Cloud Sentry Blog https://cloudsentry.evident.io Powered by Evident.io Tue, 12 Dec 2017 19:34:08 +0000 en-US hourly 1 https://wordpress.org/?v=4.6.9 ../wp-content/uploads/2016/08/cropped-evident-shield-512-32x32.png Cloud Sentry Blog https://cloudsentry.evident.io 32 32 Getting Control of Your Cloud: 10 Predictions for 2018 ../cloud-security-compliance-predictions-2018/ ../cloud-security-compliance-predictions-2018/#respond Tue, 12 Dec 2017 19:34:08 +0000 ../?p=2169 Organizations that use public clouds are adopting an increasingly sophisticated approach to security. While they have become comfortable with their sensitive workloads operating in the cloud over the past few years, they also have gained a better understanding of what’s required to apply security best practices across the entirety of their cloud framework. There is... Read more »

The post Getting Control of Your Cloud: 10 Predictions for 2018 appeared first on Cloud Sentry Blog.

]]>

Organizations that use public clouds are adopting an increasingly sophisticated approach to security. While they have become comfortable with their sensitive workloads operating in the cloud over the past few years, they also have gained a better understanding of what’s required to apply security best practices across the entirety of their cloud framework. There is also more general awareness of compliance demands and the corresponding need to employ smarter strategies to continuous compliance.

Preparing to meet these demands will require organizations to make cloud security and compliance a priority, but we are already seeing smart enterprises take note of certain trends. I had the opportunity to sit with our CEO Tim Prendergast, and VP of Customer Solutions, John Martinez to get their thoughts about the things organizations will need to be aware of in the coming year. Herewith is an overview of the security and compliance issues they think will impact organizations most in 2018:

Demand from customers for more compliance reporting: In 2017 we saw many examples of breaches that were a result of 3rd party vendors not properly securing data in the cloud. We predict that in 2018, we’ll see more enterprises demand assurances about the steps vendors are taking to secure data in their cloud environment. And, perhaps we’ll start to see more enterprises demand security, compliance service-level agreements, and a regular reporting cadence over and above an annual audit.

Massive shift from single cloud to multicloud: The adoption of multiple clouds is becoming and will continue to be more prevalent, creating an even more complex situation for security and compliance teams who struggle to keep up with development. Despite the additional complexity, organizations will make the move to multicloud in order to satisfy availability and disaster recovery requirements, the technology preferences of development teams, or as a tactic to manage growing cloud expenses. Additionally, companies are also looking at cloud agnostic microservices and secondary cloud services for their future uses.

Enterprises will make a meaningful move to predictive security rather than reactive: The market is becoming more sophisticated when it comes to cloud security and they are pushing the envelope around integration and incident life cycle management. We predict that companies will really start to be much more proactive at managing security within the DevOps lifecycle. There is a huge need to integrate security into the development process rather than reacting to issues once a project has been deployed to production. If companies can implement the DevSecOps mindset into both their culture and products in 2018 then security will be all around better for it. This mindset will need to affect both hiring practices and processes for companies and it will potentially fundamentally change what a security engineer looks like.

Container and serverless computing ramps up creating security headaches: In 2018 companies will move to adopt the cloud-native approach and the traditional host-based operating system will either become irrelevant or it will need to reinvent itself or die. From a security standpoint, no one is really prepared to secure all these containers and functional compute opportunities, but people are adopting it nonetheless.

Increase in attacks on APIs: APIs are all about data – transacting, communicating, integrating, and processing it. Organizations are increasingly relying on APIs to direct data for different workloads, and at the same time are using them to manage their serverless computing. Without insight into the security state of all that activity, organizations risk an environment that could quickly get out of control; it’s a matter of scale and volume. Hackers know there will be a lot of vulnerabilities and will look to exploit those.

Companies will aggressively hire and train cybersecurity experts: Cybersecurity will become the #1 in-demand job skill, requiring organizations to fill positions in creative ways, including training existing employees and hiring from non-traditional sources.

Insistence on application telemetry to increase awareness: Greater attention will be paid at the application development level. Telemetry and corresponding analysis of application data support better decision making and better control over an organization’s security posture.

More integration of compliance and security functions: The simple algorithm will finally start to have an impact – be secure, and you’re closer to being compliant. Yet, while security and compliance are different disciplines, they will increasingly be integrated. Organizations will look to align compliance efforts with those of the their security experts.

Cloud breaches for device data (IoT): IoT offers some compelling opportunities for attention-hungry hackers. We will see more efforts aimed at all different types of devices. For brands that are dependent upon connectivity to the cloud, this could have a hugely negative impact on their brand. In some cases (autos, health devices, etc) it could lead to dangerous personal situations.

New emphasis on diversity: Breaches, hackers, and risks come in all different shapes and sizes, and so too must the makeup of the people who are defending against these things. Smart organizations will recognize the importance of creating a diverse group of people to identify, address, and plan for security and compliance issues.

The cloud isn’t new, but new approaches to it surface all the time. In the midst of a lot of digital transformation and the addition of new applications and resources to cloud environments, there’s a continuously increasing need to get control of the risks in your cloud environment. This begins with insight, but it includes organizational behavior, incident response discipline, and having a strategy for ensuring that your customers and their data are safe.

If that’s not goal #1 in your organization right now, you can make it so in 2018.

[Photo by Amanda Dalbjörn on Unsplash]

The post Getting Control of Your Cloud: 10 Predictions for 2018 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-compliance-predictions-2018/feed/ 0
Cloud Security This Week – December 8, 2017 ../cloud-security-this-week-12082017/ ../cloud-security-this-week-12082017/#respond Fri, 08 Dec 2017 18:28:14 +0000 ../?p=2161   New from Evident.io More Insight, Better Control: Evident.io Announces Support for Amazon GuardDuty In an effort to improve insight and control over AWS environments, Evident.io announced support for Amazon GuardDuty, which will provide more color and context to risks identified by Evident Security Platform (ESP). ESP @ Work: Continuous Security for Continuous Development “ESP... Read more »

The post Cloud Security This Week – December 8, 2017 appeared first on Cloud Sentry Blog.

]]>

 

New from Evident.io
More Insight, Better Control: Evident.io Announces Support for Amazon GuardDuty
In an effort to improve insight and control over AWS environments, Evident.io announced support for Amazon GuardDuty, which will provide more color and context to risks identified by Evident Security Platform (ESP).

ESP @ Work: Continuous Security for Continuous Development
“ESP makes it possible for me and my team to optimize our continuous development strategy securely. Both DevOps and SecOps teams are more agile and able to deliver software much faster.”

Why Traditional Security Info and Event Management Tools No Longer Cut It
“The traditional SIEM vendors are struggling in this area,” said John Martinez, VP of customer solutions at Evident.io, which provides data sources for SIEMs and log analysis engines. “The customers are saying they’re not adapting the products to the cloud and the various formats of the cloud vendors.”

Werner, Evident.io, and You: We’re All Cloud Security Heroes
Werner Vogels’ AWS re:Invent keynote was jam-packed with advice and intelligent predictions, but the most salient items were his thoughts about cloud security. And we couldn’t agree more with what he said.

Security First: Creating a Secure, Compliant Public Cloud Environment
This ebook provides a framework for developing a security-first approach to monitoring the state of your cloud environment, applying rapid fixes, and gaining control over all your operations in the cloud.

News and Perspectives on Cloud Security
Ransomware up nearly 2,000% in two years as “cyber mafia” hit business
Cyber attacks on businesses in 2017 grew in frequency, sophistication and malice, a report on the new age of organised cyber crime reveals.

Why Third-Party Security is your Security
Managing third-party risk isn’t just a good idea, in many cases, it’s the law. This security framework can help you minimize the threat.

60 Cybersecurity Predictions For 2018
Check out the prognostications of Evident.io’s Tim “NostraTIMus” Prendergast and John Martinez, as well as a host of other cloud thinkers.

Tech Support Scam Malware Fakes the Blue Screen of Death
Malwarebytes reports that a new variant of malware is spreading that fakes the infamous Blue Screen of Death and scamming users into paying $25 for a phony solution. It’s spreading via a cracked software installer that loads various files, including the malware. Troubleshooter then registers itself as a Windows service.

6 Personality Profiles of White-Hat Hackers
From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking – most just like the challenge.

The post Cloud Security This Week – December 8, 2017 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-12082017/feed/ 0
‘Tis the Season for Security Best Practices for Online Retailers: 4 Tips to Keep Your Cloud Safe ../holiday-online-retailers-cloud-safe/ ../holiday-online-retailers-cloud-safe/#respond Fri, 08 Dec 2017 17:02:38 +0000 ../?p=2157 Holiday shopping is in full swing, as evidenced by the two giddy customers sitting next to me at Starbucks the other day. One got a camping tent for 30% off, and the other took advantage of free shipping on a massive bucket of cheese popcorn. While I secretly shared their exuberance, especially for the massive... Read more »

The post ‘Tis the Season for Security Best Practices for Online Retailers: 4 Tips to Keep Your Cloud Safe appeared first on Cloud Sentry Blog.

]]>

Holiday shopping is in full swing, as evidenced by the two giddy customers sitting next to me at Starbucks the other day. One got a camping tent for 30% off, and the other took advantage of free shipping on a massive bucket of cheese popcorn. While I secretly shared their exuberance, especially for the massive bucket of cheese popcorn, I quickly went into cybernerd mode and thought of the huge risk they were putting themselves in. Alerting their shopping activity to a room full of strangers, transacting with their credit card on an unsecured public network, and leaving their screens unattended while going back for seconds on decaf (which, by the way, I totally get – who doesn’t deserve a little reward for saving money on cheese popcorn?)…it was approaching a perfect storm of online shopping taboos.

That was just two people at a Starbucks on a lonely Tuesday night. Consider that, according to RetailMeNot, more than 56% of American consumers had planned to make a purchase on Cyber Monday this year, which represents an increase of almost 17% over last year. Just last year, consumers spent more than $9 billion in online sales over the Thanksgiving weekend, and that number is growing every day as we get further into the high season for shopping. More shoppers using more credit cards on more websites is a hacker field day, and organized groups of cybercriminals are going to be approaching this strategically.

Tripwire conducted a survey of IT security professionals and discovered that only 28% have a fully tested and ready-to-employ plan for dealing with security breaches. Of the surveyed respondents, 29% have no plan at all, and another third have no system or plan for customer notification within 72 hours of security issues (which is a requirement of GDPR for those keeping score at home). This may seem unacceptable, but it’s reality, and it highlights the fact that retailers have to do their part to ensure their environments are safe and customer data is protected.

This season will be busy for everyone who is responsible for online retail operations, but you don’t have to miss any holiday cheer while being hunched over a computer, stressed out about where the risks are. If you aren’t already pursuing the following actions, it’s highly encouraged that quickly create a set of actions and practices to quickly fix any potential threat sources before they become a problem with more traffic:

Re-visit incident response guidelines
It’s important that you review and share your organization’s incident response plan for security and compliance issues with your team. It’s best if that plan is based in automated remediation because if a threat is detected and determined to be a critical issue, an AWS Lambda response is immediately initiated, which kicks into a “snap & destroy” mode. That means the infected asset is now out of commission (because your solution identifies it), the issue has been isolated, and that all took, maybe, five minutes.

The important thing, however, is that your team knows how to respond when an issue surfaces. There is a combination of action, communication, escalation, and reporting that has to happen, and speed is critical.

Check permissions on public-facing data
Your environment has to be open in order to do business, and the security in your cloud is fully your responsibility. But questions linger as to what resources and data should be restricted, and as your environment changes, so must your policies. The holidays aren’t a time for sweeping changes or policy implementation, but you should identify areas where data about your operations may be available. If you have access permissions that are globally open, it’s time to update your user role and access policies.

Review AWS S3 bucket policies
Many recent high-profile breaches have occurred because an organization’s AWS S3 buckets had improperly configured permissions. The result of this is that data is available to those who shouldn’t have it, and because you’re unaware of your settings, you likely aren’t aware that sensitive data is being accessed until it’s too late. At a time like the holidays, when activity in and out of your environment will be on hyperdrive and infrastructure changes might happen quickly, it would be a good idea to do a comprehensive review of all S3 bucket configurations. You can review and enforce access according to AWS and your own organization’s best practices, and lock down buckets where necessary. Doing this now is a smart preventative measure for the immediate holiday season, but it is also a good practice your team should always be doing, and starting now will set them off on the right foot for a continuous practice.

Be vigilant about common hacks
You’ll likely already be seeing large amounts of data moving in and out of your repositories, so you and your team will need to rely on monitoring data for some of the more common types of breach activity. These include the injection of malware/ransomware, accessing misconfigured servers and repositories, DDoS attacks, brute force hacks, as well as a variety of other types of malicious activity. Your team is going to be busy just making sure your environment is available and optimized, so hopefully you can rely on a continuous monitoring solution to alert you and your team to any misconfigurations that create risks to your organization. .

Hopefully this is a happy, healthy, and profitable holiday season for you and your business. At the same time, I also wish for you no more stress than you’ll already have on your plate, and with just a few steps, you can remain mostly free from worry and maintain a safe, secure state for your business and your customers.

The post ‘Tis the Season for Security Best Practices for Online Retailers: 4 Tips to Keep Your Cloud Safe appeared first on Cloud Sentry Blog.

]]>
../holiday-online-retailers-cloud-safe/feed/ 0
Werner, Evident.io, and You: We’re All Cloud Security Heroes ../werner-vogels-evident-cloud-security/ ../werner-vogels-evident-cloud-security/#respond Thu, 07 Dec 2017 19:59:14 +0000 ../?p=2153 AWS watchers saw a flurry of announcements last week at re:Invent, but what I found most interesting was Werner Vogels’ commentary on cloud security. In a wide-ranging keynote presentation that went almost three hours, Werner laid out a case for why security is critical, along with some of the key aspects that should be top... Read more »

The post Werner, Evident.io, and You: We’re All Cloud Security Heroes appeared first on Cloud Sentry Blog.

]]>

AWS watchers saw a flurry of announcements last week at re:Invent, but what I found most interesting was Werner Vogels’ commentary on cloud security. In a wide-ranging keynote presentation that went almost three hours, Werner laid out a case for why security is critical, along with some of the key aspects that should be top of mind for cloud users. In it, he validated what Evident.io has advocated since we started our company four years ago.

A few key topics stood out in Vogels’ comments, among them:

  • There is no greater mission than to protect your customers
  • Implement a strong identity foundation
  • Encrypt. Everything.
  • Security is everyone’s job
  • Developers are the new security engineers

This was music to our ears, as the foundation on which Evident.io was built has, from the beginning, been focused on these things, whether they be classified as best practices, policies, or just a smart mindset. For four years, the Evident Security Platform (ESP®) has been helping businesses monitor the security state of their cloud environments and quickly fix issues. As one of the first movers in the world of agent-less cloud security, Tim, Justin and the original Evident.io team aligned their focus closely with the security best practices as defined by AWS.

The Evident.io position was not, and never has been solely about security and compliance monitoring. Rather, it’s based on the notion that security events have a lifecycle from detection to solution, and that the discipline of security and compliance never stops. Yes, customers rely on ESP to detect issues, but also to automatically alert players to those issues with details on where they exist and how to remediate them. That ultimately leads to control of their cloud environment, all done through the actions that Werner highlighted:

Use security as a customer-first strategy
Our whole purpose for being in business was formed through an understanding that lack of visibility of one’s security posture can be damaging to their business, but it’s because it can damage customers. There is an agreement between provider and customer, and while there may be a contractual element in some cases, the informal trust that an organization must engender stems from its ability to protect its stakeholders. Vogels says that this is more important than any feature development, and he’s right. A solution that can give you more, do it faster, and save you time isn’t worth much if you can’t be assured that the company you’re working with isn’t protecting your privacy. Many of customers use the Evident Security Platform (ESP) both to identify and fix vulnerabilities, and also help embed a security-first mindset in the teams that use it. Our feeling is that you cannot be customer-first if you aren’t security-first.

Restrict and reduce to least possible privilege
AWS IAM policies give us a ready-made and very practical way to both assign and restrict access, and this is core to how we advise our customers. An IAM entity is one of users, groups and roles that can be created in the IAM service, so you can grant and limit access as needed. When an IAM control is misconfigured, we believe it should be a high priority alert that warrants immediate attention.

Identity and access management determines what parts of the cloud stack a person has access to, and what they can do once they are there. If a bad actor can gain access to your systems using your credentials, you’re done for. Least Privilege Roles give users access only to the least amount of accounts and systems that allow them to be productive. We always advocate that you remove access until a person can’t do their daily job. If they only need occasional access to a system or service, then grant them temporary access when needed. Don’t increase your risk by granting continual access that’s rarely used. This limits the damage that can be done if an accident is made or a bad actor gets access to the account.

Encryption is critical
Vogels had a slide that stated his philosophy of encryption: “Dance like no one is watching. Encrypt like everyone is.” I thought it was hilarious and original, but also insightful. Encryption is like the flossing of enterprise cloud; people know they should do it, but they don’t always follow through.

Our very own John Robel put it this way: “The bottom line is to make sure your data in encrypted from the start. It is much more challenging to go back and sort through data to try and re-encrypt it after the fact. Much like enabling the service itself, this will help keep your data secure.

Now is also a good time to start to consider encryption overall. AWS provides encryption for most all data types now both in flight and at rest. As your usage of AWS continues, enable encryption…the recommendation is to enable encryption everywhere all the time. Ideally, decryption should briefly happen in memory for processing of data, but in all other aspects, encrypt the data. It just makes good security.”

Security never stops
Hackers operate at scale; they go after multiple targets and keep up their offensive until they find a way into something valuable. Eventually, they WILL find a way. Even if you’ve secured all the layers of your cloud stack, unless you’re continuously monitoring it, you just don’t know where the potential risks are. Far too many organizations treat security as a one-and-done proposition, which could be a killer, and it’s easy to get beholden, literally, to a false sense of security. The fact is, security never stops and enterprises need to maintain scrutiny over the security of their cloud, and that of their cloud vendor, at all times.

There’s also a continuous integration and delivery element to this, because as your organization seeks speed as a competitive advantage, your security posture must adapt accordingly. Doing that manually is onerous and likely to inadvertently ignore settings and configurations.

Developers as security experts
First off, we see security experts come in all forms and this is good for our field. Diversity brings different points of view to bear on assessment and solutions, and security organizations must be able to call upon a breadth of experiences in order to out-think hackers.

But as Vogels suggested, developers are among the groups that will increasingly be called upon to address issues of security. Especially in an environment that is built upon the need for flexibility, developers must be trained to use their building and delivery skills throughout the entirety of application lifecycles. Security teams can no longer depend on pre-deployment scanning, penetration tests, or presence-based discovery methods, and instead will need to rely on automated, API-centric tools that can handle the firehose of data that the cloud produces. DevOps and SecOps need to collaborate, and “security needs to be part of the fabric.”

Vogels wore a Foo Fighters shirt during his keynote, which made my mind wander to how “My Hero”(great song, brilliant video) could be parlayed into an anthem for security experts. I realized that those heroes aren’t just the experts, however, as Vogels suggested. All of us who play some part in mitigating risk and creating a more secure environment for our customers are fighting the good fight. Cloud security best practices are certainly manifested with controls, compliance, and signatures, but they are borne from a mindset that makes sense of all those things. We have created a framework for the ingredients necessary to foster that kind of mindset, and Vogels validated them. In the cloud, it’s security-first, and anyone contributing to that goal is a hero.

The post Werner, Evident.io, and You: We’re All Cloud Security Heroes appeared first on Cloud Sentry Blog.

]]>
../werner-vogels-evident-cloud-security/feed/ 0
More Insight, Better Control: Evident.io Announces Support for Amazon GuardDuty ../esp-support-amazon-guardduty/ ../esp-support-amazon-guardduty/#respond Mon, 04 Dec 2017 18:30:51 +0000 ../?p=2147 Our goal from the inception of our company has been to provide continuous cloud security to help users be better informed about security risks and prepared to deal with them. One of the keys to doing this is insight into people, activity, and resources. With greater insight comes the ability to rapidly deploy remediation steps.... Read more »

The post More Insight, Better Control: Evident.io Announces Support for Amazon GuardDuty appeared first on Cloud Sentry Blog.

]]>

Our goal from the inception of our company has been to provide continuous cloud security to help users be better informed about security risks and prepared to deal with them. One of the keys to doing this is insight into people, activity, and resources. With greater insight comes the ability to rapidly deploy remediation steps. As that happens, organizations gain greater control over their entire cloud environment, and that ultimately is when they can have more trust over what’s happening in their cloud.

In an effort to improve that insight and control, today we announced support for Amazon GuardDuty, which will provide more color and context to risks identified by Evident Security Platform (ESP). The purpose of Amazon GuardDuty is to identify, analyze, and process important information about the flow of data within an AWS environment and understand its potential risk impact on your organization. It specifically looks at VPC Flow Logs and AWS CloudTrail event logs to understand and deliver better intelligence about the specifics of threats and vulnerabilities.

By using Amazon GuardDuty as an additional data source, the Evident Security Platform (ESP) provides DevSecOps and Compliance additional assurance that their cloud environments meet the strictest security standards and fulfill compliance requirements. Amazon GuardDuty detections will enhance the ESP risk alerts to with details about threats and the AWS resources involved.

For example, when ESP detects an open port, GuardDuty data will be able to enrich the alert with information about whether or not there is traffic going through that port. This will help Security teams triage and prioritize risks with greater efficiency and confidence.

Continuous security monitoring is essential to keep your data and activity in the cloud safe. As we continue to innovate to deliver better and more comprehensive security solutions to customers, we’re glad to be chosen by AWS to provide this new advancement that will give customers a better approach to how they manage their security in the cloud.

The post More Insight, Better Control: Evident.io Announces Support for Amazon GuardDuty appeared first on Cloud Sentry Blog.

]]>
../esp-support-amazon-guardduty/feed/ 0
ESP @ Work: Continuous Security for Continuous Development ../esp-at-work-continuous-security-continuous-development/ ../esp-at-work-continuous-security-continuous-development/#respond Tue, 28 Nov 2017 00:10:20 +0000 ../?p=2139 “ESP makes it possible for me and my team to optimize our continuous development strategy securely. Both DevOps and SecOps teams are more agile and able to deliver software much faster.”- Principal DevOps Engineer at a gaming company Security in a Rapidly Expanding Cloud Environment Overview The Security and DevOps teams worked closely with Evident.io... Read more »

The post ESP @ Work: Continuous Security for Continuous Development appeared first on Cloud Sentry Blog.

]]>

“ESP makes it possible for me and my team to optimize our continuous development strategy securely. Both DevOps and SecOps teams are more agile and able to deliver software much faster.”- Principal DevOps Engineer at a gaming company

Security in a Rapidly Expanding Cloud Environment

Overview

The Security and DevOps teams worked closely with Evident.io to define requirements for automated remediation and integrations, giving them confidence to expand deployment to the cloud.

Customer Profile

Multinational video game developer, product manufacturer and research and development company.

Problem

The promise of DevOps agility enabled by the cloud was the motivation behind the gaming company’s rapid migration to AWS. However as they made the shift from traditional development strategies to continuous deployment, they were encountering pains related to application and infrastructure security. Their migration to the cloud was being slowed down by the lack of visibility the security team had into their cloud infrastructure. It was critical that they had a tool that would enable a global view of security across all of their AWS accounts while providing flexibility and granularity that their individual teams require.

Solution

To address these challenges, they partnered with Evident.io for continuous monitoring and alerting capabilities provided by the Evident Security Platform (ESP®). By consuming all of Amazon’s APIs, ESP is able to provide security for what the gaming company puts “in” the cloud. The solution automates the flow for alerts and remediation, removing the heavy lift of manual audits and the development and management of  their own scripts. At the same time, ESP provides comprehensive visibility of their AWS infrastructure to their information security team.

Results

With the ESP’s agentless non-invasive approach, the gaming company’s information security team now has consolidated multi-account visibility of all vulnerabilities and misconfigurations that exist in their cloud infrastructure through a single pane of glass dashboard. ESP’s native integrations with the DevOps teams’ tools has enabled them to decrease the number of misconfigurations in their cloud without slowing down their continuous deployment processes.

The gaming company consider themselves to be “all-in” for AWS/Cloud and they have confidence in the Evident Security Platform (ESP) to enable automation and compliance efficiencies across their business. The success of ESP has opened the doors to their expansion and migration to AWS globally.

Learn More

To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. It is an innovative solution that detects and uncovers vulnerabilities in your cloud environment and then alerts security teams of configuration changes and policy violation, and can then provide a path to remediation.

You can try ESP free for 14 days  and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.

About this ESP @ Work Blog Series

ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.

Read more Customer Success Stories here.

The post ESP @ Work: Continuous Security for Continuous Development appeared first on Cloud Sentry Blog.

]]>
../esp-at-work-continuous-security-continuous-development/feed/ 0
Your AWS re:Invent Cloud Security Survival Guide ../aws-reinvent-cloud-security-survival-guide/ ../aws-reinvent-cloud-security-survival-guide/#respond Mon, 27 Nov 2017 05:53:43 +0000 ../?p=2132 AWS re:Invent is going to be a lot of things – informative, noisy, enlightening, sleepless, sure to be a helluva lot of fun, too. With expected attendance of close to 40,000, more than a thousand technical sessions, and being spread out over six massive facilities along the Vegas strip, re:Invent is a testament to the... Read more »

The post Your AWS re:Invent Cloud Security Survival Guide appeared first on Cloud Sentry Blog.

]]>

AWS re:Invent is going to be a lot of things – informative, noisy, enlightening, sleepless, sure to be a helluva lot of fun, too. With expected attendance of close to 40,000, more than a thousand technical sessions, and being spread out over six massive facilities along the Vegas strip, re:Invent is a testament to the growing strength and influence of AWS and public clouds.

The Evident.io team will be there in full force and prepared to chat with you about cloud security, your cloud strategy, and anything else that’s on your mind. We’ll be giving demos of our Evident Security Platform (ESP) and explaining how to apply continuous security and compliance monitoring to your cloud environments. Oh, and we’ll be handing out our Jurassic Cloud shirts.

re:Invent can be overwhelming, so we want to help you make the most of your time while in Vegas. Herewith is our handy guide to the event, with a particular emphasis on getting the most out of the event’s sessions and activities on cloud security. There’s a little fun thrown in as well:

PRE-EVENT

re:INVENT HAVE-TO’s

  • Attend the keynotes on Wednesday and Thursday. Andy Jassy and Werner Vogels are sharp, prescient thinkers about the cloud and great speakers. Alumni tip:you can also stream these from the comforts of your hotel room.
  • Visit the Evident.io team in booth #2000. We’ll be demo’ing the Evident Security Platform, and we’ll have technical and business representatives available so you can learn more about cloud security and opportunities for partnering with us. We’ve been resting up so we will be fully alert and ready to engage.
  • Stay hydrated.
  • Attend session SID318 – From Obstacle to Advantage: The Changing Role of Security & Compliance in Your Organization. Our very own John Martinez will be joined by Jive Software’s Matt Willman in a discussion on the role of security and compliance. Specifically, these two experts will look at how organizations like Jive and the National Geospatial Agency use the Evident Security Platform and AWS to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results.
  • Get a Jurassic Cloud t-shirt at booth #2000. These are already being considered for the Corporate Swag Hall of Fame.
    If you don’t live near a Shake Shack, go to the one at the New York New York. Just don’t go there when I’m there. I hate lines. And I’ll be there a lot.

POST EVENT

It’s going to be a long week, but it will be a memorable one. We really hope you’ll make the time to visit with us!

 

Photo by Ezra Jeffrey on Unsplash

The post Your AWS re:Invent Cloud Security Survival Guide appeared first on Cloud Sentry Blog.

]]>
../aws-reinvent-cloud-security-survival-guide/feed/ 0
Cloud Security This Week – November 17, 2017 ../cloud-security-this-week-11172017/ ../cloud-security-this-week-11172017/#respond Fri, 17 Nov 2017 19:29:54 +0000 ../?p=2128 New from Evident.io The Jedi Incident Response Plan for Cloud Security A Jedi doesn’t fall apart because he failed at locking down all ports; he fixes the problem. ESP @ Work: Holistic Security as part of the Corporate DNA This bank’s prominent position in the financial services industry make it a constant target of cyberattacks.... Read more »

The post Cloud Security This Week – November 17, 2017 appeared first on Cloud Sentry Blog.

]]>

New from Evident.io
The Jedi Incident Response Plan for Cloud Security
A Jedi doesn’t fall apart because he failed at locking down all ports; he fixes the problem.

ESP @ Work: Holistic Security as part of the Corporate DNA
This bank’s prominent position in the financial services industry make it a constant target of cyberattacks. With ESP, security analysts not only examine security alerts generated at the bank daily, but are also able to prioritize and coordinate a response to remediate vulnerabilities as they occur.

Evident.io CEO Tim Prendergast: Looking Ahead to the Cloud in 2018
Evident.io CEO, Tim Prendergast, a pioneer in cloud security and compliance automation for multi-cloud security – has revealed what he sees as the critical steps the industry will take in the coming year, and what businesses should be doing to plan for them.

ESP Custom Signatures: The Quick Guide
We provide a variety of useful and actionable resources about using custom signatures for ESP so you can easily initiate development and management.

Get CloudFit – Top 11 AWS Best Practices for Cloud Security
This on-demand webinar covers eleven best practices for AWS security. These were compiled by AWS security practitioners with over a decade of combined experience securing large AWS deployments.

Security First: Creating a Secure, Compliant Public Cloud Environment
This ebook provides a framework for developing a security-first approach to monitoring the state of your cloud environment, applying rapid fixes, and gaining control over all your operations in the cloud.

News and Perspectives on Cloud Security
Investigation Finds Security Flaws in Intelligent Toys
A consumer group is urging major retailers to withdraw a number of “connected” or “intelligent” toys likely to be popular at Christmas, after finding security failures that it warns could put children’s safety at risk.

Ransomware-Spreading Hackers Sneak in Through RDP
A new twist on ransomware that’s equal parts low-cunning and directness: crooks who are breaking into computers one at a time and running ransomware on them manually in the same way that you might run Word, Notepad or Solitaire.

Organizations Favoring Multicloud Deployments, OpenStack Survey Finds
A great overview of OpenStack’s recent survey. Insights into how decisions are being made about multicloud deployments and how they’re managed.

Azure Security Cheat Sheet
Cloud security is a high priority for enterprises, but the range of services can be overwhelming. For Azure users, here’s a quick cheat sheet of must-know security tools.

 

The post Cloud Security This Week – November 17, 2017 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-11172017/feed/ 0
The Jedi Incident Response Plan for Cloud Security ../jedi-incident-response-cloud-security/ ../jedi-incident-response-cloud-security/#respond Thu, 16 Nov 2017 17:39:59 +0000 ../?p=2125 Here is a surefire way to annoy your friends: anytime someone says they tried to do something, you do a funny Yoda voice and say, “Do or do not. There is no try.” This is primarily the domain of dad humor, and no one will laugh except for you. This isn’t just because you’ve just... Read more »

The post The Jedi Incident Response Plan for Cloud Security appeared first on Cloud Sentry Blog.

]]>

Here is a surefire way to annoy your friends: anytime someone says they tried to do something, you do a funny Yoda voice and say, “Do or do not. There is no try.” This is primarily the domain of dad humor, and no one will laugh except for you. This isn’t just because you’ve just played your dork card, it’s also because there’s also a hint of truth in the Jedi philosophy. There are enough self-help books and translations from the Stoics to help us understand that accomplishment is largely a factor of just grinding it out and getting it done, no matter what the obstacle. The problem is that it works for some situations in life, but others call for nuance and measured response. Cloud security calls for the latter.

Yoda would be a great fitness coach, but it turns out he’d make a pretty good CISO, too. In the world of enterprise cloud security, the ideal is certainly complete security and control. But that’s not the result of willing it to happen. Great CISOs and CIOs and Chief Trust Officers all recognize that the process and effort is cyclical – you develop a plan, stick to it yet change when needed, and deal with issues as they arise. Yes, you’re playing both offense and defense, but you also have to be able to adapt as necessitated by reality. As much as you have planned for configuring ports correctly, you may discover that one is open. A Jedi doesn’t fall apart because he failed at locking down all ports; he fixes the problem.

Kate Fazzini of the Wall Street Journal recently wrote an insightful piece on the professional way that Whole Foods handled a recent security breach and it provides important lessons. As she put it, “…can a breach go ‘right,’ or at least, ‘as well as possible, given the circumstances?’ Some security experts are pointing to a recent incident at Whole Foods as a quick lesson in how losing customer data can be mitigated before a worst-case scenario occurs.”

What makes this case so instructive is that Whole Foods responded quickly and with intent. The result was that affected systems and IT resources were isolated and removed while an effective communication plan immediate went into action. This wasn’t a case of “there is no try.” Whole Foods got hacked. But they were also agile, responsive, and able to admit mistakes. I suspect Yoda would consider that to be an acceptable and Jedi-like way to handle things.

The situation involved some in-house Whole Foods restaurants having their point of sale (POS) systems hacked; these systems were not integrated with Whole Foods’ grocery store systems and data repositories, but it was an attack under their umbrella and they took quick action to deal with it. Whole Foods admitted and communicated the issue publicly, segmented the affected network, and quickly replaced the terminals that had been used; their efforts contributed to significant reduction of the potential impact of the breach. One security expert likened the situation to “…having an intruder break into your garage, but having the door within the garage leading to the house locked.” Fazzini points out that many enterprises leave some doors unlocked because of the lag time with integrating resources and migrating to a cloud environment.

We advocate for a smart, logical, but quickly implementable incident response plan. Whole Foods clearly had one and it prevented further damage but also helped them maintain their stellar brand image among stakeholders. We also know that smart organizations adhere to cloud security best practices to ensure their customers’ and employees’ data is protected.

A Jedi is no pushover, but a Jedi also knows how to solve problems. Ultimately, security in an environment where change never ends and you’re dealing with ever-increasing amounts of data and transactions requires that nimbleness and adaptability probably more than anything else.

 

Photo by Tobias Cornille on Unsplash

The post The Jedi Incident Response Plan for Cloud Security appeared first on Cloud Sentry Blog.

]]>
../jedi-incident-response-cloud-security/feed/ 0
ESP @ Work: Holistic Security as part of the Corporate DNA ../esp-work-holistic-security-part-corporate-dna/ ../esp-work-holistic-security-part-corporate-dna/#respond Mon, 13 Nov 2017 18:02:35 +0000 ../?p=2114 “We went through several stages, such as development and implementation of a harmonized security strategy across the organization, gaining greater cross-organization visibility to improve speed to detect, respond and remediate potential issues, and looking at the underlying technology.” – Chief Information Officer, Security Division Innovative and agile cybersecurity vision leads the way to lowering cyber... Read more »

The post ESP @ Work: Holistic Security as part of the Corporate DNA appeared first on Cloud Sentry Blog.

]]>

“We went through several stages, such as development and implementation of a harmonized security strategy across the organization, gaining greater cross-organization visibility to improve speed to detect, respond and remediate potential issues, and looking at the underlying technology.” – Chief Information Officer, Security Division

Innovative and agile cybersecurity vision leads the way to lowering cyber risk profile.

Overview

ESP’s continuous monitoring and alerting is at the core of the Bank’s holistic approach to security and at the center of their new operations center.

Customer Profile

Universal bank with global reach, offering products and services across personal, corporate and investment banking, credit cards and wealth management. It has operations in over 40 countries and employs approximately 120,000 people.

Problem

This bank’s prominent position in the financial services industry make it a constant target of cyberattacks, as well as online and real-world fraud attempts and the ever-present threat of malicious insiders and accidental data loss. Enabling comprehensive visibility for their entire information security organization was a big priority as they previously had zero visibility into their API layer and the potential risks that existed.

Solution

To organize and combat these threats, this universal bank is transforming its security division with the ultimate aim of having one internal organization capable of responding to the various threats. A key part of their new strategy was to establish a joint operations center that will function 24/7/365. To enable continuous monitoring and alerting for configurations changes in their cloud, the CSO and CIO of the security division deployed Evident.io’s Evident Security Platform (ESP®).

Results

ESP has increased the speed, reliability, and inclusiveness of information sharing, reduced duplication of effort and boosted protection for the bank’s members. With ESP, security analysts not only examine security alerts generated at the bank daily, but are also able to prioritize and coordinate a response to remediate vulnerabilities as they occur.

The security team now has cross function/cross-product visibility and the ability to identify and resolve duplications. Their holistic approach has brought benefits for the security team, has improved operational efficiency, and has demonstrated cost-saving advantages.

Learn More

To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and uncover vulnerabilities in your environment and alert security teams of configuration changes and policy violation and provide a path to remediation.

You can try ESP free for 14 days  and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.

About this ESP @ Work Blog Series

ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.

Read more Customer Success Stories here.

The post ESP @ Work: Holistic Security as part of the Corporate DNA appeared first on Cloud Sentry Blog.

]]>
../esp-work-holistic-security-part-corporate-dna/feed/ 0