The evidence is clear — open infrastructure ports lead to security vulnerabilities. When AWS S3 buckets or SSH ports are left open, they can leave your organization at risk for security breaches.
For example, in July 2018, an open S3 bucket at a political autodial company, Robocent, exposed nearly 2,600 files relating to political campaigns. The leak included voter records containing sensitive information such as phone numbers, gender, and birth dates. The files were then indexed by GrayHatWarfare, which has a database of 48,623 open S3 buckets.
Leaks like Robocent’s highlight the need for organizations to maintain visibility into where data is located within their cloud infrastructure, as well as whether the storage system is risk-appropriate given the sensitivity of the information. It’s easy, but never acceptable, for a fast-growing or seasonal organization like this one to lose track of that risk over time.
It’s important to ensure that certain gateways into your infrastructure are password protected or are configured properly to prevent events like this from affecting your organization. That’s why, in this post, we’re highlighting how to find and remediate open infrastructure ports. Read more “How to Find and Remediate Open Infrastructure Ports”