Cloud Security

🚨CISA & NSA release Crucial Guide on Network Segmentation and Encryption in Cloud Environments🚨 In response to the evolving requirements of cloud security, the Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a comprehensive Cybersecurity Information Sheet (CSI): "Implement Network Segmentation and Encryption in Cloud Environments." This document provides detailed recommendations to enhance the security posture of organizations operating within cloud infrastructures (that probably means you). Key Takeaways Include: 🔐 Network Encryption: The document underscores the importance of encrypting data in transit as a defense mechanism against unauthorized data access. 🌐 Secure Client Connections: Establishing secure connections to cloud services is fundamental. 🔎 Caution on Traffic Mirroring: While recognizing the benefits of traffic mirroring for network analysis and threat detection, the guidance cautions against potential misuse that could lead to data exfiltration and advises careful monitoring of this feature. 🛡️ Network Segmentation: Stressed as a foundational security principle, network segmentation is recommended to isolate and contain malicious activities, thereby reducing the impact of any breach. This collaboration between NSA and CISA provides actionable recommendations for organizations to strengthen their cloud security practices. The emphasis is on strategically implementing network segmentation and end-to-end encryption to secure cloud environments effectively. Information security leaders are encouraged to review this guidance to understand better the measures necessary to protect cloud-based assets. Implementing these recommendations will contribute to a more secure, resilient, and compliant cloud infrastructure. Access the complete guidance provided by the NSA and CISA to fully understand these recommendations and their application to your organization’s cloud security strategy. 📚 Read CISA & NSA's complete guidance here: https://lnkd.in/eeVXqMSv #cloudcomputing #technology #informationsecurity #innovation #cybersecurity

Key Secrets for Multicloud Success From “An Insider’s Guide to Cloud Computing” With voiceover and commentary by the author. Now that we understand the challenges of deploying and operating a multicloud, and some of the approaches that will likely overcome these challenges, let’s dig deeper into specific approaches to a multicloud deployment that will optimize its use. The goal is to leverage a multicloud deployment using approaches and technologies that minimize risk and cost and maximize the return of value back to the business. Everyone will eventually move to a multicloud deployment, and most have no idea how to do this in an optimized way. In other words, the deployment won’t be successful. Again, the concepts presented in this chapter are perhaps the most important in this book. Applied correctly, they will lead to successful multicloud deployments. Remember that most enterprises won’t increase their operations budget to support a multicloud. The key themes are to not replicate operational services for each cloud provider, which is the way teams typically approach multicloud today. That architecture won’t scale, and you will just make the complexity worse. Eventually, you’ll run into complexity issues such as security misconfigurations that lead to breaches or outages due to systems that aren’t proactively monitored. If these issues go unresolved, chances are good that your multicloud deployment will be considered a failure in the eyes of the business, or more trouble than the cost to deploy it. So, do not replicate operational processes such as security, operations, data integration, governance, and other systems within each cloud. This replication creates excess complexity. Here are some additional basic tenets to follow: Consolidate operationally oriented services so they work across clouds, not within a single cloud. This usually includes operations, security, and governance that you want to span all clouds in your multicloud deployment. Because it can include anything a multicloud leverages, it works across all clouds within a multicloud deployment. Leverage technologies and architectures that support abstraction and automation. This removes most of the complexity by abstracting native cloud resources and services to view and manage those services via common mechanisms. For instance, there should be one way to view cloud storage that could map down to 20–25 different native instances of cloud storage. Because humans do not need to deal with differences in native cross-cloud operations (security, governance, and so on), abstraction and automation avoid excess complexity. Isolate volatility to accommodate growth and changes, such as adding and removing public cloud providers, or adding and removing specific services. When possible, place volatility into a configurable domain (see Figure 6-10) where major or minor clouds and cloud services can be added or …

NSA Releases Top Ten Cloud Security Mitigation Strategies “Unfortunately, the aggregation of critical data makes cloud services an attractive target for adversaries.  This series provides foundational advice every cloud customer should follow to ensure they don’t become a victim.” ~ Rob Joyce, NSA’s Director of Cybersecurity The ten strategies are covered in the following reports 1. Uphold the cloud shared responsibility model 2. Use secure cloud identity and access management practices 3. Use secure cloud key management practices 4. Implement network segmentation and encryption in cloud environments 5. Secure data in the cloud 6. Defending continuous integration/continuous delivery environments 7. Enforce secure automated deployment practices through infrastructure as code 8. Account for complexities introduced by hybrid cloud and multi-cloud environments 9. Mitigate risks from managed service providers in cloud environments 10. Manage cloud logs for effective threat hunting Full article with each strategy report in the comment 👇🏾 #cybersecurity #cloudsecurity #cloudsec

Cloud Security Posture Management: The Key to Preventing Cloud Breaches Cloud Security Posture Management (CSPM) is a critical security practice for organizations that use cloud computing. CSPM tools help organizations identify and remediate cloud misconfigurations, which are one of the leading causes of cloud security breaches. CSPM also helps organizations enforce compliance with industry regulations and standards. CSPM can help organizations to: 🎯Identify and remediate misconfigurations 🎯Mitigate risk 🎯Continuously improve security posture 🎯Save time and money 🎯Give executives visibility into security posture Let's look into some of the explanations why CSPM holds so much importance within the organization: ✅Visibility and control: CSPM tools provide organizations with visibility into their cloud environments, including the configuration of cloud resources, the permissions of users and groups, and the traffic flowing through the environment. ✅Risk mitigation: CSPM helps organizations mitigate risk by identifying and remediating misconfigurations before they can be exploited by attackers. ✅Compliance enforcement: CSPM tools can help organizations enforce compliance with industry regulations and standards by automatically scanning cloud environments for deviations from approved configurations. ✅Real-time monitoring: CSPM tools provide real-time monitoring of cloud environments, allowing organizations to detect and respond to misconfigurations and vulnerabilities quickly. ✅Multi-cloud support: CSPM tools can be used to manage security across multiple cloud providers, which can help organizations to reduce the complexity of managing security in a multi-cloud environment. ✅Threat detection: CSPM tools can be used to detect suspicious activity in cloud environments, which can help organizations to identify and respond to potential security threats. ✅Continuous improvement: CSPM can help organizations to continuously improve their security posture by identifying and remediating recurring misconfigurations and vulnerabilities. This can help organizations to reduce their risk of future security incidents. ✅Efficiency and productivity: CSPM can help organizations to save time and money by automating security tasks. This can free up security teams to focus on more strategic initiatives. ✅Executive visibility: CSPM tools can provide reports and dashboards that give executives visibility into the security posture of cloud environments. To learn more about CSPM and how it can help you to ensure cloud compliance, please visit our website or contact us today. ♻️Repost if you find it valuable! 🔔Follow for more insights on cloud computing! #cloudcomputing #devops #devsecops

Mandiant (now part of Google Cloud) just released our annual security report - M-Trends 2024. The report summarizes the trends we observed in our breach investigations throughout 2023. There are so many gems throughout the report. Here are a few of the observations that stood out to me: 1️⃣ Espionage actors are increasingly exploiting 0-day vulnerabilities and deploying custom malware on edge devices (firewalls, VPNs, and security appliances) and other systems like VMware hypervisors that don’t commonly support EDR solutions. ☣️ Most of these systems are closed and require significant effort to examine for evidence of compromise. They often require the vendor to acquire forensic data from it (not every vendor will do this). ☣️ Some vendors have created file integrity checking solutions to help organizations identify when devices have been compromised. ☣️ As an community, we have a *long* way to go to address this problem. We anticipate we will continue to see espionage actors targeting these systems to obtain initial and persistent access to victim environments. 2️⃣ The median attacker dwell time (the duration between the initial compromise to detection) is 10 days. 6% of the cases we worked had a dwell time between 1-5 years. 3️⃣ The dwell time for ransomware & multifaceted extortion events was 5 days, usually because the threat actor sent an extortion communication to the victim by day 5. 4️⃣ 54% of our clients learned about the incident by a third party (law enforcement, security firm, threat actor, or media). 5️⃣ Exploitation of vulnerabilities continue to be #1 way in which threat actors gain initial access to victim environments (38% of our cases). Phishing is next (17%). 6️⃣ 15% of the incidents that we responded to last year were a result of a prior security incident that wasn’t fully remediated e.g. a backdoor wasn’t found/removed or a service account’s password wasn’t rotated. 7️⃣ Stolen credentials by infostealers accounted for 10% of the intrusions. This is an issue with both corporate assets and personal computers. ☣️ Many people occasionally access their work email from their home computers. People (or their children) sometimes install pirated software on their home computers that are laced with infostealing malware. ☣️ Threat actors are increasingly leveraging stolen credentials or cookies from home computers to access corporate environments. 8️⃣ 17% of the cases we investigated had multiple threat actors in the environment. Thanks to the hundreds of Mandiant professionals that contributed to this report and analysis! Special shout out to Kirstie F., Scott Runnels, Nick Richard, Kelli V., Adam Greenberg, Maria Pavlick-Larsen, Melanie Leboeuf, Kerry Matre, Jennifer Guzzetta, Amanda C., Adrian Sanchez Hernandez, Alexander Marvi, Alyssa Glickman, Angelus Llanos, Ashley Pearson, Austin L., Brandon Wilbur, Brendan McKeague, and so many more. Link to the report: https://lnkd.in/eSqtxgSJ

🥷🏼🕵🏼♀️🛡️ AWS has released its official Prescriptive Guidance on AWS Cloud Security Maturity. 💪🏽 This document is the result of over a year of hard work from a dedicated team of experts. It is designed to help CSOs and Architects design their cloud security strategy and measure themselves against a maturity model. 📕📊🔐 The guide walks you through a step-by-step cycle to iterate on your cloud security journey, from planning to optimizing. It collects all the key concepts for you and links you to the key AWS security resources in each area, providing multiple paths and options to fit your organization. The entire design is with AWS native tools to drive down cost and optimize integration, but there are also many strong partners you can use to replace components of this model and still follow all the same concepts. 👀 🔥 One of the most popular parts of this guidance is the Security models and the walk-through and the mature processes and tools that walk you through how to take an agile approach to tackling cloud security and what the key tool is that you should start with in each of the CAF recommended areas. You can also watch it presented at ReInforce on YouTube and download the slides. 🙏🏽 A big thank you to Sayali Paseband, Ivy Gin, Mike LaRue, Raul Radu, and Lilly AbouHarb for making this happen. If you're a security professional looking to improve your cloud security strategy, this is a must-read. 👋 I'm Chad Lorenc, sharing regular cloud security tips. Follow and hit the bell 🛎️ for valuable content! 👉🏼👉🏽👉🏿 Join SecureCloudOps for more insights! 👈🏼👈🏽👈🏿 https://lnkd.in/gigm4eyG 💨 Thank you, and godspeed on your cloud journey! #awssecurity #awscloudsecurity #awscloud #aws #cloud #cloudsecurity #cloudmanagement #security #infosec #infosecurity #cyber #itsecurity #securityprofessionals #technology #cybersecurity Check it out here: https://lnkd.in/gfxRU2mT

Scattered Spider just evolved their playbook, and it’s getting scarier. See ⬇️ . . . . Microsoft’s latest research on Octo Tempest (aka Scattered Spider) reveals a disturbing shift in their attack methodology: https://lnkd.in/eXnyABNR ; These financially motivated threat actors are no longer just cloud-first attackers but are mastering hybrid environments with devastating precision. What’s changed? Instead of their usual cloud-to-on-premises pivot, they’re flipping the script: compromising on-premises infrastructure first, then escalating to cloud resources. This hybrid approach makes detection exponentially harder. Their new arsenal includes: - Advanced social engineering targeting helpdesks with impersonation tactics - SMS-based phishing using adversary-in-the-middle domains - DragonForce ransomware specifically targets VMware ESX hypervisors Recommendations: - Test your org’s hybrid defenses. Are your MFA implementations bulletproof against sophisticated social engineering? - Do password reset protocols require thorough verification beyond easily OSINTable information like birthdays or addresses? Consider decoupling verification and authentication requests entirely from your helpdesk and routing them to a dedicated security team for thorough vetting. Implement hardened PIM/PAM with just-in-time protocols, segment Authentication Administrator roles across specific administrative units, and place high-risk users in separate administrative units with even more stringent verification requirements. This friction can differ between a quick win for attackers and a failed intrusion attempt. Beyond #OSCP — #OffensiveSecurity #InitialAccess #RedTeam Hacker Hermanos

Recently, Google Cloud, Orca Security and CrowdStrike published reports that together provide an excellent view of the state of cloud security in 2024. Reading them alongside each other paints a grim picture. However, many of the cloud threats mentioned in the report can be mitigated with effective measures that SAP uses to protect its large multi-cloud estate. For instance, the Google Cloud report showed that more than half of all security incidents analyzed in their dataset started with initial access to weak or no password protected cloud resources through public-facing SSH or RDP. That threat can be eliminated with cloud guardrails such as SAP put in place. In the article linked below I discuss the three reports, and make four recommendations you can implement on your cloud landscape that are low on cost and high on security benefit, by making the cloud platform your ally. https://lnkd.in/gB3E9M-4 This is complemented beautifully by an article co-authored by my colleague Amos Wendorff and AWS's Joachim Aumann where they go into more detail how SAP rolls out "Secure by Default" guardrails on AWS. https://lnkd.in/g5gYHkgv Those clouds have silver linings. Take advantage of the capabilities of the cloud control plane to protect against common cloud threats. #cloudsecurity #cybersecurity #sap

Are you following CloudTrail best practices? Here's a simple checklist ✅ Under the hood, AWS #SecurityHub service is looking for these best practices: ✅ [CloudTrail.1] CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events 🟠 Severity: High 📌 Why: - Helps detect unexpected activity, even in unused Regions - Ensures that #AWS global services events are logged 🔐 Remediation: - Create a new trail / update an existing trail - In Management Events, for API activity, make sure Read & Write are selected ✅ [CloudTrail.2] CloudTrail should have encryption at-rest enabled 🟤 Severity: Medium 📌 Why: - Checks whether CloudTrail is using SSE AWS #KMS key encryption - An added layer of security for sensitive log files 🔐 Remediation: - Enable server-side encryption with AWS KMS keys (SSE-KMS) for encryption at rest ✅ [CloudTrail.3] CloudTrail should be enabled 🟠 Severity: High 📌 Why: - Without visibility, you don’t have security - CloudTrail is one of the most critical AWS services to enable observability 🔐 Remediation: - Create a CloudTrail trail - Understand what’s enabled by default at account creation - Understand the difference between Management Events, Data Events, and Insights Events ✅ [CloudTrail.4] #CloudTrail log file validation should be enabled ⚪️ Severity: Low 📌Why: - Log file validation creates a digitally signed digest file with a hash of each log that CloudTrail writes to Amazon S3 - If someone deletes or changes log files, log file validation will tell you 🔐 Remediation: - Enable log file validation on all trails ✅ [CloudTrail.5] CloudTrail trails should be integrated with Amazon CloudWatch Logs ⚪️ Severity: Low 📌Why: - CloudTrail stores log files to S3, but those files aren’t actionable on their own. You need to download them and sift through or feed into another tool - Sending to CloudWatch will help with monitoring/alerting, and both near real-time & historical analysis through simple searches and Logs Insights 🔐 Remediation: - Create a Logs Group and send CloudTrail logs to #CloudWatch Logs ✅ [CloudTrail.6] Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible 🔴 Severity: Critical 📌Why: - Since CloudTrail sends log files to S3 with all sorts of API and non-API activity, that bucket will contain sensitive information 🔐 Remediation: - Ensure the S3 bucket blocks public access to the logs ✅ [CloudTrail.7] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket ⚪️ Severity: Low 📌Why: - S3 bucket access logging creates a log with access records for every request made to that S3 bucket - Those access logs contain details about the request type, the resources accessed, and date/time of the request - This can be useful for incident response and to keep an eye on your CloudTrail logs 🔐 Remediation: - Enable #S3 bucket logging ♻️ Please help share! Thanks! ♻️ #cloudsecurity

Google Cloud CISO Perspectives: 2024 Cybersecurity Forecast report, focusing on key points: **Increased AI in Cyber Attacks:** Growing use of AI by cyber attackers, requiring new defense strategies. **Shadow AI Risks:** Employees' use of consumer-grade AI tools in workplaces, creating security vulnerabilities. **Regulatory Changes:** The effect of evolving regulations like SEC rules on cybersecurity strategies. **Challenges in Identity Management:** The importance of effective identity and access management in securing environments. **Multicloud Security Concerns:** Addressing cybersecurity in complex multicloud and hybrid cloud setups. #CybersecurityTrends2024 #AIinCybersecurity #RegulatoryImpact #IdentityManagement #MulticloudSecurity For more detailed insights, you can read the full report https://lnkd.in/gqBM3M9x Talk to a Scybers expert to learn how we can help you secure your code-to-cloud journey.