More companies are moving to the cloud than ever before. Amazon Web Services (AWS) is one of the most popular cloud platforms, and for good reason: AWS provides a robust set of features and services that give it broad appeal among businesses of all sizes. But when it comes to security, many companies continue to fall short, putting their sensitive data at risk. In a recent Threat Stack study, for example, we discovered that 73% of companies have at least one critical AWS security misconfiguration that enables an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies.
To gain some insight into the biggest (and potentially most devastating) mistakes companies are making related to AWS security as well as tips and strategies for avoiding them, we reached out to a panel of InfoSec pros and AWS experts and asked them to answer this question:
“What’s the number one mistake companies make when it comes to AWS security (and how can they avoid it)?”
Read more “21 InfoSec and AWS Experts Reveal the #1 Mistake Companies Make When It Comes to AWS Security (and How to Avoid It)”
In the cloud, where there are no perimeters and limitless endpoints, there are many ways attackers can get direct access to your environment if you make the wrong move. Given the speed that companies are moving to and scaling in the cloud, it’s easy to miss a step along the way and leave your business wide open for an attack.
In a recent survey, we found that 73 percent of companies have critical AWS cloud security configurations. Issues like wide open SSH and infrequent software updates are among the top risks identified, and of course, some of the biggest exposures in the recent past (Verizon, Dow Jones, and the RNC) were the result of AWS S3 configuration errors. But there are many others that are more obscure, yet just as dangerous if left unaddressed.
So, how do you know whether a misconfiguration is going to put you at risk? And how do you identify where your gaps are? In this post, we’ll walk through the four signs of a critical misconfiguration, how to spot one, and how you can fix it — fast. Read more “What Makes a Misconfiguration Critical? AWS Security Tips”
Achieving optimal security in a cloud environment can seem like a moving target. New security threats are constantly popping up along with security implementations meant to fight them off. To help you achieve optimal security in this environment, this post highlights the top 10 best practices for AWS security. Read more “10 Best Practices for Securing Your Workloads on AWS”
Amazon Web Services, the ubiquitous cloud infrastructure provider, has made it increasingly easy for businesses to move to the cloud and take advantage of the scalability, flexibility, and cost savings this approach offers. For some businesses that are contemplating the move to AWS, you may be wondering whether it’s necessary to have a team of developers who can help to ensure that you are capable of running securely on AWS.
The short answer is: You don’t need to start from scratch when it comes to security, and you don’t need to have extensive coding resources in-house to run securely on AWS. With the right tools at your disposal, you can quickly measure compliance with your unique security policy and adapt to changes in your environment as needed.
Here’s what you need to know to run securely on AWS, with or without a legion of development resources at your disposal.
Read more “Why You Don’t Need to Code to Run Secure on AWS”
Threat Stack Delivers Wake Up Call
Wide open SSH and infrequent software updates among top risks identified in the majority of cloud-based environments
How effective are your AWS security configurations? And how do you know for sure?
In a recent eye-opening study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet. By “critical”, we mean configuration lapses that enable an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies.
If we caught your attention with that opening statistic, please read on. Read more “73% of Companies Have Critical AWS Security Misconfigurations”
Yesterday, we hosted one of our most popular webinars to date: Steps for Establishing Your AWS Security Roadmap. Threat Stack’s VP of Engineering, Chris Gervais, was joined by AWS Solution Architect, Scott Ward, along with Zuora’s Head of Infrastructure Security, Bibek Galera for a practical discussion on how companies can build an effective cloud security roadmap from day one. Read more “Steps for Establishing Your AWS Security Roadmap”
One of our goals at Threat Stack is sharing information that will help you learn about the current cloud security threat landscape in order to effectively and more easily manage your organization’s security issues — and confidently get on with running your business.
To this end, the Threat Stack blog is a terrific repository of articles that cover a range of security topics. If you’re not a regular reader, we encourage you to start exploring — and in the meantime, have a look at the ten most-read posts of 2016. Read more “According to Our Readers: Threat Stack’s Top 10 Blog Posts for 2016 (and More)”
How securely configured is my AWS environment? Have I checked all the right boxes? Have I locked all my doors and windows?
With the release of AWS Configuration Auditing — a major new feature of the Threat Stack intrusion detection platform — Threat Stack is the only cloud security monitoring platform that enables customers to assure that their AWS environment is configured to policy and from there, implement continuous security monitoring, alerting, and investigation at any stage in their company’s cloud maturity lifecycle.
Configuration Auditing enables Threat Stack customers operating in AWS to implement AWS security best practices by automatically auditing current environments and providing an immediate, concise report of configurations that are non-compliant with best practices. Threat Stack then offers steps to remediate the issues and make the AWS environment more secure.
Read more “Threat Stack Broadens Cloud Security Platform With New Configuration Auditing”
A big difference in the way on-premise infrastructures and cloud infrastructures are implemented centers on the way that user permissions are assigned. As you move towards software-defined everything, where data and systems are far more connected (generally a good thing), you need to pay special attention to the roles and permissions you grant to ensure that users are only given as much access as they absolutely need. No more, no less. Read more “Considerations For Creating Secure User Groups on AWS Using IAM”
Security is a shared responsibility when you run your business on Amazon Web Services (AWS). To hold up your end of the bargain, there are many best practices at companies should be employing early on (but often don’t) to ensure that they’re maintaining security and that it can scale as the company grows.
Read more “Best Practices for Implementing & Scaling Security in AWS”