gmt] => 2023-03-16 14:07:10
[post_content_filtered] =>
[post_parent] => 0
[guid] => https://www.netspi.com/?post_type=webinars&p=18419
[menu_order] => 71
[post_type] => webinars
[post_mime_type] =>
[comment_count] => 0
[filter] => raw
)
[1] => WP_Post Object
(
[ID] => 18039
[post_author] => 88
[post_date] => 2020-04-02 07:00:24
[post_date_gmt] => 2020-04-02 07:00:24
[post_content] =>
It all starts innocently enough. You engage with a trusted provider to perform a penetration test of your shiny, new cloud-native application. And the penetration testers find stuff. Of course, they find stuff. They always find stuff because that's what they do. Sure, you try to make it harder for them to find stuff, and sometimes you're somewhat successful in that, but they'll still find stuff.
Sigh. That means you have to fix stuff, right? Now you have a decision, and it can be a pretty tough decision. Do you fix things once and move onto the next thing? Or do you try to be a little more strategic and address the root cause of the issue, which is typically a human error committed by a well-meaning operations person? Our pals at Gartner believe that 99% of all cloud security failures will be the customer's fault. Ouch.
You probably look at your to-do list and then make the quick fix to move onto the next thing. To be clear, I'm not judging that choice. It's reality given the number of items on your plate and the amount of time it'll take to really fix the problem.
Unfortunately, you are now on the cloud security hamster wheel of pain. This concept was coined back in 2005 by Andy Jaquith and highlighted the challenge of doing security correctly. No matter what you did, you ended up in the same place – breached and having to respond to the incident. Yeah, those were fun times. But I guess I shouldn't speak of that in past tense because far too many folks are still on their hamster wheel.
So, what is a better approach to dealing with these cloud infrastructure security issues that provide the avenues for our trusted penetration testers to gain access to your cloud environment? It's to implement a security operations platform that both responds to attacks and enforces a set of policy guardrails around your infrastructure.
Let's start with the guardrails concept, as you may already be familiar with that term – since it's taken on a life of its own in security marketing circles. We're referring to the ability to assess against a set of security best practices continually (for instance, the CIS Benchmarks) and automatically remediate if a change is made that violates the policies. The guardrails moniker is apropos, as you don't want anyone to drive your cloud application off the proverbial road, and the automated security guardrails keep you there without slowing anyone down.
But risks to your systems are not always security policy violations, as there are times where an attacker gains access to your cloud environment and starts making changes. You likely have all sorts of detection technologies and monitors (like AWS CloudTrail and GuardDuty, or Microsoft Security Center) checking on your cloud, but what happens when an alert fires from one of those tools? In some environments, nothing happens. Yeah, that's the wrong answer. If you had a pre-designed set of playbooks to take actions depending on the attack, you'd already have addressed the attack before too much damage is done. We call this capability Cloud Detection and Response (CDR), but we're not particular about the name – rather just that you can respond to a cloud attack at the speed of cloud.
Now, we're all too aware that you may have broken into hives at the mere mention of automated remediation. We get it, many of us came from operations backgrounds as well, and we know (all too well) the downside of an automation run awry. So, we believe that humans should be in the process where needed. Thus, your cloud security operations platform should have logical points where an administrator can approve an automation before it takes action. Being able to make a "decision" about an automated action goes a long way toward gaining comfort with the tool and the changes required.
I'd be lying if I told you that cloud security (or any security discipline, for that matter) is easy. There is nothing easy about it. But staying on the cloud security hamster wheel of pain of making tactical fixes over and over again is an even harder path. Building internal cloud security operations capabilities is certainly an option, as we have many friends who carry around their own "suitcase full of scripts and Lambdas" to automate remediation.
But we don't think DIY (do it yourself) is a long-term answer either. The solution is deploying a cloud security operations platform, as we've described above. If you'd like to learn more about this concept and how to gracefully address the issues found by your penetration testing team, check out our webinar on April 16.
And then you'll have the confidence that you'll have addressed the issues once and for all, or at least until the next time NetSPI penetration testers go after your application because they'll find different stuff. That's what they do...
[post_title] => Staying Off the Hamster Wheel of Cloud Security Pain
[post_excerpt] => It all starts innocently enough. You engage with a trusted provider to perform a penetration test of your shiny new cloud-native application. And the penetration testers find stuff.
[post_status] => publish
[comment_status] => closed
[ping_status] => closed
[post_password] =>
[post_name] => staying-off-the-hamster-wheel-of-cloud-security-pain
[to_ping] =>
[pinged] =>
[post_modified] => 2021-04-14 00:55:11
[post_modified_gmt] => 2021-04-14 00:55:11
[post_content_filtered] =>
[post_parent] => 0
[guid] => https://www.netspi.com/?p=18039
[menu_order] => 417
[post_type] => post
[post_mime_type] =>
[comment_count] => 0
[filter] => raw
)
)
[post_count] => 2
[current_post] => -1
[in_the_loop] =>
[post] => WP_Post Object
(
[ID] => 18419
[post_author] => 127
[post_date] => 2020-04-16 15:47:52
[post_date_gmt] => 2020-04-16 20:47:52
[post_content] =>
As organizations continue to move to the cloud for hosting applications and development, security teams must protect multiple attack surfaces, including the applications and cloud infrastructure. Additionally, attackers are automated and capable. While these attackers continuously probe and find access or vulnerabilities on many different levels, their success usually results from human error in code or infrastructure configurations, such as open admin ports and over privileged identity roles.
During this co-sponsored webinar, you will learn how to better secure both the application layer and cloud infrastructure, using both automated tools and capable penetration testers to uncover logic flaws and other soft spots. NetSPI and DisruptOps will share how to find and remediate your own vulnerabilities more efficiently, before the attackers do.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Name
Domain
Purpose
Expiry
Type
YSC
youtube.com
YouTube session cookie.
52 years
HTTP
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Name
Domain
Purpose
Expiry
Type
VISITOR_INFO1_LIVE
youtube.com
YouTube cookie.
6 months
HTTP
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
