Cloud Sentry Blog https://cloudsentry.evident.io Powered by Evident.io Thu, 21 Sep 2017 16:39:56 +0000 en-US hourly 1 https://wordpress.org/?v=4.6.7 ../wp-content/uploads/2016/08/cropped-evident-shield-512-32x32.png Cloud Sentry Blog https://cloudsentry.evident.io 32 32 ESP for Azure: Security for the Modern Enterprise ../esp-for-azure/ ../esp-for-azure/#respond Thu, 21 Sep 2017 00:17:22 +0000 ../?p=1925 Evident.io today announced support for Microsft Azure, which extends our cloud security and compliance monitoring to multiple cloud environments. In this blog, Evident.io’s Tim Prendergast (co-founder and CEO), and Prashant Ketkar (SVP of Product) discuss Azure, cloud security, and how to develop a multicloud strategy. Evident.io today announced support for Microsoft Azure, which now extends... Read more »

The post ESP for Azure: Security for the Modern Enterprise appeared first on Cloud Sentry Blog.

]]>

Evident.io today announced support for Microsft Azure, which extends our cloud security and compliance monitoring to multiple cloud environments. In this blog, Evident.io’s Tim Prendergast (co-founder and CEO), and Prashant Ketkar (SVP of Product) discuss Azure, cloud security, and how to develop a multicloud strategy.

Evident.io today announced support for Microsoft Azure, which now extends continuous insight and control provided by the Evident Security Platform (ESP®) to a single pane of glass for AWS, Microsoft, and multicloud environments. It’s a big step for our company, and an important new offering for our customers and partners.

As we see more demand from customers who use multiple clouds, we recognize that choose a cloud vendor and managing security controls according to that vendor’s security approach requires a lot of coordination. To help us understand more about Microsoft’s approach with Azure, and how security works in a multicloud environment, I talked with two key strategists who developed Evident.io’s Azure plans: Tim Prendergast (co-founder and CEO), and Prashant Ketkar (SVP of Product). Their comments offer some very poignant and unadulterated views into cloud security and keeping your data and organization safe in the cloud:

Patrick Flanders: Let’s first talk about Microsoft’s approach to cloud security and how the Evident Security Platform supports it:
Tim Prendergast: Microsoft advocates is having a mentality of “harden by default”, and “assume breach”. It’s a well understood concept in the industry that basically says, “don’t assume everything is safe.” Many companies think that a perimeter defense will keep everything safe that’s inside. This philosophy that Microsoft applies presumes that hackers can get into a cloud at any point, and an organization needs to take necessary steps to protect themselves.

Prashant Ketkar: Azure customers have been very influenced by a checklist type of approach. In fact, when I was at Microsoft, many of us read and adopted the principles in Atul Gawande’s great book, The Checklist Manifesto. You’re always thinking about what could go wrong and what the different scenarios might be. You do it in a qualified manner, but as you go through the checklist, you’re making sure you don’t leave anything to chance. While most cloud providers have it in some form, it’s very prevalent in the Azure approach. The problem is, the checklist approach doesn’t scale.
That’s where the Evident Security Platform comes in. ESP automates the checklist, running all of your subscription and services configuration data through a “checklist” that will validate the settings against hardened security best practices, and then prioritizes the vulnerabilities that are found so your team knows what to work on first, second, third, and so on.

PF: What about Azure customers; what’s significant to them about a tool like ESP?
TP: Think about all the recent AWS S3 breaches we’ve seen. Then consider that Microsoft also uses a “harden by default” approach, and that’s important for customers to think about, especially in the context of how they put security around and within their environments. Customers have to build architectures and workloads, and in the Azure world, that is usually done in a way where they open up just what’s necessary for them to accomplish business goals. The alternative is to start fully open and then ratchet down from there. For customers exceptionally well-versed in security, this isn’t a problem. But for teams that have a variety of different backgrounds, especially those that don’t have a lot of expertise in security and compliance, this isn’t going to work. They are given a platform on which they have to control the infrastructure, open ports, set encryption policies, manage firewalls, and other tasks, they are likely to make errors in judgement, deploy misconfigurations, open things too broadly…and then forget to go back and fix and manage.

PK: Well, there’s also the fact that we’re now cross cloud platform. A tool is available that not only applies these philosophies of “assume breach” and “harden by default”, but it can be done in environments that are using AWS in addition to Azure. This is very important because those customers don’t want multiple security tools. They want a single pane of glass to get visibility and insights across the entirety of their cloud. That makes security understandable and fixable for Azure customers, but also for those considering Azure as a way to migrate to the cloud, or as a way to use multiple clouds.

PF: I’d love for you to talk more about supporting the needs of Azure customers. What helps them develop a rigorous security posture?
TP: Let me first address that second part of your question. Irrespective of your cloud provider, there are three mechanisms that have to be in place in order to actively control your cloud: detection, remediation, and ongoing measurement. Not incidentally, these are the three elements that ESP was built on and it formed our design of the product. ESP is essentially designed to bring “assume breach” to a programmatic infrastructure for cloud customers. So getting back to your first question, yes, the Azure infrastructure was built with “assume breach”, but customers who build architectures may not necessarily carry that mentality forward, so they need guidance.

PK: Every customer is thinking about removing risk. Many Azure customers are large, global brands that have very distributed architectures. Azure can handle that type of environment without a problem, but as the reach broadens, so too does the need for security. ESP was built to create minimum attack surface exposure. ESP guides users to open just what is needed to do business, and from there, detect settings, configurations, and changes that might leave them open to attack.

PF: We often talk about a cloud provider’s “stack” because their approach to the different layers of the stack speaks to their overall security posture. What are your thoughts on Microsoft’s stack and how security control is applied to it?
TP: Microsoft has taken a threat-driven approach to cloud security. They evaluate a lot at the host and network levels and look at data flowing into the cloud, as opposed to configuration management, security configuration, compliance, and those kinds of things. They learned a lot by being a late entrant to the cloud market. Across their existing ecosystem they could see customers who wanted to address network-faced attacks, DDoS prevention, SQL injections, application layer attacks; Microsoft began with a security approach that looked first at these things. They recognize that attacks, once they penetrate the environment, can go deeply into the infrastructure, so they clearly want to help prevent that.

PK: It’s important to remember that many Microsoft customers are moving from on-premises and legacy environments to the cloud, so they are changing the paradigm of their infrastructure. They are accustomed to layers; they’ve used a Microsoft operating system, SQL, Active Directory, and all the other components of the Microsoft universe. This makes for a very different type of customer and security team. Azure, therefore, is architected according to this stack idea, and it’s based on coexisting within a Microsoft framework, so those working with it are accustomed to locking down hosts and the OS as a way to control security.

PF: Why would companies choose to use a multicloud strategy?
PK: There are two types of ecosystems to think about: one is the large, established enterprise that has a legacy IT environment. Then there’s the younger, born-in-the-cloud company that has been with the cloud from the beginning. For companies migrating to the cloud, moving to one provider is challenging at scale, so it makes sense from an architecture standpoint to have different providers handling different workloads. That’s helpful both at the time of migration and for ongoing management. For the younger, cloud-first companies, multicloud is a strategy that provides both economic and operational leverage. In terms of costs and licenses, spreading your environment over multiple clouds gives you more control when it comes time to renew. But also remember that these born-in-the-cloud companies don’t have their own data centers, so there’s nothing to fall back on in case of data loss. So they need multiple clouds for the sake of business recovery and business continuity.

TP: There’s a lot of value to be had from this diversity proposition. Not just being able to log in to different platforms, but also things like benefiting from diversity of innovation. If you want to access modern technologies and always be able to capitalize on better ways of running your applications, you’ll need to be on the receiving end of new deployments from a variety of providers. Otherwise, your perspective and abilities become narrow. Let’s say I’m building something using serverless code functions in Lambda or Azure Cloud Functions, and I run into a software function issue that renders it non-functional. Well, I can simply use it in a different cloud and move back and forth as needed. It helps you escape issues like a human introduced bug on the backend. And ultimately, it’s a strategy of keeping your eggs spread across different baskets.

PF: I’m hoping we can continue the conversation soon. There’s a lot to learn about Azure and Evident.io’s plans for the future.
TP: Absolutely. I love talking about all of this, and it’s a broad topic.

PK: Yes, I would like that. Thanks for having me.

We invite you to learn more about ESP support for Azure, and to come back to our blog in the coming days and weeks for additional insights about cloud security.

The post ESP for Azure: Security for the Modern Enterprise appeared first on Cloud Sentry Blog.

]]>
../esp-for-azure/feed/ 0
ESP @ Work: Global Airline improves safety, operational reliability & customer services with Security in the Cloud ../esp-at-work-global-airline-security-cloud/ ../esp-at-work-global-airline-security-cloud/#respond Mon, 18 Sep 2017 19:51:30 +0000 ../?p=1913 “Speeding up our adoption of new technology is a priority, but what’s truly exciting is the opportunity we have to use the relationships we have with our customers – and the insights they entrust to us – to shape service and create new businesses.” – CEO at a leading global airline. World’s leading long distance... Read more »

The post ESP @ Work: Global Airline improves safety, operational reliability & customer services with Security in the Cloud appeared first on Cloud Sentry Blog.

]]>

“Speeding up our adoption of new technology is a priority, but what’s truly exciting is the opportunity we have to use the relationships we have with our customers – and the insights they entrust to us – to shape service and create new businesses.” – CEO at a leading global airline.

World’s leading long distance airline improves safety, operational reliability and customer services with Cloud Infrastructure Security.

Overview

The CEO of the world’s leading long distance airline selects Evident.io to drive excellence with cloud projects and improve safety, operational reliability and customer services with ESP, gaining visibility awareness and strengthen the security of their AWS infrastructure.

Customer Profile

Regarded as the world’s leading long distance airline and one of the strongest brands globally, they have built a reputation for excellence in safety, operational reliability, engineering and maintenance, and customer service. The organization has a very broad portfolio of subsidiary businesses ranging from Freight Enterprises to Frequent Flyer programs.

Background

The Global Airline’s priority is to continually improve the safety, operational reliability and customer service. As cloud computing gains prominence, the opportunity for airlines to build brand value, better serve and understand customers, and drive excellence with cloud projects has become a reality. This interaction of airlines and airports using cloud services worldwide to deliver new services to the industry – from delivering great passenger services and self-service facilities, the management of aircraft maintenance, estimating travel times, aircraft identifications, emission controls, traffic modeling, integrated fare management and customer loyalty programs.

A majority of airlines are currently using the cloud to build new areas of customer experience, customer self-service, ancillary revenue offerings, along with collecting and analyzing data for business intelligence purposes. Select critical operational tasks, such as gathering data from sensors (IoT) to manage maintenance records, have been passed off to the cloud. Because of this proven success, the Global Airline has proclaimed “cloud-first” strategy as the foundation for their IT operations.

Problem

The Chairman of the Board for the Global Airline stated the foundation of future growth for the organization would be by reducing costs, growing revenue while continuing to improve the experience for their customers. The organization is relying on the AWS cloud for increased cost savings, substantial operational efficiencies and fast, agile delivery of enhanced, new customer services and revenue streams. Governance, risk, and compliance, along with privacy and security are critical to ensuring customer confidential data is not compromised along with protection of corporate intellectual property and the airline was in search of a tool to help them automate this process.

Solution

The executive team selected Evident Security Platform (ESP) to provide visibility and awareness into their AWS security and controls. Because of their “cloud-first” strategy, their Executive Management partnered with Evident.io to integrate key practices and technology, ESP, to produce more secure software and support faster fixes to security problems while increasing visibility for the Security Operations and Cloud teams.

Results

Evident.io helped the Global Airline to increase velocity of application migration & development by embedding ESP near real-time security capabilities into their DevOps pipeline. By creating security workflows through integrations with ESP’s security intelligence feeds into Slack, ServiceNow and others applications, the Security Operations and Cloud teams have been able to achieve near real-time response to security incidents, configuration drift, and compliance deviation.

In addition, ESP’s flexible custom signatures enable the Security Operations and Cloud teams to reduce risk, audit, and compliance validation efforts, displacing manual efforts and saving the organization significant labor cost. ESP triggers customer-defined alerting workflows when any negative security change is applied to the environment, whether it is done intentionally, accidentally, or by malicious attackers. This enables them to protect their environments proactively by triggering automated remediation workflows and launching incident response actions through ESP’s sophisticated API and a real-time security engine.

Learn more

To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and uncover vulnerabilities in your environment and alert security teams of configuration changes and policy violation and provide a path to remediation.

You can try ESP free for 14 days and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.

About this ESP @ Work Blog Series

ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.
Read more Customer Success Stories here.

The post ESP @ Work: Global Airline improves safety, operational reliability & customer services with Security in the Cloud appeared first on Cloud Sentry Blog.

]]>
../esp-at-work-global-airline-security-cloud/feed/ 0
Cloud Security This Week – September 15, 2017 ../cloud-security-this-week-09152017/ ../cloud-security-this-week-09152017/#respond Fri, 15 Sep 2017 18:03:55 +0000 ../?p=1908 The impact of the Equifax breach started to sink in among the 143 million people who were affected, and ElasticSearch servers got hit with PoS malware. All in all, not a great week for…well, for anyone who has a credit card, email account, or any other personal information that’s been transacted or stored digitally. So... Read more »

The post Cloud Security This Week – September 15, 2017 appeared first on Cloud Sentry Blog.

]]>

The impact of the Equifax breach started to sink in among the 143 million people who were affected, and ElasticSearch servers got hit with PoS malware. All in all, not a great week for…well, for anyone who has a credit card, email account, or any other personal information that’s been transacted or stored digitally. So yeah, pretty much everyone.

So, while the news doesn’t seem to be getting any better, we are trying to provide some hope. In addition to the bad news, listed below are guides to help you prevent your name making headlines. We’ll be following these stories, and others as they pop up in the coming weeks, but in the meantime, here’s our rundown of another interesting week in the world of cloud security:

New from Evident.io
What Security Pros Want From Equifax
Equifax has already differentiated themselves with the sheer magnitude of this thing, but they also have an opportunity to stand out by how they fix this. Here’s how.

ESP @ Work: Transforming a Consumer Goods Company with Security in the Cloud
This $1.7 billion consumer goods company relies on the cloud for their IT infrastructure. As they continue to grow and evolve, they use Evident Security Platform (ESP) to give them control over their security posture.

15,000 Servers With No Authentication; 4,000 Infected with PoS Malware. An ElasticSearch Malware Disaster.
This is why we can’t have nice things.

How to Choose a Cloud Security and Compliance Platform
Cloud security is different. Here’s a quick, visual guide to help you find the right partner to protect your cloud environment.

News and Perspectives on Cloud Security
Cloud Security Hype Fails to Match Deployments
Technologies like software-defined perimeter and key management as-a-service generate enthusiasm but will take years to reach mainstream adoption.

Admin Accounts With No Passwords at the Heart of Recent MongoDB Ransom Attacks
I’m trying to act more like an adult, but all I can say is, “duh.”

Ayuda! (Help!) Equifax Has My Data!
Krebs provides a great back story on this huge breach. This quote is just too irresistible: “To me, this is just negligence. In this case, their approach to security was just abysmal, and it’s hard to believe the rest of their operations are much better.”

Apple’s Data-Mining Privacy Protections Fall Short, Study Finds
Apple had a big week – iPhone X, iPhone 8, Apple Watch Series 3, 4k Apple TV. Then this happened. Will anyone pay attention?

The post Cloud Security This Week – September 15, 2017 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-09152017/feed/ 0
15,000 Servers With No Authentication; 4,000 Infected with PoS Malware. An ElasticSearch Malware Disaster. ../elasticsearch-malware-aws/ ../elasticsearch-malware-aws/#respond Wed, 13 Sep 2017 18:08:32 +0000 ../?p=1884 It’s being reported that more than 4,000 ElasticSearch servers are currently infected with, and actively hosting Point of Sale (PoS) malware strains. Current estimates are that approximately 99% of those infected servers are hosted on AWS. Apparently, these servers lacked authentication controls which allowed hackers to access and manage these servers remotely. This was part... Read more »

The post 15,000 Servers With No Authentication; 4,000 Infected with PoS Malware. An ElasticSearch Malware Disaster. appeared first on Cloud Sentry Blog.

]]>

It’s being reported that more than 4,000 ElasticSearch servers are currently infected with, and actively hosting Point of Sale (PoS) malware strains. Current estimates are that approximately 99% of those infected servers are hosted on AWS.

Apparently, these servers lacked authentication controls which allowed hackers to access and manage these servers remotely. This was part of an effort by Kromtech to review accessibility and protection for ElasticSearch servers. That review uncovered more than 15,000 of the open source servers that had no authentication or password protection. Of that group, 4,000 appeared to have PoS malware, which included two popular strains, AlinaPOS and JackPOS, that have been traded and sold among hackers in online forums.

Authentication controls and passwords are mandatory for secure organizations. Again, we find that enterprises are either incorrectly presuming that AWS handles security of their resources (it does not, by the way; AWS adheres to the shared responsibility model, whereby they are responsible for security of AWS and the customer is responsible for everything IN AWS), or they simply have not yet done the work required to secure their environment.

Learn how to apply continuous security and compliance for your AWS environment with Evident Security Platform.

The post 15,000 Servers With No Authentication; 4,000 Infected with PoS Malware. An ElasticSearch Malware Disaster. appeared first on Cloud Sentry Blog.

]]>
../elasticsearch-malware-aws/feed/ 0
What Security Pros Want From Equifax ../security-pros-want-equifax/ ../security-pros-want-equifax/#respond Tue, 12 Sep 2017 16:55:42 +0000 ../?p=1881 In the aftermath of the massive Equifax breach, consumers are scrambling to know if they were affected, the degree to which they were affected, and what to do now. In an attempt to buy time while things get sorted out, and to ease the minds of consumers, Equifax is providing free credit file monitoring and... Read more »

The post What Security Pros Want From Equifax appeared first on Cloud Sentry Blog.

]]>

In the aftermath of the massive Equifax breach, consumers are scrambling to know if they were affected, the degree to which they were affected, and what to do now.

In an attempt to buy time while things get sorted out, and to ease the minds of consumers, Equifax is providing free credit file monitoring and identity theft protection to all U.S. consumers. Beyond that, there’s little coming from the company, which only contributes to the frustration of customers, and adds to an already existing air of suspicion around the company and their practices.

Not that Equifax is hiding anything, but there could be more support and transparency coming from them. After all, this affects 143 million people. That’s like the entire state of Delaware, but 151 times. There’s no getting around the fact that this was a breach of epic proportions, but it’s not the first time this has happened, and it most certainly won’t be the last.

Equifax has already differentiated themselves with the sheer magnitude of this thing, but they also have an opportunity to stand out by how they fix this. To do that takes courage and Equifax’ intent must be genuine. But to recover means doing hard things that will rebuild trust among customers, partners, and other stakeholders. Without that, Equifax will become a business school case study, but we have faith that they can do better.

Whether or not you care about the future of Equifax, we suggest these steps in their road to fixing this:

  • Admission of guilt: Apparently Equifax became aware of the breach on June 29, yet news to the public didn’t surface until September 7. It is fully understandable that before you go public with this kind of sensitive news, you want to ensure you’ve remediated any security issues and created a secure environment for your users and data. In some ways, you’re now more a target than ever, and a judicious approach makes sense. But five weeks to alert users? That just can’t happen; it’s sort of like “Dad’s Rule”: if you screwed up, don’t lie about it, because your dad will find out anyway, and the lying about the screw up will make the punishment for the screw up even worse. Equifax must explain why the delay, and assure customers that they will be more communicative and forthcoming in the future.
  • Complete Review: Like all organizations, Equifax has to have an automated incident response plan for security issues. They likely have something, but it clearly didn’t work in this case; one has to wonder how files for 143 million people were accessed without being noticed. The company needs to completely review their processes and report to stakeholders how safeguards will be put in place to minimize damage in the future. Every organization should be regularly reviewing these processes and making improvements where necessary, but this now has to become religion at Equifax. This is about more than a culture of security; this has to become a mindset of “security first, security always.”
  • Fix-It Plan: Equifax has to deliver a message that instills faith in their stakeholders. They can’t tell us the specifics of the security controls they’re going to apply to their cloud layers, but they can provide details on their security plans and what they hope to achieve. This is an opportunity to educate consumers and partners so know what to look out for on their end. It gives Equifax a chance to explain what proper ID, network, and other types of security is and how they address it. Right now, the company doesn’t look like it has a plan; it just looks like a big company that screwed up, got caught, admitted it, and is now grasping at straws. But these are smart people at Equifax, and they owe it to their stakeholder community to explain how this will be fixed.
  • Ecosystem Validation: It’s hard to imagine how many mortgage and title companies, specialized loan operators, banks, credit issuers, and other financial institutions are getting some backdraft as a result of edgy customers not wanting their information to touch Equifax. Smart financial companies are finding ways to unburden themselves of being beholden to Equifax, but it’s not that simple. There are partnership deals that are legally binding, and to unravel the legal language to determine fault could take years. It’s time for Equifax to do the right thing: offer their institutional customers an alternative form of credit reporting (possibly a temporary “out” of their current agreements), or provide some sort of insurance that protects consumers. Any measures taken in this regard will hurt financially, but without this, the entire Equifax ecosystem is tainted.

A modest proposal? No, this is much more stark than that, but the entire country is already on edge. Equifax is not responsible for restoring consumers’ faith in “the system”, but they do owe it to their constituents to act honorably and with good business sense. While a campaign of trust building kicks off, so too must their efforts to ensure continuous monitoring so this kind of thing never happens again. And it serves as a cautionary tale to all over companies. Protect, monitor, fix immediately, and avoid, as best you can, the overwhelming mess that a security breach can cause.

The post What Security Pros Want From Equifax appeared first on Cloud Sentry Blog.

]]>
../security-pros-want-equifax/feed/ 0
ESP @ Work: Transforming a Consumer Goods Company with Security in the Cloud ../esp-at-work-transforming-consumer-goods-company-security-cloud/ ../esp-at-work-transforming-consumer-goods-company-security-cloud/#respond Mon, 11 Sep 2017 21:04:22 +0000 ../?p=1875 “We want to strive to be a technology company, not just a [household products] company” – Director of DevOps at The Consumer Goods Company. Customer Profile American consumer goods company that emphasizes non-toxic household products to supply the marketplace for ethical consumerism. As a brand, they aim for savvy style, sustainability and extraordinary service and... Read more »

The post ESP @ Work: Transforming a Consumer Goods Company with Security in the Cloud appeared first on Cloud Sentry Blog.

]]>

“We want to strive to be a technology company, not just a [household products] company” – Director of DevOps at The Consumer Goods Company.

Customer Profile

American consumer goods company that emphasizes non-toxic household products to supply the marketplace for ethical consumerism. As a brand, they aim for savvy style, sustainability and extraordinary service and convenience with a passion for social goodness. Recently valued at $1.7 billion.

Problem

As the their AWS implementation and team matured, the Consumer Goods Company began looking for tools that could help them get to the next level. One area of focus was maturing their security processes. They reached a point where their environments were built well and teams were in place, and realized they need the proper tools to make their teams successful.

Solution

What really drew them to Evident Security Platform (ESP) particularly was the ability to customize the control checks, alerts, suppressions and integrations. The Consumer Goods Company sees a lot of potential in being able to create their own control checks both inclusive of security as well as outside of the box. The DevOps team loved ESP’s passive data collection approach and the fact that ESP is agentless and can provide alerts and integrations that help them be secure without getting in their way. Their DevOps team was extremely supportive of the move to use ESP.

Results

ESP helped the Consumer Goods Company fulfill their part of the AWS shared services model and achieve compliance with CIS AWS Security best practices, by automating the exposure and remediation of vulnerabilities in AWS. ESP also offered the flexibility to develop custom signatures to be alerted on Consumer Goods Company specific risks.

Learn More

To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and uncover vulnerabilities in your environment and alert security teams of configuration changes and policy violation and provide a path to remediation.

You can try ESP free for 14 days  and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.

About this ESP @ Work Blog Series

ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.

The post ESP @ Work: Transforming a Consumer Goods Company with Security in the Cloud appeared first on Cloud Sentry Blog.

]]>
../esp-at-work-transforming-consumer-goods-company-security-cloud/feed/ 0
Unofficial End of Summer Brings Bevy of Cloud Breaches ../groundhog-day-cloud-breaches/ ../groundhog-day-cloud-breaches/#respond Thu, 07 Sep 2017 18:26:25 +0000 ../?p=1869 It’s beginning to feel a lot like Groundhog Day when it comes to data breaches in the cloud. Groundhog Day wasn’t one of my favorite movies. If you haven’t seen it, it’s a 1993 movie starring Bill Murray who plays a weatherman who is sent to cover the weather forecasting groundhog only to discover that... Read more »

The post Unofficial End of Summer Brings Bevy of Cloud Breaches appeared first on Cloud Sentry Blog.

]]>

It’s beginning to feel a lot like Groundhog Day when it comes to data breaches in the cloud.

Groundhog Day wasn’t one of my favorite movies. If you haven’t seen it, it’s a 1993 movie starring Bill Murray who plays a weatherman who is sent to cover the weather forecasting groundhog only to discover that he is living Groundhog Day over and over and doing the same thing every day.

It’s beginning to feel a lot like Groundhog Day when it comes to data breaches in the cloud.

News broke over the holiday weekend (and it was most certainly not a slow news weekend), and it must have been a bad news weekend for many members of the military and intelligence agencies.

According to numerous news reports, the data on thousands on military and intelligence personnel were allegedly available for public access via unsecured AWS S3 bucket. A story in The HillThousands of military contractor files allegedly left online, unsecure explains that the files included personal contact information, such as addresses, phone numbers and private email addresses.

 “Chris Vickery, a researcher at security firm Upguard, said he discovered the unsecured set of resumes on a public-facing Amazon cloud server in July that was not protected by any form of login. Typically, this is the result of misconfigured security settings,” Joe Uchill of The Hill wrote.

The files are reportedly job applications filed to a North Carolina-based security firm TigerSwan. According to TigerSwan, the breach occurred with work it had contracted through a recruitment firm TalentPen.

According to reporting in The Hill story, the entire ordeal is a great example of the risks of both relying on third-parties to secure sensitive data as well as leaving cloud storage unchecked:

When Upguard contacted TigerSwan in July, TigerSwan said it believed Upguard was in error since TigerSwan does not store resumes on the Amazon cloud and since it believed TalentPen had both encrypted and deleted its copies. 

At the end of August, Upguard contacted Amazon, which had TalentPen remove the files, but did not reveal to Upguard that TalentPen was the customer. TigerSwan claims TalentPen never notified them, either.

“TalentPen never notified us of their negligence with the resume files nor that they only recently removed the files,” TigerSwan said in a statement.

TigerSwan said it was unaware that TalentPen had made the error until The Hill contacted them for a story earlier this week and raised the possibility that a recruiter had left the files online. Until then, TigerSwan argued the files were not theirs. 

“It was only when we reached out to [TalentPen] with the information on August 31st did they acknowledge their actions,” TigerSwan said in their statement. 

While that is certainly bad enough, it unfortunately the only big breach heading into the holiday weekend. On Friday, it was reported by MacKeeper Security Research Center that a cloud breach made some personal information pertaining to millions of Time Warner Cable customers publicly accessible.

This data breach was reportedly made possible by – you guessed it – a storage repository that was not properly configured and therefore anyone who knew how to look to access those data. “It is most likely that they were forgotten by engineers and never closed the public configuration. This would allow anyone with an internet connection to access extremely sensitive documents. Not only could they access the documents but any “Authenticated Users” could have downloaded the data from the URL or using other applications. With no security in place just a simple anonymous login would work,” Bob Diachenko wrote in their post.

Additionally, according to MacKeeper, the cloud storage held a considerable amount of sensitive information and would take weeks to go through the data.

All of these stories ring familiar, as we covered similar events happening to Verizon and Dow Jones in Their Own Worst Enemy or earlier this year when we covered a string of data breaches involving poorly configured databases in Hadoop, CouchDB Users Latest Attack Targets.

Let’s face it, much like Bill Murray in 1993’s Groundhog Day, if organizations don’t get a handle on keeping their cloud deployments secure we’re going to continue to be writing and reading about such breaches next year, and the next year, and the year after that and we’re all going to know exactly how it feels to repeat the same day over and over. My guess is we won’t find it any more fun than Bill Murray’s lead character did.

The post Unofficial End of Summer Brings Bevy of Cloud Breaches appeared first on Cloud Sentry Blog.

]]>
../groundhog-day-cloud-breaches/feed/ 0
ESP @ Work: Security for DevOps Agility at a Global Staffing Solutions Company ../esp-at-work-security-devops-agility-global-staffing-solutions-company/ ../esp-at-work-security-devops-agility-global-staffing-solutions-company/#respond Wed, 06 Sep 2017 21:23:25 +0000 ../?p=1863 “Most breaches are caused by human error – Pressure from delivery time, outcome, client demand are factors that make people care more about speed than comprehensive security. The more you can do through automation using ESP, the more time you have to focus on the hard stuff.” – CISO at Global Staffing Solutions Company Global... Read more »

The post ESP @ Work: Security for DevOps Agility at a Global Staffing Solutions Company appeared first on Cloud Sentry Blog.

]]>

“Most breaches are caused by human error – Pressure from delivery time, outcome, client demand are factors that make people care more about speed than comprehensive security. The more you can do through automation using ESP, the more time you have to focus on the hard stuff.” – CISO at Global Staffing Solutions Company

Global Staffing Solutions Company achieves Cloud Infrastructure Security for DevOps Agility

Overview

The CISO of a Global Staffing Solutions Company partners with Evident.io to provide DevOps Agility with ESP gaining visibility of their AWS infrastructure and automating alerting and remediation.

Customer Profile

The world’s first and largest specialized staffing firm, providing skilled professionals in the fields of accounting and finance, technology, legal, creative, marketing, and administration with more than 400 consulting and staffing locations worldwide.

Problem

The promise of DevOps agility enabled by the Cloud was the impetus behind Global Staffing Solutions Company’s rapid migration to AWS infrastructure. However, as Global Staffing Solutions Company made the shift from traditional development strategies to continuous deployment, they were encountering some growing pains related to application and infrastructure security. Their migration to the cloud was being slowed down by the lack of view and visibility that the security team had into the cloud infrastructure.

Solution

Global Staffing Solutions Company partnered with Evident.io to integrate key practices and technology, ESP, to produce more secure software and support faster fixes to security problems while increasing visibility for the Global Security team. The Evident Security Platform (ESP) provided security for what Global Staffing Solutions Company put “in” the cloud by consuming all of Amazon’s APIs. ESP can alert them of configuration changes and policy violation and provides a path to remediation; Continuous monitoring and alerting. ESP also offered the flexibility to develop custom signatures to be alerted on Global Staffing Solutions Company’s specific risks.

Results

Evident.io helped Global Staffing Solutions Company accelerate and enable rapid migration to the cloud and mature their DevSecOps initiative. The Evident Security Platform’s ease of integration and open, flexible architecture enables the team to adapt as changes are made within their AWS environment by removing the heavy lift of manual audits or the need to build and manage their own suite of scripts. With ESP, Global Staffing Solutions Company is able to proactively protect their environments by triggering automated remediation workflows and launching incident response actions through a sophisticated API and a real-time security engine.

The Global Staffing Solutions Company quickly regained control of their AWS infrastructure using ESP and the benefits it provided:

  •      Lightning fast implementation without integration overhead or dedicated computing resources     
  •      Agentless, non-intrusive operation across multiple AWS accounts
  •      Actionable results within minutes and guided remediation to quickly mitigate risk

“Evident has provided value from the very first day we deployed it.” the CISO concluded “ESP’s ability to create reports help us to prove compliance with both internal and external security requirements. The Evident Security Platform reports have become key customer facing documents used by our own sales force when positioning our own IT Professional Staffing Solution. It is strong, third party validation of the high level of security we have achieved while running on Amazon Web Services.”

Learn more

To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and uncover vulnerabilities in your environment and alert security teams of configuration changes and policy violation and provide a path to remediation.

You can try ESP free for 14 days and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.

About this ESP @ Work Blog Series

ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.

Read more Customer Success Stories here.

The post ESP @ Work: Security for DevOps Agility at a Global Staffing Solutions Company appeared first on Cloud Sentry Blog.

]]>
../esp-at-work-security-devops-agility-global-staffing-solutions-company/feed/ 0
Cloud Security This Week – September 1, 2017 ../cloud-security-this-week-09012017/ ../cloud-security-this-week-09012017/#respond Fri, 01 Sep 2017 20:16:11 +0000 ../?p=1857 It’s never dull for those trying to keep the cloud safe from harm, but this was a relatively quiet week for cloud security news. Here at Evident.io, we continued to use our platform to instruct with a primer on getting “cloud fit”, a deep dive into automating incident response, and an example of a global... Read more »

The post Cloud Security This Week – September 1, 2017 appeared first on Cloud Sentry Blog.

]]>

It’s never dull for those trying to keep the cloud safe from harm, but this was a relatively quiet week for cloud security news. Here at Evident.io, we continued to use our platform to instruct with a primer on getting “cloud fit”, a deep dive into automating incident response, and an example of a global financial services company who is doing cloud security monitoring right.

New from Evident.io
ESP @ Work – Securely Migrating a Multinational Financial Services Corporation to the Cloud: One of our customers is a multinational financial services company that is using Evident Security Platform (ESP) to reduce risk, and to improve audits and compliance validation specific to their compliance and business risk requirements.

Cloud Security and Automated Incident Response: The keys to incident response are speed and process and automation is critical for those things to happen.

Post-Webinar Recap – CloudFit Q&A with Coach Marco Genovese: Last week’s webinar on getting cloudfit was our biggest one yet. Coach Marco breaks down the 11 things you need to do to be cloudfit. This is his recap.

News and Perspectives on Cloud Security
Restrict access to AWS region endpoints for cost savings, security: Enterprises use multiple AWS regions for disaster recovery, but that practice can increase cloud costs and vulnerabilities. This piece explains how to manage access to regions to maintain control.

VMware Cloud is now live on AWS — and IT pros just did a little happy dance: Companies can now move to AWS and run VMWare virtual machines in the public cloud. A big step forward, but one that requires even more rigorous security monitoring.

Dallas CIO Prepares for Influx of Harvey Evacuees: A profile of the CIO of the City of Dallas, William Finch, and the efforts of his team to support evacuees from Houston who have been affected by Hurricane Harvey.

What Being a Female Hacker Is Really Like: I never thought I’d link to TeenVogue, but this piece provides some perspective on how to improve the market for cybersecurity experts.

The Outside-In Approach to Data Security in the Modern Enterprise: Good perspective, but nothing new for those who are heeding our advice to be cloudfit.

The post Cloud Security This Week – September 1, 2017 appeared first on Cloud Sentry Blog.

]]>
../cloud-security-this-week-09012017/feed/ 0
Post-Webinar Recap: CloudFit Q&A with Coach Marco Genovese ../post-webinar-recap-cloudfit-qa-coach-marco-genovese/ ../post-webinar-recap-cloudfit-qa-coach-marco-genovese/#respond Wed, 30 Aug 2017 02:17:53 +0000 ../?p=1849 Like anything that requires strength and skill, cloud security takes focus, discipline, and a keen understanding of the actions that get you the best results. We recently hosted a webinar bootcamp reviewing the top eleven AWS best practices to get CloudFit. Many of the best activities we reviewed are very easy to implement, but often... Read more »

The post Post-Webinar Recap: CloudFit Q&A with Coach Marco Genovese appeared first on Cloud Sentry Blog.

]]>

Like anything that requires strength and skill, cloud security takes focus, discipline, and a keen understanding of the actions that get you the best results. We recently hosted a webinar bootcamp reviewing the top eleven AWS best practices to get CloudFit. Many of the best activities we reviewed are very easy to implement, but often ignored which creates problems when hackers discover your vulnerabilities.

We had a great discussion and wanted to provide a post-webinar recap of some of the questions from our audience that we ran out of time to answer. In this blog, Marco Genovese, Solutions Architect at Evident.io will answer those questions and coach us through how these security practices are designed to improve your cloud’s overall security and fitness in the shortest time possible.

Q: “Regarding MFA, I agree the password complexity is not the right solution, the MFA solution is better, but for our CIS Benchmark we are required to have complex password that expire, how should be go about handling the CIS compliancy then?”

[Marco Genovese] You’re correct, password complexity is not the right solution, not even when it comes to compliance standards. Even in the CIS Amazon Web Services Foundations Benchmark v1.1.0 – 11-09-2016 they recommend using MFA vs. password complexity as well. Frequently changing passwords can cause people to write them down or forget them and cause negative productivity impact – time wasted requesting passwords and reissuing access. Using MFA allows for security and usability at the same time without interruptions.

Q: “In the example where an EC2 instance has access to an S3 bucket, what are the guidelines for which tool to use for S3 bucket/object policies vs IAM roles?”

[Marco Genovese]  Imagine if a policy with administrative privilege was attached. The result could have been significant damage caused, not just on the intended S3 bucket, but on all AWS Services and Resources. With this in mind, what’s an example of a strong policy? Let’s go back to the example application above. Perhaps all our application really needs, is to make the following calls: S3 GetObject, S3 PutObject, SQS ReceiveMessage, SQS SendMessage, SNS Publish. That’s only five service API calls, or five actions in IAM Policy document language. Let’s say we were given the ARNs of the Bucket, SQS Queue and SNS Topic that are the intended resources. We can now use the awesome “AWS Policy Generator” tool to create a policy document that can be applied to the IAM Role that is associated with our application’s EC2 instance.

Q: “Regarding Rotating Keys: Using Evident.io’s ESP showed us that we had issues with Key Rotation so we set up a script that will now “Auto-Delete” keys that are over 90 days old. This is in our sandbox environment and users are informed when they sign up for account.”

[Marco Genovese] This is great for a couple of reasons! One, this example proves that visibility is key to understanding your security posture. With so many people accessing and making changes within your cloud, it can be hard to operate securely without locking it tight which can really slow things down. We love to see our customers’ confidence grow as they implement and customize the ESP signatures. Following this best practice enables them to provide their teams with more trust and autonomy to get things done fast. And two, this is exactly how you should operate to keep track of rotating API access keys within your teams and with third-party vendors. Communication is key to the success of any organization especially when it comes to security.

Q: “Regarding S3 Bucket Policies: Can Evident.io ESP help identify EC2 specific misconfigurations and/or missing vulnerability patches or do we need a 3rd-party tool for this?”

[Marco Genovese] Evident.io ESP can help with EC2 misconfigurations; for example, if an EC2 instance IAM role is not enabled or an EC2 instance does not appear to be redundant. Evident can also tell you if you are nearing limits of on-demand EC2 instance. We can also let you know if a POODLE vulnerability or the likes was discovered in your infrastructure. That being said, Evident.io ESP does not have access into the host layer for security reasons and cannot check for file patch levels at the OS level.

Q: “Regarding Logging and Encryption: One of the challenges with logging is information overload, what are some best practices for simplifying visibility? Can CloudTrail logs be fed into the Evident.io ESP?”

[Marco Genovese] Yes, CloudTrail logs can be fed into ESP. We have several out-of-the-box signatures that simplify logging and increase visibility with CloudTrail and CloudWatch integration. In addition to capturing CloudTrail logs within a specified S3 bucket for long term analysis, real time analysis can be performed by configuring CloudTrail to send logs to CloudWatch Logs. For example, an ESP trail that is enabled in all regions in an account, CloudTrail sends log files from all those regions to a CloudWatch Logs log group. The intent of this signature is to ensure AWS account activity is being captured, monitored, and appropriately alarmed on. CloudWatch Logs are a native way to accomplish this using AWS services but does not preclude the use of an alternate solution. Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user, API, resource, and IP address, and provides opportunity to establish alarms and notifications for anomalous or sensitive account activity. This is where our user attribution capability comes in. When a misconfiguration or vulnerability is detected ESP is able to provide you with a near-real-time snapshot of who did what, when and from where down to IP address. ESP’s User Attribution feature helps to quickly identify whether you are dealing with an internal vs external threat. And good news, AWS recently announced that the new default setting for CloudTrail is on!

Q: Lastly, we had a couple of questions regarding which compliance standards that ESP supports.

[Marco Genovese] Simply put, ESP comes with the CIS AWS Foundations Benchmark out of the box for free. Our standards for HIPAA, PCI, SOC 2, ISO, NIST 800-53 and NIST 800-171 are additional modules that can be activated inside your account once you are a customer.

To find out more about how our technology can help you and your team strengthen your AWS security best practices and get CloudFit, visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and reveal vulnerabilities and alert your team to configuration changes and policy violation and provide a path to remediation.

The post Post-Webinar Recap: CloudFit Q&A with Coach Marco Genovese appeared first on Cloud Sentry Blog.

]]>
../post-webinar-recap-cloudfit-qa-coach-marco-genovese/feed/ 0