Cloud Sentry Blog https://cloudsentry.evident.io Powered by Evident.io Fri, 13 Oct 2017 19:58:33 +0000 en-US hourly 1 https://wordpress.org/?v=4.6.7 ../wp-content/uploads/2016/08/cropped-evident-shield-512-32x32.png Cloud Sentry Blog https://cloudsentry.evident.io 32 32 Cloud Security This Week – October 13, 2017 ../cloud-security-this-week-10132017/ ../cloud-security-this-week-10132017/#respond Fri, 13 Oct 2017 18:15:02 +0000 ../?p=1981 More stories hit the headlines this week on unprotected AWS S3 buckets and ways for enterprises to protect their cloud environments. Especially as organizations are applying a multicloud approach, better insight across all security controls can help you manage and protect your business. New from Evident.io ESP @ Work: Simplifying Compliance at a Regional Bank... Read more »

The post Cloud Security This Week – October 13, 2017 appeared first on Cloud Sentry Blog.

]]>

More stories hit the headlines this week on unprotected AWS S3 buckets and ways for enterprises to protect their cloud environments. Especially as organizations are applying a multicloud approach, better insight across all security controls can help you manage and protect your business.

New from Evident.io
ESP @ Work: Simplifying Compliance at a Regional Bank
The CIO of a Regional Bank chooses Evident.io and our Evident Security Platform (ESP) to monitor and secure AWS infrastructure and remain compliant in the cloud.

Security For Multicloud Environments
More enterprises are using cloud platforms from multiple vendors as as way to distribute workloads, manage resources, and improve their security footprint.

Put Your S3 Buckets to the Test to Ensure Cloud Fitness
Evident.io CEO Tim Prendergast offers advice on how effectively get control over the security of AWS S3 buckets.

Know the State of Your AWS S3 Security
The news is loaded with stories of major global brands getting into major trouble because of unprotected AWS S3 buckets, and the breaches keep happening. Learn how to get a handle on S3 security and prevent a catastrophe.

WEBINAR – Oct 19, 2017: Evident Security Platform for Microsoft Azure
Evident.io recently announced support for Microsoft Azure, which extends our cloud security and compliance monitoring to multiple cloud environments. In this webinar, Evident.io’s Prashant Ketkar, SVP of Product, will discuss Azure, cloud security, and how to develop a multi-cloud strategy.

WEBINAR – Oct 26, 2017: Get CloudFit: Top 11 AWS Best Practices for Cloud Security
In the cloud, you have to stay vigilant to stay strong and there is no better time than the present to get yourself and your team into shape.

News and Perspectives on Cloud Security
Cloud Security Spending is Growing Faster Than Expected
Spending on all aspects of cloud services is rapidly increasing, and security is among the segments that’s seeing the biggest increase.

53% of Cloud Users Have Exposed Data Online
In a similar survey from six months ago, it was 40% of organizations who had exposed data. This significant increase signals the severe need for cloud security.

Ransomware Is Not Going Away
The unfortunate reality that ransomware is gaining traction as a profitable business.

National Cybersecurity Awareness Month
Coming up next week will be week 3 of National Cybersecurity Awareness Month and the theme is Today’s Predictions for Tomorrow’s Internet. We hope this will serve as a reminder that our sensitive, personal information is the fuel that makes smart devices work. While there are tremendous benefits of this technology, it is critical to understand how to use these cutting-edge innovations in safe and secure ways. Please share this information with friends, family and colleagues as we will all benefit from a more cybersecurity aware culture. #NCSAM #CyberAware

The post Cloud Security This Week – October 13, 2017 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-10132017/feed/ 0
ESP @ Work: Simplifying Compliance at a Regional Bank ../esp-at-work-simplifying-compliance-regional-bank/ ../esp-at-work-simplifying-compliance-regional-bank/#respond Thu, 12 Oct 2017 18:40:13 +0000 ../?p=1977 “ESP makes it possible for me and my team to move along the maturity model much faster than my peers without relying on budget and resources that aren’t available.” – CIO at Regional Bank Regional Bank views Cloud Security investment as Regulatory spend vs. Technology spend. Overview The CIO of a Regional Bank chooses Evident.io... Read more »

The post ESP @ Work: Simplifying Compliance at a Regional Bank appeared first on Cloud Sentry Blog.

]]>

“ESP makes it possible for me and my team to move along the maturity model much faster than my peers without relying on budget and resources that aren’t available.” – CIO at Regional Bank

Regional Bank views Cloud Security investment as Regulatory spend vs. Technology spend.

Overview

The CIO of a Regional Bank chooses Evident.io and our Evident Security Platform (ESP) to monitor and secure AWS infrastructure and remain compliant in the cloud.

Customer Profile

Thriving Regional Bank with assets exceeding $500 million dollars, offering everything from savings and checking accounts to low rate mortgage and home equity programs. Business services are also available including, checking, business credit cards, merchant card services and more. Federally Insured by NCUA.

Problem: With a flourishing organization and more regulations from the federal government coming down the pipe, the Regional Bank needed a reliable technology solution that would allow them to scale for the long term. The CIO has worked to keep pace with the rapid changes in the industry but keeping pace and not blowing up the Bank’s IT budget is a challenge.

Solution

Like most other regional banks, they were trying to do more with less and they implemented Evident.io’s security platform (ESP) to help with the pain of annual audits and continuous monitoring for vulnerabilities in their Amazon Web Services (AWS) environment.

Evident.io has helped monitor the Bank’s environments and helped the organization remain compliant throughout their year plus partnership.

“It’s so easy, even a boss could use it!” – CIO at the Regional Bank

Result

In the next year, the Regional Bank will need to be in an SSA16 compliance everywhere and they will leverage Evident.io to get there. The CIO sees his cloud spend as a regulatory spend and not a technology spend.

Over the last year, Evident.io has helped the Regional Bank to quickly find and remediate bad actors and threats in the cloud, ensure proper encryption of member data, and strengthen their security and compliance posture. With ESP’s automated security platform, the CIO is able to provide a stable secure banking platform and lower costs in an organization with a small staff and limited resources. The current cost model of ESP also allowed them to trim the product offering to fit the specific needs for a regional bank in the AWS environment. The CIO is able to deliver better value-add solutions creating security, matching regulations and meeting customers standards for highly secure highly accessible banking services. The CIO says, “There are just not enough hours in the day to go through all of the information and checks manually that ESP can automate.”

As businesses grow and take on more assets, they are taking on more risk as well. More assets means that financial organizations have more regulations and rules. Evident.io has allowed the CIO to take on more.

Learn more

To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and uncover vulnerabilities in your environment and alert security teams of configuration changes and policy violation and provide a path to remediation.

You can try ESP free for 14 days and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.

About this ESP @ Work Blog Series

ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.

Read more Customer Success Stories here.

The post ESP @ Work: Simplifying Compliance at a Regional Bank appeared first on Cloud Sentry Blog.

]]>
../esp-at-work-simplifying-compliance-regional-bank/feed/ 0
Security For Multicloud Environments ../security-multicloud-environments/ ../security-multicloud-environments/#respond Tue, 10 Oct 2017 19:26:50 +0000 ../?p=1971 More enterprises are using cloud platforms from multiple vendors as as way to distribute workloads, manage resources, and improve their security footprint. In their research paper, Multicloud Management, 2017, analyst firm IDC presents compelling evidence that more enterprises are embracing a cloud strategy that uses the services of multiple providers. The cloud continues to rapidly... Read more »

The post Security For Multicloud Environments appeared first on Cloud Sentry Blog.

]]>

More enterprises are using cloud platforms from multiple vendors as as way to distribute workloads, manage resources, and improve their security footprint.

In their research paper, Multicloud Management, 2017, analyst firm IDC presents compelling evidence that more enterprises are embracing a cloud strategy that uses the services of multiple providers. The cloud continues to rapidly rise in popularity, but as enterprises get more comfortable with the cloud, they are applying a more sophisticated and informed mindset to their cloud strategy. By distributing workloads, creating purchasing and contractual leverage, and mitigating risk, a multicloud strategy is increasingly recognized as an astute approach for organizations that want to maximize the benefits of the cloud.

Clearly, the notion of a multicloud approach is rapidly gaining popularity, and for good reason. The IDC report states, “90% of enterprise-scale organizations plan to make use of multiple clouds in the next several years. As cloud environments become more complex, traditional tools and processes used to manage relatively static, tightly coupled IT infrastructure struggle to keep up with scaling, pooling, migrations, and rapid pace of change that are the hallmark of cloud IT operations.” Because the cloud is inherently flexible and connective, it allows for provider variation, and that’s proving to be a smart option, especially for organizations that want to increase their control over security and compliance within their cloud.

From a security standpoint, a multicloud approach helps by distributing that risk and provides a measure of control when attacks occur. Consider what happens when some element of an organization’s cloud is compromised; for organizations that don’t have an incident response process (and surprisingly high number fall into this category), this can result in shutting down operations while parts of the environment are sequestered, snapshot, wiped, and then redeployed.

That scenario requires that operations be frozen while the attack is contained, but it’s at a great cost, both in terms of resource being deployed and opportunity cost due to lost business opportunity. It also essentially negates the benefits of a flexible, dynamic cloud.

In a multicloud environment, however, workloads in non-threatened clouds can continue to function while issues on platforms under attack are resolved. Remember that hackers are specific in what they’re looking for; they exploit openings. Whether because of some knowledge or expertise about that platform or product, their goal is to find a way in based on something that can be easily compromised. In order to mount an attack simultaneously on two platforms being used by the same organization would require an operational and logistical focus that would be incredibly difficult to pull off. And organizations that are monitoring their environments would be able to quickly identify issues on one platform while transitioning some compute and operational activities to another one.

Cloud platforms also operate in terms of their different layers, one of which is the storage layer. This is handled in AWS by S3 buckets and in Microsoft with Azure Storage. We’re seeing so many breaches of S3 buckets because, among other things, that’s where so much valuable data lives which makes them very attractive targets. From a security standpoint, however, it’s smart to store data in multiple places as a way to reduce risk of that valuable data. Additionally, being able to rely on multiple layers of ID and compute access presents levels of complexity that make an environment less attractive to hackers. The ability to quickly deploy redundant applications or use API keys on different platform in order to keep things operating as “business as usual” provide an enterprise with resilience in the face of constant threats.

Many of our customers operate with a multicloud approach, and with our new support for Azure, we give them a single pane of glass view over their entire cloud architecture. Through that glass we provide comprehensive visibility into real-time security risk, provide the corresponding remediation paths to fix issues and bring operations back to a secure state. Evident Security Platform (ESP) aligns with the flexible and dynamic nature of the cloud by supporting organizations that choose a multicloud strategy for their IT and business operations. They seek insight and control within their cloud, and running ESP provides them with that while enabling them to evolve their cloud environment as their needs demand.

The post Security For Multicloud Environments appeared first on Cloud Sentry Blog.

]]>
../security-multicloud-environments/feed/ 0
Cloud Security This Week – October 6, 2017 ../cloud-security-this-week-10062017/ ../cloud-security-this-week-10062017/#respond Fri, 06 Oct 2017 17:51:30 +0000 ../?p=1967 Cybersecurity made for some compelling headlines this week with global political intrigue, massive numbers, and the continuing saga of Equifax. We’ll start with the obvious – Equifax. Look, we take no joy in seeing others falter, but this cautionary tale keeps adding chapters of how NOT to do security. This week we found out that... Read more »

The post Cloud Security This Week – October 6, 2017 appeared first on Cloud Sentry Blog.

]]>

Cybersecurity made for some compelling headlines this week with global political intrigue, massive numbers, and the continuing saga of Equifax.

We’ll start with the obvious – Equifax. Look, we take no joy in seeing others falter, but this cautionary tale keeps adding chapters of how NOT to do security. This week we found out that accounts of an additional 2.5 million were compromised. In comparison to the original 143 million, this new revelation seems almost like a footnote, but that’s the size of Qatar. And Houston. It’s a lot. This is part of other revelations coming out this week as Equifax’s former CEO Richard Smith spent days on the hot seat in front of congress.

Large numbers dominated the disclosure that the Yahoo account breach of 2013 impacted more than the 1 billion accounts originally reported. Turns out it affected 3 billion. Since we’re doing population comparisons, that’s like two of China. Yeah, that’s a lot too.

And then we also discovered that hackers working for the Russian government stole information about the operations of U.S. national security agencies. This story will unfold for some time, but some solid reporting is provided in the links below.

New from Evident.io
Our Post-Equifax World
In the wake of the massive Equifax data breach, there’s a lot we can learn about what to do, what not to do, and how to move forward in an increasingly digital world.

ESP @ Work: Keeping People Safe and Businesses Running Faster with Cloud Infrastructure Security
An overview of an Evident.io customer who is gaining valuable insight and dynamic visibility into their cloud infrastructure, and gaining better control over their platform at all times.

What We Can Learn From 3 Billion Compromised Accounts
New information came to light about Yahoo’s 2013 data breach. But there’s a story behind all of this, one of remediation and communication. It’s instructive for all enterprises in terms of how they continuously manage security and treat customers.

Evident Security Platform for Microsoft Azure
On the heels of the announcement of our support for Microsoft Azure, Prashant Ketkar, Evident.io’s SVP of Product, will provide an overview in this webinar. He will go into detail on cloud security and compliance challenges and explore how customers are using the Evident Security Platform to adapt their SecOps, DevOps and compliance functions to meet the needs of today’s public clouds.

What’s New in ESP?
This webinar, on October 12, will provide a comprehensive overview of ESP’s Azure support, S3 Bucket Fitness Report, new dashboard widgets, trend line views and more features.

Ransomware 2017 Report
Ransomware attacks, in which hackers encrypt an organization’s vital data until a ransom is paid, have become a billion dollar cybercrime industry according to the FBI. This new report, sponsored by Evident.io, reveals the latest ransomware trends and offers valuable guidance on effectively addressing the ransomware threat.

News and Perspectives on Cloud Security
October is National Cyber Security Awareness Month
Again, we can all benefit from brushing up on our cybersecurity best practices and protocols, so please share this information with friends, family and colleagues – we are stronger together. #NCSAM #CyberAware

Russian Hackers Stole NSA Data on U.S. Cyber Defense
We’re just cracking the story on this, but it looks like this hugely damaging breach could enable the Russian government to collect valuable data and infiltrate U.S. government networks.

6 Fresh Horrors From the Equifax CEO’s Congressional Hearing
There’s no fun in kicking someone when they’re down, but this story just goes from bad to worse, and redefines “worse.”

There Are 2.5 Million More People in the Equifax Breach Than We Thought
For those keeping score at home, the breach is now up to almost 146 million compromised accounts.

WannaCry Ransomware Was the Biggest Challenge of the Year, Says Cybersecurity Center
An overview of WannaCry; damage, repercussions, and what to expect next.

The post Cloud Security This Week – October 6, 2017 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-10062017/feed/ 0
What We Can Learn From 3 Billion Compromised Accounts ../learning-from-3-billion-compromised-accounts/ ../learning-from-3-billion-compromised-accounts/#respond Wed, 04 Oct 2017 23:41:55 +0000 ../?p=1962 New information has come to light about Yahoo’s 2013 data breach. But there’s a story behind all of this, one of remediation and communication. It’s instructive for all enterprises in terms of how they continuously manage security and treat customers. Just when you were getting your head around the 143 million people whose personal data... Read more »

The post What We Can Learn From 3 Billion Compromised Accounts appeared first on Cloud Sentry Blog.

]]>

New information has come to light about Yahoo’s 2013 data breach. But there’s a story behind all of this, one of remediation and communication. It’s instructive for all enterprises in terms of how they continuously manage security and treat customers.

Just when you were getting your head around the 143 million people whose personal data was compromised in the Equifax breach (although now it seems closer to 146 million), prepare for the number 3 billion. That’s how many Yahoo accounts were hacked according to new revelatory information about the company’s infamous 2013 data breach. This is certainly making headlines, and the Twittersphere is having a field day with this, but the untold story are the efforts Yahoo took to fix the problem when it happened.

First off, it’s important to remember that the attack took place almost four years ago. Security was different even that short time ago. The emphasis then had been on securing the perimeter, whereas now there are more tools available to apply to the different pieces of the IT environment. Approaches to security now look at the “stack” in which users and data transact, and applies security to ID, compute, storage, and other layers within the stack. Yahoo has been forthcoming and transparent about how it manages security, and it is clear that they have much more continuous insight and control over their environment.

We have to also look at these kinds of breaches not just at the point of attack, but in the aftermath and how organizations handle communication with those affected by it. Equifax waited two months to fix an unprotected server, and that didn’t end up so well for them; 146 million people are paying the price for lax security management by them. Yahoo, by contrast, quickly instituted a plan of action that communicated to users how to change passwords, identify fake requests for personal information, and a general plan to protect themselves. We recommended that Equifax be transparent and communicate a plan to rectify their mistakes. So far, the response has been vague. Yahoo, by contrast, initiated a plan to keep users safe and secure.

The Yahoo case is a cautionary tale about how rapidly security attacks and defenses change in today’s world. Evolving organizations can differentiate themselves by deploying a plan of transparent communication like Yahoo’s, embracing continuous practices in security and compliance, and always updating and improving their policies and commitments to users as a core fundamental of their business. Yahoo is a sophisticated company with a strong security program; if organizations at the top of the food chain can fall victim to these kinds of breaches, then no company is ever truly safe from the constantly morphing and ever-changing nature of today’s attack landscape.

The post What We Can Learn From 3 Billion Compromised Accounts appeared first on Cloud Sentry Blog.

]]>
../learning-from-3-billion-compromised-accounts/feed/ 0
Our Post-Equifax World ../post-equifax-world/ ../post-equifax-world/#respond Wed, 04 Oct 2017 21:22:28 +0000 ../?p=1958 In the wake of the massive Equifax data breach, there’s a lot we can learn about what to do, what not to do, and how to move forward in an increasingly digital world. Former President George W. Bush once [not so] eloquently asked, “Is our children learning?” As someone in the security field, I have... Read more »

The post Our Post-Equifax World appeared first on Cloud Sentry Blog.

]]>

In the wake of the massive Equifax data breach, there’s a lot we can learn about what to do, what not to do, and how to move forward in an increasingly digital world.

Former President George W. Bush once [not so] eloquently asked, “Is our children learning?” As someone in the security field, I have my own concerns and repeatedly wonder, “Is our enterprises learning?” Major security breaches fill the headlines week after week with no indication that we are learning from our mistakes. Especially when the digital world provides you a virtual minefield of mishaps, most have been unable, or unwilling, to change their ways.

Unfortunately, many organizations lack the funding for security initiatives, and there is an alarming dearth of available cybersecurity talent. This contributes to an inability to adequately address the continuous nature of risk assessment and security control. The fact is, security never stops. But when an issue affects 143 million people like the Equifax hack did, it becomes evident that no one can sit back and hope for the best. We’re now living in a post-Equifax world, and if nothing previously has woken us up to the need to improve our cloud security, then let this be that thing.

The story behind the attack speaks to both the ease with which hackers accessed a trove of files, and the inability — willful or otherwise — on the part of Equifax to ensure proper security controls. The information that has come to light shows that hackers exploited a flaw in the Apache Struts framework, a flaw that users had been warned about and Apache had fixed months prior to the attack. Representatives at Equifax have confirmed that that flaw had been addressed, yet the Wall Street Journal reports that the company was still seeing problems related to that flaw even in late June. Krebs even reported that as of last week, an Equifax portal that could provide access to other sensitive files was protected only with the username/password combination of “admin/admin.” (I mean, come on!)

The collateral damage is just starting to unfold and it’s already bad. A federal criminal investigation has been launched (others are sure to follow), lawsuits are being brought against the company (others will DEFINITELY follow), executive behavior is being scrutinized, the company has lost about $6 billion in market value, and fingers are pointing all over the place. To add to the confusion and frustration, Equifax has not been particularly forthcoming in their communication about what exactly happened, how they’re fixing it, and what the future holds. Customers are confused and angry, social media will keep this story alive for a long time, and the company is generally taking a beating globally.

It turns out that it wasn’t a very complicated attack, and that really makes this sting. We tend to think of hackers as mad geniuses who hold some savant-ish ability to see through radically complex algorithms and focus in on finding the data equivalent of crown jewels. The reality is usually quite different from that; it tends to be lax monitoring or poorly configured IT assets that leave open databases and other repositories. Of course there’s no excuse for anyone who exploits another person or asset for personal gain. But we all know hackers are out there, and yet we keep doing things like leaving folders titled “Passwords”in servers where the password is “password.”

Because it deals in credit data and personal information, Equifax is already a target for hackers, but once the Apache flaw became known, it put the company squarely into their crosshairs. Questions about why the issue wasn’t adequately handled have to be answered. An overview of Equifax’ security protocols and processes has to come to light. But we can learn from Equifax’ misfortunes and create a strategy for operating in environments that are inherently insecure by taking measures to strengthen our enterprise security posture and ensure that we can eliminate some vulnerabilities and have confidence that we can rapidly fix those we become aware of. The key is just that, however – awareness. It breeds the ability to control and without control we have very little hope for avoiding the fate of Equifax and so many others like it.

There will be another breach, soon. And then another after that. Technology isn’t perfect, and the potential for risk will always be part of our digital world, but we need to stop making it easy for hackers to take advantage so easily.

The post Our Post-Equifax World appeared first on Cloud Sentry Blog.

]]>
../post-equifax-world/feed/ 0
ESP @ Work: Keeping People Safe and Businesses Running Faster with Cloud Infrastructure Security ../esp-work-keeping-people-safe-businesses-running-faster-cloud-infrastructure-security/ ../esp-work-keeping-people-safe-businesses-running-faster-cloud-infrastructure-security/#respond Tue, 03 Oct 2017 16:24:03 +0000 ../?p=1953 “ESP supports our global security team by providing dynamic visibility into our cloud infrastructure. This enhances our ability to control our CEM platform at all times, not just in times of crisis.” – Global Security Manager, Critical Event Management Software Company. Critical Event Management Software Company achieves NIST 800-53 Compliance Overview The Sr. Information Security... Read more »

The post ESP @ Work: Keeping People Safe and Businesses Running Faster with Cloud Infrastructure Security appeared first on Cloud Sentry Blog.

]]>

“ESP supports our global security team by providing dynamic visibility into our cloud infrastructure. This enhances our ability to control our CEM platform at all times, not just in times of crisis.” – Global Security Manager, Critical Event Management Software Company.

Critical Event Management Software Company achieves NIST 800-53 Compliance

Overview

The Sr. Information Security Director of Critical Event Management Software Company views ESP as an essential tool from a cloud security standpoint.

Customer Profile

Global software company that provides enterprise software applications that automate and accelerate an organization’s operational response to critical events in order to keep people safe and businesses running. During public safety threats such as active shooter situations, terrorist attacks or severe weather conditions, as well as critical business events such as IT outages or cyber-attack incidents, over 3,300 global customers rely on the company’s SaaS-based platform to quickly and reliably aggregate and assess threat data, locate people at risk and responders able to assist, automate the execution of predefined communications processes, and track progress on executing response plans.

Problem

The Critical Event Management (CEM) Software Company is currently in process to achieve Federal Risk and Authorization Management Program, or FedRAMP, compliance. FedRAMP is a United States government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, and Evident.io is a crucial partner to enable them to accomplish this.

Solution

The first step for the CEM Software Company was NIST 800-53 compliance. The security team and operations teams leveraged the Evident Security Platform (ESP) as a tool to help them achieve this.

As a CEM solution, they have a true understanding and appreciation of the automated compliance capabilities that come out of the box with ESP. With ESP they were able to reduce the manual effort required to achieve insights into their security vulnerabilities and achieve compliance with NIST 800-53. ESP’s one-button compliance reports that indicate pass/fail status for all of the testable infrastructure controls, save the organization time and money in validating compliance and providing evidence for auditors.

Result

ESP provided security visibility for what the Event Management Software Company configured “in” the cloud by consuming all of Amazon’s APIs. ESP alerts them of configuration changes and policy violation and provides a path to remediation; Continuous monitoring and alerting. ESP helped the security team leading their FedRAMP initiative and become compliant with regard to the AWS shared services model, CIS AWS Security Best Practices and NIST 800-53 by automating the exposure and remediation of vulnerabilities in AWS. ESP also offered the flexibility to develop custom signatures to be alerted on the organization’s specific risks as well as support for AWS GovCloud.

Learn more

To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and uncover vulnerabilities in your environment and alert security teams of configuration changes and policy violation and provide a path to remediation.

You can try ESP free for 14 days and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.

About this ESP @ Work Blog Series

ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.

Read more Customer Success Stories here.

The post ESP @ Work: Keeping People Safe and Businesses Running Faster with Cloud Infrastructure Security appeared first on Cloud Sentry Blog.

]]>
../esp-work-keeping-people-safe-businesses-running-faster-cloud-infrastructure-security/feed/ 0
Cloud Security This Week – September 29, 2017 ../cloud-security-this-week-09292017/ ../cloud-security-this-week-09292017/#respond Fri, 29 Sep 2017 18:39:54 +0000 ../?p=1944 Whole Foods was the victim of a breach that exposed customer credit card data to hackers, Deloitte fell victim to a widespread attack, and the hits keep coming across companies in a variety of industries. Add to that that evidence mounted this week that cybercrime is taking a serious turn towards being increasingly organized and... Read more »

The post Cloud Security This Week – September 29, 2017 appeared first on Cloud Sentry Blog.

]]>

Whole Foods was the victim of a breach that exposed customer credit card data to hackers, Deloitte fell victim to a widespread attack, and the hits keep coming across companies in a variety of industries. Add to that that evidence mounted this week that cybercrime is taking a serious turn towards being increasingly organized and sophisticated, and well, Happy Friday.

There is consistency in this business, that’s for sure. Yet for all the instances of misconfigured data repositories and leaked data, we’re working with some interesting companies who are fighting back. Our multicloud security approach is also helping enterprises get control over environments where both AWS and Azure are being used.

Some members of the Evident.io team spent the week at Microsoft Ignite where business was brisk and interest in the Evident Security Platform (ESP) was high. A long week, but a fantastic week, and with this crew, how could you go wrong?:

evidentioteam2

New from Evident.io
Companies Push to Decode Cloud Encryption
“There’s no excuse not to encrypt data at rest. It doesn’t make any sense unless you just don’t care about the data … and some people don’t.”

Evident.io Cloud Security Platform – Support for Microsoft Azure
An insightful overview of Evident Security Platform (ESP) new support for Microsoft Azure, and how Evident.io is providing cloud security control for organizations that use a multicloud approach.

ESP @ Work: Enabling Always-on Compliance for Electronic Health Record Company
With ESP, the Electronic Health Record Company was able to alleviate the heavy lifting of compliance and reduce their time-to-audit from an 11 month cycle to the click of a button.

Evident.io Support for Microsoft Azure and Multicloud Environments
This overview of Evident Security Platform offers background on the AWS and Azure cloud approaches and how why many enterprises are opting for a multicloud framework.

News and Perspectives on Cloud Security
Researchers Find 7% of all Amazon S3 Servers Are Exposed
A recent study by SkyHigh Networks found 7 percent of all Amazon S3 servers are exposed which may explain a recent surge of data leaks in the last few months. This is clearly quite alarming. It’s also fixable.

NIST to Release Overhauled Framework 
The NIST risk management framework will be getting an overhaul, with an updated version due out next week.

Cybercrime-as-a-Service Becomes Mainstream for Criminals
Ransomware is rapidly becoming an enterprise unto itself, with organized crime groups becoming more sophisticated in how they buy and sell cybercrime services.

I’d Like Continuous Security Monitoring With My Burger, Please
Fast-food giant Sonic has disclosed a data breach potentially affecting millions of customers’ private information.

The post Cloud Security This Week – September 29, 2017 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-09292017/feed/ 0
ESP @ Work: Enabling Always-on Compliance for Electronic Health Record Company ../esp-at-work-enabling-always-compliance-electronic-health-record-company/ ../esp-at-work-enabling-always-compliance-electronic-health-record-company/#respond Wed, 27 Sep 2017 14:43:26 +0000 ../?p=1939 “Before ESP, preparing for our annual compliance audit would be an 11 month cycle. With ESP we can view our state of compliance in near real time.” – Principal Architect for HIPAA Compliance at Electronic Health Record Company Electronic Health Record Company invests in ESP for Continuous Compliance. Overview With ESP, the Electronic Health Record... Read more »

The post ESP @ Work: Enabling Always-on Compliance for Electronic Health Record Company appeared first on Cloud Sentry Blog.

]]>

“Before ESP, preparing for our annual compliance audit would be an 11 month cycle. With ESP we can view our state of compliance in near real time.” – Principal Architect for HIPAA Compliance at Electronic Health Record Company

Electronic Health Record Company invests in ESP for Continuous Compliance.

Overview

With ESP, the Electronic Health Record Company was able to aliviate the heavy lifting of compliance and reduce their time-to-audit from an 11 month cycle to the click of a button.

Customer Profile

The largest, free web-based electronic health record (EHR) company with more than 112,000 monthly active medical professionals and 81 million patients. Their mission, is to connect doctors, patients and data to drive better health and save lives. The Electronic Health Record Company provides physicians and medical professionals with free, advertising-supported EHR and medical practice management technology that includes charting, scheduling, e-prescribing (eRx), medical billing, lab and imaging center integrations, referral letters, Meaningful Use certification, training, support and a personal health record for patients.

Problem

Electronic Health Record Company’s team were looking to expand security team to support their AWS cloud infrastructure, they needed a tool that would help to increase the efficiency and productivity of their existing team. As a web-based electronic health record repository, they are responsible for the storage, security and protection a lot of very sensitive information. It was critical for the Electronic Health Record Company to find solution that would simplify and automate their compliance requirements.

Solution

The Electronic Health Record Company selected the Evident Security Platform (ESP) as an automation tool to continuously monitor vulnerabilities in their AWS infrastructure, saving them time and money. ESP fit all of their requirements, specifically:

  • Inexpensive to operationalize, maintain and support. Time to value must be immediately quantifiable and visible.
  • An open, flexible architecture that can grow, adapt and integrate seamlessly with a fast moving AWS cloud environment and business change.
  • Provide compliance reporting and constant checking against an Industry Framework.

Results

Even during the initial trial phase, ESP helped the Electronic Health Record Company  be compliant with regard to the AWS shared services model and CIS AWS Security Best Practices, by automating the exposure and remediation of vulnerabilities in AWS. The Electronic Health Record Company’s time-to-audit has dropped from an 11 month cycle to the click of a button. By employing ESP’s real-time continuous security visibility, auditing and validation engine for of all of their AWS environments, they can be confident in their ability to pass compliance frameworks like CIS AWS Foundations benchmark and HIPAA.

Learn more

To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and uncover vulnerabilities in your environment and alert security teams of configuration changes and policy violation and provide a path to remediation.

You can try ESP free for 14 days and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.

About this ESP @ Work Blog Series

ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.

The post ESP @ Work: Enabling Always-on Compliance for Electronic Health Record Company appeared first on Cloud Sentry Blog.

]]>
../esp-at-work-enabling-always-compliance-electronic-health-record-company/feed/ 0
Cloud Security This Week – September 22, 2017 ../cloud-security-this-week-09222017/ ../cloud-security-this-week-09222017/#respond Fri, 22 Sep 2017 21:28:06 +0000 ../?p=1930 What a great week at Evident.io. We announced that Evident Security Platform (ESP®) now supports Microsoft Azure which now gives our customers automated and continuous visibility and control of their compliance and security across multiple public cloud platforms from a single pane of glass. This is big stuff because organizations can see everything happening in... Read more »

The post Cloud Security This Week – September 22, 2017 appeared first on Cloud Sentry Blog.

]]>

What a great week at Evident.io. We announced that Evident Security Platform (ESP®) now supports Microsoft Azure which now gives our customers automated and continuous visibility and control of their compliance and security across multiple public cloud platforms from a single pane of glass. This is big stuff because organizations can see everything happening in their environment, in terms of infrastructure risks and compliance violations, across both Microsoft Azure and Amazon Web Services, all in a unified view in ESP.

Clearly, every enterprise has to choose the cloud vendor that works best for them, and for some that also means operating in a hybrid environment. ESP now helps those organizations get a better, clearer, and more actionable ability to control their security and compliance.

In addition to new ESP support for Azure, Evident.io is now offering S3 bucket fitness reports so organizations can determine if their repositories have been correctly configured and are operating with the necessary level of security controls. ESP does this with continuous monitoring so users are always able to see the state of their S3 buckets and respond quickly to remediate any issues.

Oh, and our very own Kate Turchin delivered the most eloquent, poetic, and enjoyable explanation of the AWS Shared Responsibility Model – you don’t want to miss this:

New from Evident.io
Evident.io Helps Enterprises Reduce Complexity of Securing Multicloud Environments with New Support for Microsoft Azure
Here’s the overview on ESP support for Microsoft Azure. Combined with support for Amazon Web Services (AWS), ESP provides enterprises automated and continuous visibility and control of their compliance and security across multiple public cloud platforms from a single pane of glass.

AWS S3 Bucket Fitness – Know the State of Your S3 Security
Evident.io launches new S3 bucket fitness reports so you are always aware of how changes to your AWS environment affect configurations and settings in your buckets.

ESP for Azure: Security for the Modern Enterprise
In this blog, Evident.io’s Tim Prendergast (co-founder and CEO), and Prashant Ketkar (SVP of Product) discuss Azure, cloud security, and how to develop a multicloud strategy.

ESP @ Work: Global Airline Improves Safety, Operational Reliability & Customer Services With Security in the Cloud
Learn how the CEO of the world’s leading long distance airline selected Evident.io to drive excellence with cloud projects and improve safety, operational reliability and customer services with ESP. This provided visibility, awareness and improved security of their AWS infrastructure.

News and Perspectives on Cloud Security
New Locky Variant Ransomware Attack Hits 20M Attacks In One Day
In just 24 hours, an aggressive ransomware campaign has targeted many through fake file delivery emails.

Equifax Had Data Breach Months Before Big One Hit
This story just keeps getting worse…

After Massive Data Breach, Equifax Directed Customers To Fake Site
…wait, it just got worse.

Double Trouble: This Ransomware Campaign Could Infect Your PC With Two Types Of File-Locking Malware
This ransomware “campaign” could force victims to pay up and decrypt their files twice.

The post Cloud Security This Week – September 22, 2017 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-09222017/feed/ 0