cloud resources • Be careful in IAM • Encrypt your data • Use CSPM tools • Secure your endpoints • Enable logging & monitoring & alerting • Use threat intelligence solutions • Prepare a vulnerability management plan • Train your staff • Prepare an incident response plan OVERVIEW
data is our data. •Minimizing attack surface. •Avoiding Accidental Exposure (your config files, credentials, PII files etc.). •Cloud providers are more solution-oriented for this: •S3 private by default.
•Use VPN restrictions for your cloud resources. •Do not use open ports for your management. •Do not use publicly accessible admin panels or internal services. •Review your cloud resources regularly for accidental public operations.
Leaked 6.5TB of Data in AWS S3 Bucket Mess Up • more than 3 million sensitive flight data files, including flight charts/revisions, pre-flight checks-related issues’ details • more than 1.6 million files contained the airline crew’s PII
exposed S3 bucket enables attackers to inject malicious code • TaskRouter JS SDK Security Incident • not properly configured the access policy for one of AWS S3 buckets
key for cloud resources. •Always follow the “at least privilege principle” •Always start with deny. •Use conditions for restrictions. •Do not hardcode any IAM credentials (AWS access key, secret key..)
•Always enable MFA. •Use temporary credentials for access (roles, policies, session tokens.) •Regularly review your IAM components. •Use automation for controls and denies.
need to be careful about our external endpoints. •Always think about using internal services first. •Open ports •Scan endpoints continuously, and ensure systems can analyze and respond to anomalous behavior. •Patching regularly.
that could be an anomaly for your system. •Incident Detection. •Performance Monitoring: Helps in monitoring system performance and can alert to anomalies that might signify a security issue, such as a denial-of-service attack.
the event of a breach, logs are essential for understanding what happened. •User Behavior Analytics: Normal user or account breaching. •Compliance: Meets regulatory and compliance requirements