Cloud Sentry Blog https://cloudsentry.evident.io Powered by Evident.io Tue, 01 May 2018 17:42:40 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.8 ../wp-content/uploads/2016/08/cropped-evident-shield-512-32x32.png Cloud Sentry Blog https://cloudsentry.evident.io 32 32 Evident GDPR Report Delivers Automated Approach to Compliance Monitoring and Management ../evident-gdpr-report/ ../evident-gdpr-report/#respond Wed, 28 Mar 2018 15:42:20 +0000 ../?p=2471 Within organizations across the globe there is heightened anticipation and preparation for compliance with the General Data Protection Regulation (GDPR). With this formal set of obligations for organizations processing the personal data of people in the EU, compliance is mandated by May 25, 2018. Even as we inch closer to that deadline, navigating the information... Read more »

The post Evident GDPR Report Delivers Automated Approach to Compliance Monitoring and Management appeared first on Cloud Sentry Blog.

]]>
Within organizations across the globe there is heightened anticipation and preparation for compliance with the General Data Protection Regulation (GDPR). With this formal set of obligations for organizations processing the personal data of people in the EU, compliance is mandated by May 25, 2018. Even as we inch closer to that deadline, navigating the information and mandates contained within the GDPR continue to strain teams who have not previously adopted a sophisticated approach to compliance. Evident has launched a new compliance report that will help organizations maintain continuous and automated insight and control of their cloud environments to assist them in protecting personal data in the cloud within the structure of the GDPR.

At its foundation, GDPR addresses data privacy. That may seem like a fairly simple, high-level goal, but the challenge for organizations is to figure out how to use the regulation to map their processes and practices so that personal data is handled and transacted in a secure way. The regulation is intended to help individuals by ensuring stronger data privacy, but it also aims to simplify the regulatory compliance for businesses and organizations. Within this simple goal is a lot of complexity and finding a way to ensure compliance (and note that hefty fines of up to €20,000,000 or 4% of their annual global turnover, which ever is higher, that can be levied on organizations for GDPR violations, including personal data breaches) is taxing the workloads of many who operate highly connected cloud environments. Ensuring they can maintain a highly optimized development and business environment in the midst of the regulation and the need for rigorous security is going to require a continuous effort.

GDPR is shining a bright light on data security and putting more pressure on organizations to take steps to avoid personal data breaches and other mishandling of personal data. Compliance in the cloud is challenging because of its dynamic state and the only way to truly capture all the activity and changes is with continuous monitoring.

To maintain a a level of security appropriate to the risk in the cloud , you need to automate the monitoring and assessment of your security to be sure you’re always leveraging best practices that make it hard for the bad guys to compromise your cloud infrastructure. In doing so, organizations create a layer of awareness and control over their data that can put them into the best possible situation to ensure controls and overall security posture meets with GDPR’s requirements.

The new Evident compliance report helps to identify whether AWS services are appropriately configured to protect personal data against accidental or unlawful destruction; or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access. Essentially, it identifies potential and existing issues with a cloud environment and data privacy, to assist organizations in adopting specific AWS security controls that address their GDPR security responsibility. Security controls can be assessed against many other industry and regulatory compliance frameworks (PCI, HIPAA, NIST, SOC 2, and others) using Evident, or you can create your own custom compliance report that measures the various security commitments you’ve made to your business. Every organization has controls for security, and Evident automates the inspection of the controls — and can even help automate the remediation of risks.

By using the Evident GDPR Report, organizations get the benefit of an automated approach to security compliance monitoring. With the May 25 deadline approaching, it can deliver a new, comprehensive way of documenting vigilance and appropriate security over their cloud data and that of their customers and other stakeholders.

The post Evident GDPR Report Delivers Automated Approach to Compliance Monitoring and Management appeared first on Cloud Sentry Blog.

]]>
../evident-gdpr-report/feed/ 0
Emergency vs Continuous Incident Response ../emergency-vs-continuous-incident-response/ ../emergency-vs-continuous-incident-response/#respond Mon, 26 Mar 2018 16:54:35 +0000 ../?p=2463 Would you rather be putting out fires or keeping a calm, predictable environment? Continuous monitoring of a cloud environment identifies vulnerabilities so threats can be dealt with before they become an actual problem. As soon as an infrastructure monitoring tool detects an error in the system or a glitch that could potentially break the system,... Read more »

The post Emergency vs Continuous Incident Response appeared first on Cloud Sentry Blog.

]]>
Would you rather be putting out fires or keeping a calm, predictable environment?
Continuous monitoring of a cloud environment identifies vulnerabilities so threats can be dealt with before they become an actual problem. As soon as an infrastructure monitoring tool detects an error in the system or a glitch that could potentially break the system, an alert is created. Now, every second lost in remediating that issue increases the chances of having a security incident.

Remediation workflows are designed for fast identification and resolution, and they typically include actions like alerts, ticket creation, routing to proper team, and making sure that the proper action is taken to resolve the issue. In these processes, time is the biggest factor, so leveraging automation and executing planned incident response actions becomes key.

Emergency response on the other hand is when an incident has already occurred. The response is reactive in this case. The priorities by which corresponding activities abide, and the actions required, are unique to the issue of fast, effective resolution. Assuming that an incident will happen and planning accordingly is the key to maximizing resolution speed. Here the damage is already done and containment is the priority. In both cases, fast response is vital.

Fortunately, today’s organizations are aware of the threats that attempt to penetrate their cloud infrastructure and are taking measures to prevent and prepare for what seems to be the inevitable. Organizations that employ the best practices below are able to decrease the time to detection and time to remediation of exploitable vulnerabilities across all AWS services and realize improved security hygiene and lower information security risks around potential data breaches:

  1. Monitor your cloud infrastructure: Identify the vulnerabilities before the bad guys do.
  2. IR Plan: Have an incident response plan in place. Update it and run drills frequently.
  3. Create actionable alerts: Organizations need to create and implement actionable alerts to maximize resolution speed. Actionable alerts help your team identify who needs to respond and what action needs to be taken.
  4. Automate: Speed up the security workflow, from alerting, to ticketing, to task assignment and remediation, automation tools can help to combat threats in real-time and even enable you to enforce policy as code.
  5. Enable Security-as-Code: While automated policy enforcement through auto-remediation is a huge time saver and can reduce the time to remediation significantly, it’s important to be selective about the security alerts you choose to action. This criteria can be helpful to consider as you evaluate which alerts to auto-remediate:
    • A constantly recurring signature or control with a constant solution.
    • A process that provides maximum remediation value for the potential exploitability of the alert generated.
    • Alerts where following complex, custom remediation process is appropriate. For example ESP’s signature for Global SSH – An EC2 security group that allows SSH from the world could wreak major havoc in your AWS service by exposing your EC2 instances to malicious break-in attempts. Remediating alerts from this signature automatically provides great value and is relatively easy to fix.

Incidents, service disruptions, and outages are not limited to security breaches and exploited vulnerabilities. Risk is often introduced when a change is made in production – planned or unplanned. If a production change yields service degradation or a full blown outage, it’s not always immediate. It may be several hours or even days later before a production change is identified as the root cause.

As mentioned previously, it’s critical to have monitoring and instrumentation to know what a healthy environment looks like and to alert when it’s not. The holy grail though is event correlation. What appears to be isolated or disparate events/alerts are typically related and if the monitoring tool(s) and platform(s) that you have can identify this then that’s a huge win. This will help in reducing customer impact, MTTR, and maintaining your SLAs. Problem isolation is key here.

From site/service reliability standpoint, there should be no unplanned changes. However, how in-depth an organization wants to go with change management varies. Depending on compliance requirements, the company culture and acceptance of processes and structure, will determine direction. Having said that, enumerating change management is a bit outside the narrative of emergency vs incident response, so I’ll save that for another post.

Contributing Author
Serhat Can is the Technical Evangelist for OpsGenie. Serhat contributed to different parts of OpsGenie as a software engineer and now spreads the word by coding, writing and talking about DevOps. He is still a proud member of the on-call schedules.

About OpsGenie
OpsGenie is the world’s fastest growing platform for alerting and incident management. OpsGenie centralizes the flow of alerts and then delivers them according to customizable schedules and escalation policies so teams can minimize the impact of IT and security incidents. Watch the “What is OpsGenie” video to learn more.

The post Emergency vs Continuous Incident Response appeared first on Cloud Sentry Blog.

]]>
../emergency-vs-continuous-incident-response/feed/ 0
Cloud Security This Week – March 23, 2018 ../cloud-security-week-march-23-2018/ ../cloud-security-week-march-23-2018/#respond Fri, 23 Mar 2018 22:23:40 +0000 ../?p=2452 New from Evident.io A CISO’s Series of Unfortunate Events Considering the always-increasing potential for threats to your environment, a CISO’s day can become a montage of nightmares before their car even arrives in the parking lot. Incidents Happen, But Are Some of Them Avoidable? Security and proper incident response are business-critical concerns, and managing the... Read more »

The post Cloud Security This Week – March 23, 2018 appeared first on Cloud Sentry Blog.

]]>
New from Evident.io
A CISO’s Series of Unfortunate Events
Considering the always-increasing potential for threats to your environment, a CISO’s day can become a montage of nightmares before their car even arrives in the parking lot.

Incidents Happen, But Are Some of Them Avoidable?
Security and proper incident response are business-critical concerns, and managing the aftermath of a security breach or cyber attack is no easy task.

Hybrid Cloud Security: Emerging Lessons
Evident.io CEO Tim Prendergast speaks about hybrid cloud security lessons that are coming to light as technology matures and use increases.

Has DevSecOps Succeeded In What It Was Created to Accomplish?
John Martinez, VP of Customer Solutions at Evident.io, says that DevSecOps comes down to successful embedding of security best practices, and automating those best practices within DevOps teams and organizations.

News and Perspectives on Cloud Security
European Power Plants Brace For Russian Hack Attacks
The U.S. Computer Emergency Readiness Team warned that Russia had hacked into a number of public and private companies in the energy sector, including power plants.

Puerto Rico Power Utility Hacked
Puerto Rico’s bankrupt power utility, PREPA, said on Monday it had been hacked last weekend, but customer information was not compromised.

Everyone Knows How to Secure Elections. So Do It.
A Wired piece about how to approach and implement security for digital elections.

New Bug Bounty Program From Netflix
In need of a new side hustle? Netflix is paying up to $15,000 each to hackers who expose flaws in its system.

The post Cloud Security This Week – March 23, 2018 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-week-march-23-2018/feed/ 0
Incidents Happen, But Are Some of Them Avoidable? ../incident-response-evident-opsgenie/ ../incident-response-evident-opsgenie/#respond Thu, 22 Mar 2018 00:21:51 +0000 ../?p=2447 Security and proper incident response are business-critical concerns, and managing the aftermath of a security breach or cyber attack is no easy task. Time is of the essence when a risk is identified, and it has to be approached in a disciplined manner. Businesses that continuously monitor security and improve incident response processes have a... Read more »

The post Incidents Happen, But Are Some of Them Avoidable? appeared first on Cloud Sentry Blog.

]]>
Security and proper incident response are business-critical concerns, and managing the aftermath of a security breach or cyber attack is no easy task. Time is of the essence when a risk is identified, and it has to be approached in a disciplined manner. Businesses that continuously monitor security and improve incident response processes have a more rigorous security posture and are more resilient to security incidents. That being said, security never stops and incidents happen; the big question is, can we avoid some of them and mitigate their damage by having established processes to deal with them.

With more and more people pushing code and making changes to your AWS environment, how can you be certain that they are all adhering to security best practices and policies? The best cloud practitioners are embedding security experts and automation within product development teams so they can work side-by-side from throughout the development process. This approach provides the guardrails to prevent mis-configuring AWS services and enables DevOps teams to maintain their rapid pace of innovation while security ensures that risks are mitigated.

Testing and monitoring everything that is deployed to production at the speed of continuous development is not possible with the limited resources of most organizations. Yet, by employing automation, prioritizing tasks, maintaining continuous insight into your environment can gird your organization against threats.

So, if an incident is unavoidable, what are the best practices for how to respond?
The first step is to identify and prioritize security issues based on how their risk level and how badly they could impact the business. Then, the organization needs to map the appropriate incident response processes to those issue. Some IT incidents cause downtime and/or can compromise vital organizational data and there are a lot of different types of incidents that need to be considered.

Security incidents that take an organization offline while security issues are addressed are the most damaging. This is especially the case for financial services or ecommerce companies and could have disastrous effects when the online revenue stream functionality is interrupted. However, most companies survive downtime as long as incidents are managed well and Service Level Agreements (SLAs) are met.

Information breaches or leaks also rank high on the priority list, mostly because of the severe repercussions stemming from loss or damage of an organization’s assets and the loss of customer, investor, or stockholder trust. A security incident like this could come in the form of a threat to network, systems, Intellectual Property (IP), and/or Personally Identifiable Information (PII).

A security incident of any kind can lead to service degradation or more downtime and worst of all, regulatory and financial penalties and the loss of brand equity and customer trust.

Having an Incident Response Plan is Essential
Incidents happen. This does not change in the cloud. When it comes to security incidents, a mismanaged issue can cause increasingly more damage the longer it goes without being addressed. A key to eliminate or reduce the impact of these incidents is to have an effective plan and processes to handle issues. Without a well-planned incident response plan, it is nearly impossible to manage complex incidents affecting multiple services and teams in an already stressed situation.If you have an incident response plan in place and relevant configurations to an incident management system, they won’t do you and your team any favors unless you keep them up to date. The best way to ensure your plan and systems are to update is to regularly test them in peacetime. Consistent training and chaos simulations help teams to stay up to date and be prepared for incidents by incorporating a proactive approach to incident response.

There’s no definitive standard for cloud incident response plans, but we recommend that your organization adhere to these five main points:

Preparation
Preparation is critical because it reduces “what if” moments and helps teams make practiced decisions. Having an on-call schedule with multiple rotations, escalations with correct responders, runbooks, practice sessions, and extensive documentation are all part of this crucial stage.

Detection & Alerting
Detection and alerting focuses on the communication of an abnormality. In this step, monitoring the right metrics, and setting up the correct thresholds are important to reduce false positives. In the cloud, multiple monitoring solutions are often involved in different parts of the infrastructure covering network, infrastructure, application, performance, or compliance monitoring. An undesired state can trigger a chain reaction and a new level of incident management becomes crucial to aggregate, triage, and then alert only the things that matter.

Containment
The containment stage is about limiting and preventing any further damage by isolating the affected area. In the case of complex incidents, teams join a war room and work together to stop the bleeding. In this stage, often an incident commander assigns tasks to predefined roles and takes informed actions in the incident command center.

Remediation
Once the incident is under control, it is now time to address the problem and figure out how it can be corrected to prevent a similar incident from occurring in the future. A decision-making framework, like Cynefin, can be used to approach the problem depending on the type of the incident (simple, complex, complicated, chaotic). Cynefin provides a structured way to approach problems that helps incident responders determine the best course of action based on the nature of the problem itself.

Another popular approach is to use chat tools like Slack to enable teams to discuss and assess the incident. Modern ChatOps tools make collaborative investigation and actioning remediation a lot easier with a click of a button or typing a few words into the shared chat channel where everyone has visibility.

Analysis
Incident response does not end after remediating the issue. Continuous improvement requires learning from mistakes, and the last step of any incident response plan should contribute to this idea. Postmortems or post-incident reviews help teams evaluate the incident and implement new measures to reduce the chances of experiencing a similar incident. An essential rule while writing postmortems is to be blameless and not point fingers while reviewing the events to create a culture of continuous learning.

How do OpsGenie and Evident.io help?
Evident.io and OpsGenie have joined forces to enable organizations to resolve security incidents quickly and effectively. Using the powerful monitoring capabilities of Evident.io, users can detect issues before they arise and streamline the resolution process by leveraging OpsGenie to create and route actionable alerts to the appropriate teams to resolve them.

 

Contributing Author
Serhat Can is the Technical Evangelist for OpsGenie. Serhat contributed to different parts of OpsGenie as a software engineer and now spreads the word by coding, writing and talking about DevOps. He is still a proud member of the on-call schedules.

The post Incidents Happen, But Are Some of Them Avoidable? appeared first on Cloud Sentry Blog.

]]>
../incident-response-evident-opsgenie/feed/ 0
Audit Ready: Compliance is a Team Sport ../audit-ready-compliance-team-sport/ ../audit-ready-compliance-team-sport/#respond Mon, 19 Mar 2018 17:48:13 +0000 ../?p=2444 When organization’s make the move to the cloud, compliance is typically not the first challenge considered. Whether you need to maintain compliance for regulatory or business obligations it is best to go into the cloud with those requirements in mind. Given the maturity of the cloud platforms, it isn’t hard to be compliant in the... Read more »

The post Audit Ready: Compliance is a Team Sport appeared first on Cloud Sentry Blog.

]]>
When organization’s make the move to the cloud, compliance is typically not the first challenge considered. Whether you need to maintain compliance for regulatory or business obligations it is best to go into the cloud with those requirements in mind. Given the maturity of the cloud platforms, it isn’t hard to be compliant in the cloud — you just need to prepare appropriately, and share the work across the organization to ensure you maintain compliance.

We are hosting a webinar that will address some of the common misconceptions and mistakes made as teams work to achieve compliance with different industry standards in the cloud. Our experts will provide practical advice about how to get your cloud compliance program in the best shape possible.

Join us on Thursday, March 22nd, 2018 for our webinar where our experts will discuss:

  • Where to start, whether you’re starting from scratch or modifying your existing program
  • Who to involve and when
  • How to manage reporting, audits, and communication

We invite you to register now, while spaces are still available. Click here to register.

To prepare for the webinar, you might enjoy our overview of PCI Compliance, and it will be helpful to understand how to apply continuous monitoring in your cloud environments.

The Evident Security Platform (ESP) has a simple, one-click compliance report that will show you how your cloud infrastructure measures up. Sign up for a free trial to start measuring your cloud compliance.

The post Audit Ready: Compliance is a Team Sport appeared first on Cloud Sentry Blog.

]]>
../audit-ready-compliance-team-sport/feed/ 0
Cloud Security This Week – March 16, 2018 ../cloud-security-this-week-03162018/ ../cloud-security-this-week-03162018/#respond Fri, 16 Mar 2018 22:16:19 +0000 ../?p=2436 Evident.io + Palo Alto Networks – Bolsters Palo Alto’s Comprehensive Security Offering Joining forces with Palo Alto Networks Evident.io founder and CEO Tim Predergast explains why Evident.io and Palo Alto Networks will create the most comprehensive engine for enterprise cloud security and compliance on the market. Palo Alto Networks Welcomes Evident.io Palo Alto Networks announces... Read more »

The post Cloud Security This Week – March 16, 2018 appeared first on Cloud Sentry Blog.

]]>
Evident.io + Palo Alto Networks – Bolsters Palo Alto’s Comprehensive Security Offering
Joining forces with Palo Alto Networks
Evident.io founder and CEO Tim Predergast explains why Evident.io and Palo Alto Networks will create the most comprehensive engine for enterprise cloud security and compliance on the market.

Palo Alto Networks Welcomes Evident.io
Palo Alto Networks announces intent to acquire Evident.io, a pioneer and leader in public cloud services infrastructure security, and with it a significant expansion of our cloud security capabilities. Learn more here.

Palo Alto Networks + Evident.io = Extending Our Leadership in Cloud Security
This video details the product roadmap for Palo Alto Networks and Evident.io, along with an overview of how this will help current customers and partners fulfill a richer, more comprehensive security and compliance strategy.

Multi-cloud at Speed Becomes the Norm
Chris Morosco, Director of Product Marketing at Palo Alto Networks, discusses the challenges organizations have around combining security efforts with DevOps practices, and how Evident as part of Palo Alto Networks will change how enterprises develop, deliver, and manage their security posture.

News & Coverage
Silicon Valley Business Journal, Palo Alto Networks picks up Evident.io for $300M cash
ARNnet, Palo Alto Networks buys Evident.io in $300M cash deal
CRN Australia, Palo Alto Networks to acquire cloud security and compliance specialist
Channel Life, Palo Alto Networks forks out $300m cash to acquire Evident.io
SecurityWeek, Palo Alto Networks to Acquire CIA-Backed Cloud Security Firm Evident.io for $300 Million
True Ventures, Congratulating the Evident.io Team
Reuters, BRIEF-Palo Alto Networks Announces Intent To Acquire Evident.Io
Forrester, Palo Alto Networks acquires cloud monitoring and workload management specialist Evident.io
ZDNet, Palo Alto Networks to acquire Evident.io
SeekingAlpha, Palo Alto acquires Evident.io for $300M in cash
Street Insider, Palo Alto Networks (PANW) Plans to Acquire Evident.io for $300M
The Register UK, Brace yourselves, netadmins, there’s a new type of cable to consider
siliconANGLE, Palo Alto Networks to acquire Evident.io in $300M all-cash deal
Silicon Tap, Evident.io Acquired By Palo Alto Networks For $300M
Security Boulevard, Joining forces with Palo Alto Networks
CRN, Palo Alto Networks To Buy Evident.io For $300M To Fortify Cloud Services Infrastructure Capabilities
Benzinga, Palo Alto Networks Announces Intent to Acquire Evident.io For $300M Cash
MarketWatch, Palo Alto Networks to acquire CIA-backed Evident.io for $300 million
PR Newswire, Palo Alto Networks Announces Intent to Acquire Evident.io

The post Cloud Security This Week – March 16, 2018 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-03162018/feed/ 0
Joining forces with Palo Alto Networks ../joining-forces-palo-alto-networks/ ../joining-forces-palo-alto-networks/#respond Wed, 14 Mar 2018 20:15:52 +0000 ../?p=2421 When Justin Lundy and I founded Evident.io nearly five years ago, we set out to make cloud security a less painful experience than the one we experienced. We thought that the work of security needed to be shared across an organization – not just set aside for security teams to enforce, block deployments, and remediate... Read more »

The post Joining forces with Palo Alto Networks appeared first on Cloud Sentry Blog.

]]>
When Justin Lundy and I founded Evident.io nearly five years ago, we set out to make cloud security a less painful experience than the one we experienced. We thought that the work of security needed to be shared across an organization – not just set aside for security teams to enforce, block deployments, and remediate risks as they uncovered them.

We set out to build a tool that would make security evident for builders, DevOps, security, and compliance professionals. We wanted to shorten the distance between identifying risks in their cloud infrastructure and taking the necessary steps needed to fix the issues. The approach we took was to create a cloud security platform that was unrivaled – every customer workload, every cloud – and could manage security, compliance and incident response from one pane of glass.

Our approach resonated with customers, making us not only a pioneer but also a leader in the cloud infrastructure security space.

Today marks an exciting milestone for our company. Palo Alto Networks, the leader in public cloud security, has announced its intent to acquire Evident.io.

When we combine Evident.io’s technology with Palo Alto Networks Next-Generation Security Platform, we will add comprehensive storage security and risk exposure to our continuous public cloud monitoring and compliance reporting. This combination will provide teams complete and continuous security and compliance at the speed with which cloud environments need to operate.

With Palo Alto Networks and Evident.io:

  •    Developers can deploy applications confidently, knowing they are minimizing risk by following industry and the organization’s best practices.
  •    Teams can simplify operations to speed deployments without sacrificing security using deep integrations that extend cloud native capabilities.
  •    Organizations can continuously validate compliance of cloud deployments with customizable compliance reports (e.g., CIS, HIPAA, SOC2, PCI, NIST, ISO).

Seeing how our products and cultures will align gives me great confidence that this is a terrific opportunity for our customers, partners, and our team. Together with the incredible people at Palo Alto Networks, we’ll be fast on our way to delivering new, innovative offerings that benefit from our combined expertise.

I invite you to watch a brief video where I was able to sit down with Palo Alto Networks chairman and CEO, Mark McLaughlin, and president, Mark Anderson, to discuss the exciting opportunities that lie ahead for us all.

The post Joining forces with Palo Alto Networks appeared first on Cloud Sentry Blog.

]]>
../joining-forces-palo-alto-networks/feed/ 0
A CISO’s Series of Unfortunate Events ../cisos-series-unfortunate-events/ ../cisos-series-unfortunate-events/#respond Tue, 13 Mar 2018 23:02:32 +0000 ../?p=2416 You’ve probably seen those quaint features in business publications like, “A Day in the Life of the CFO.” They always have some campy comments that try to make the person relatable (“…and at 9:34am, I finally get around to drinking that latte I got at Starbucks on the way in to work!”), but truly the... Read more »

The post A CISO’s Series of Unfortunate Events appeared first on Cloud Sentry Blog.

]]>
You’ve probably seen those quaint features in business publications like, “A Day in the Life of the CFO.” They always have some campy comments that try to make the person relatable (“…and at 9:34am, I finally get around to drinking that latte I got at Starbucks on the way in to work!”), but truly the whole thing is just an annoying ploy to make you feel inadequate. Who really gets up to ride their Peloton at 5:30am, reads the New York Times AND Wall Street Journal over kale-infused coffee at 7:45am, has a major fire drill that could possibly shut the company down at 11:22am, but then solves the problem and is home to coach their kids’ soccer team by 5:30pm?

The reality is that no matter how organized you are or how good your team is, your day can become a montage of nightmares before your car even hits the parking lot. For CISOs and those responsible for the security of data and technology resources in a company, there are days when unforeseen issues spiral out of control while you scramble to apply fixes, isolate your cloud environment, and prepare to remediate. That’s to say nothing of the communication and damage control you’ll need to implement as well.

When a CISO’s day goes sideways the repercussions are far beyond just getting home late for dinner. A data breach or a successful ransomware attack puts the entire company in jeopardy; as word trickles out, customers panic, the press has a field day, and nothing you do to fix it seems like enough. No one wants that.

Consider applying these policies and controls in your cloud environment so you and your organization can avoid the series of unfortunate events that may befall the CISO who is unprepared:

  • Understand your cloud environment: A single cloud environment is usually made up of workloads and applications operating in a variety of different ways. Some have dependencies on integrations and data that is connected to through APIs and other means, while others function in a distributed, but independent fashion. Your cloud will have different accounts, maybe different cloud providers, even. User groups will be set up based upon geographic location or based on your org chart. The key will be for you to know what your architecture looks like so you can identify problem areas or other issues when you see them highlighted through continuous monitoring efforts. If a priority one issue arises in an account you have no awareness of, you won’t be able to frame any sort of incident response.

Knowledge of your cloud will help you understand when an open Amazon S3 bucket is a critical issue (as it usually is), or that it is intended to be open (for public-facing, transaction-based needs).

  • Don’t rely on out-of-the-box configurations: AWS and Azure both come with default settings for the various components of their clouds, but since providers don’t know your environment or specific conditions, those settings can be inadequate to meet your security needs. Ensure your team reviews and edits settings and configurations for every resource in your cloud environment so it provides rigorous security and compliance, but remains agile in your approach to managing data and users.
  • Treat Github with caution: Far too many instances of breached environments are the result of someone leaving keys or passwords in a publicly accessible Github repository. These are intended to be places for users to share and access development-related information and resources, but without the right policies in place, users can easily neglect to lock down privileged data.
  • Have an incident response plan: A sure fire way to avoid a bad day is to always have an incident response plan in place, where all processes, participants, and outcomes are defined and understood. It begins with near real-time and always-on assessment of the security state of your cloud because you’ve invested in continuous cloud monitoring. So, right off the bat, you have visibility and are alerted immediately to issues. If there’s a misconfigured VM, you’ll know about it immediately through an alert delivered through automated alerts set up through Pagerduty, Slack, HipChat, or Splunk.
  • Make compliance continuous: The idea of manually maintaining a compliant state for your cloud, and being able to keep detailed reports of it over time is a massive undertaking. Beyond just the sheer amount of work it would take to constantly check all the layers of your cloud stack and compare them with compliance controls, there’s also the opportunity cost. Instead, use your time more effectively by automating compliance and having continuous insight into the state of your compliance for things like NIST, HIPAA, PCI, and others. This will avoid a massive backlog of work that comes from doing period audits and will alert you to security vulnerabilities as they happen.

For conscientious security professionals who prefer to start and end their days without fire drills, here are some resources that will help you create, implement, and manage an effective security and compliance strategy for your cloud:

  • Get cloud fit: This ebook is a collection of 11 cloud security best practices you can begin to implement immediately to strengthen your security posture.
  • Create a defensive strategy: You’ll always have to be vigilant, and part of that process is using a full court press for your security and protecting your environment from things like ransomware.
  • Build the best team: Finding cybersecurity experts is a major challenge; there aren’t enough qualified people readily available. But there are ways to assemble a strong team if you know where to look and how to train the right people. This ebook provides a gameplan for creating the team you need.
  • Apply security automation: This white paper explores all facets of continuous security monitoring and compliance in the cloud to achieve the comprehensive visibility and control essential to your organization.

By making changes in how you manage your environment, and by adopting rigorous best practices, security automation, and creating the right mindset, you can rest assured your organization won’t fall victim to lapses of oversight and control. Then, you can have a day with a series of fortunate events.

The post A CISO’s Series of Unfortunate Events appeared first on Cloud Sentry Blog.

]]>
../cisos-series-unfortunate-events/feed/ 0
AWS Security Tech Tips: Programmatic Onboarding of AWS Accounts to ESP Using CloudFormation and Python ../aws-user-attribution-cloudformation-python-boto3/ ../aws-user-attribution-cloudformation-python-boto3/#respond Mon, 12 Mar 2018 19:52:26 +0000 ../?p=2408 In an effort to reduce vulnerabilities and improve control over their cloud environments, an increasing number of AWS customers rely on the Evident Security Platform (ESP) to automate both the discovery and remediation of sensitive security issues. Integral to this mission is reducing the amount of time it takes to provision the resources necessary for... Read more »

The post AWS Security Tech Tips: Programmatic Onboarding of AWS Accounts to ESP Using CloudFormation and Python appeared first on Cloud Sentry Blog.

]]>
In an effort to reduce vulnerabilities and improve control over their cloud environments, an increasing number of AWS customers rely on the Evident Security Platform (ESP) to automate both the discovery and remediation of sensitive security issues. Integral to this mission is reducing the amount of time it takes to provision the resources necessary for ESP to monitor an AWS account. To allow for basic configuration monitoring, ESP requires that each AWS account has an associated IAM Service Role with an attached AWS’ managed ‘Security Audit’ policy.

For an administrator with only a handful of AWS accounts this may not take much time. However, consider an administrator that manages hundreds or thousands of AWS accounts. Creating a simple role for each of these accounts manually can quickly turn into a time consuming, monotonous task. By leveraging an Evident.io Python script that utilizes AWS CloudFormation templates in addition to the AWS Boto3 SDK, ESP users are able to forego the tedious process of resources creation in the AWS dashboard and register their accounts with a simple Python command:

python onboard_account.py

 

CloudFormation templates are extremely helpful when it comes to setting up User Attribution capabilities, which is required for organizations to correlate ESP security alerts directly to AWS CloudTrail events. User Attribution analyzes events, reduces datasets to those that are relevant to the specific ESP alert, and summarizes the relevant CloudTrail event fields in ESP alerts. This helps identify the ‘needle in the haystack’ of data and eliminates the guesswork and manual detection that takes precious time away from the ability to make quick decisions, isolate data, and fix the issue.

ESP User Attribution identifies the following information for every alert:

  • The exact performed action and tool that triggered the alert.
  • The user or role that initiated the action that generated the alert.
  • The IP address of the performed action’s source.

ESP provides these and other details to help identify the specifics of the issue.

With this information, admins, and security teams are able to specify issues as well as ongoing problem areas that may require policy changes. They can also apply user attribution data to incident response plans to create greater control over their cloud environment.

Enabling this feature requires setting up a few AWS services. As noted previously, there are documented steps for this set up, but to streamline the process, especially for users with multiple AWS accounts, we recommend leveraging our Python script and CloudFormation template to automatically provision all of the required resources with the same ‘python onboard_account.py’ command. For customers with a large number of accounts this can transform the setup process from hours to just minutes.

The steps include:

  1. Setup a CloudTrail
    • S3 bucket
    • KMS key
    • SNS Topic
  2. Add Policy to External Account
    • IAM policy
  3. Create SNS Subscription
  4. Add CloudTrail Name in ESP

Our Python script and CloudFormation template will deploy everything in steps 1 – 4.

For some customers ESP monitoring has become a hard requirement for any newly requested AWS account. As such, many of these customers have baked in the setup of ESP required resources into their account creation pipeline. Triggering our Python script and CloudFormation template on AWS account creation ensures security coverage as soon as a new AWS account goes live.

It might also be worth noting that if larger customers have already created a CloudFormation “Administrator Account” they could use a StackSet to deploy the template across multiple AWS accounts with a “single click.” To start working with AWS CloudFormation StackSets, you should understand how AWS CloudFormation works, and have some experience working with AWS CloudFormation templates and stacks. More information on these prerequisites for StackSets can be found here.

If you have questions about our python script or CloudFormation templates, or if you are a current customer, please feel free to email us at support@evident.io to schedule a training call.

Keep an eye for more blogs in this series.

The post AWS Security Tech Tips: Programmatic Onboarding of AWS Accounts to ESP Using CloudFormation and Python appeared first on Cloud Sentry Blog.

]]>
../aws-user-attribution-cloudformation-python-boto3/feed/ 0
Cloud Security This Week – March 9, 2018 ../cloud-security-this-week-03092018/ ../cloud-security-this-week-03092018/#respond Fri, 09 Mar 2018 22:33:16 +0000 ../?p=2397 New from Evident.io Evident.io Custom Signature Provides Protection in New Wave of DDoS Attacks Only one week after a massive DDoS attack knocked GitHub offline, a new attack dubbed “Memcrash” used the same methods to hack a U.S. service provider by targeting memcached servers. A new custom signature from Evident.io can help organizations avoid the... Read more »

The post Cloud Security This Week – March 9, 2018 appeared first on Cloud Sentry Blog.

]]>
New from Evident.io
Evident.io Custom Signature Provides Protection in New Wave of DDoS Attacks
Only one week after a massive DDoS attack knocked GitHub offline, a new attack dubbed “Memcrash” used the same methods to hack a U.S. service provider by targeting memcached servers. A new custom signature from Evident.io can help organizations avoid the same fate.

Post-Webinar Recap: Compliance in the Cloud in 2018
An overview of the key topics discussed in our recent webinar, where Matt Willman, Principal Architect for FedRAMP at Jive Software and John Martinez, VP of Solutions, answer key questions and share their experience when it comes to driving value from compliance in the cloud.

All Security is Cybersecurity
In many organizations, physical and cyber security are treated as separate functions, but that’s no longer a sustainable approach. Nowadays, all security has a cybersecurity component to it.

The Evolution of DevSecOps Revisited
Have SecOps and DevOps been effective in fostering collaboration of the seemingly contradictory teams to align their disparate goals into a singular effort or have they slipped into the primitive security models of the past? Our panel of experts discussed relationship between DevOps and SecOps and explored whether or not it has evolved to be as harmonious as we hoped.

News and Perspectives on Cloud Security
Massive DDoS Attack Hits Memcached Servers Days After GitHub Outage
Just a week after code repository GitHub was knocked offline by the world’s largest recorded distributed denial-of-service (DDoS) attack, the same technique has been used to direct an even bigger attack at an unnamed US service provider.

Cryptomining Malware Found to be Rampant
According to Bad Packets Report, nearly 50,000 websites were found to host some type of cryptocurrency mining malware, and almost 5,541 WordPress websites were infected with malware as part of cryptojacking campaigns.

Cloud Computing is Eating the World: Should We Be Worried?
Cloud computing is now pervasive, and it’s drawbacks very well known. Users keep flocking to it and finding value, but here are some considerations they mustn’t ignore.

NSA Leak Reveals Agency’s List of Enemy Hackers
A series of leaks that started in 2016 sheds light on how the NSA is collecting information on the world’s most advanced and stealthy hackers.

The post Cloud Security This Week – March 9, 2018 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-03092018/feed/ 0