Few things can boil the blood of a security professional quite like the unforced error. It is a common term used in tennis, referencing a mistake attributed to a players own failure versus the skill or effort of their opponent.
In cybersecurity, the unforced error is better known as the misconfiguration. This occurs when security settings, typically involving a server or web application, are set up improperly or left insecure.
This leaves the system vulnerable to attack and furthers the path of least resistance for the bad guys. Considering the increasing sophistication of cyber threats and the ever-expanding attack surface available to your foes, you need not be an infosec veteran to know that your adversaries require no additional help accomplishing their goals.
Webinar Demand: Automate Adversarial Testing and Response Simulations Against AWS Misconfigurations
Security misconfigurations rank No. 6 on OWASPs Top 10 Web Application Security Risks list and are commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information.
The misconfiguration risk is only rising, especially amid the rise in public cloud computing adoption, whose benefits have become especially stark during the COVID-19 crisis and the subsequent work-from-home binge. Cloud demand has risen across Amazon Web Services (AWS) which controls roughly half the market share as well as Microsoft Azure and Google Cloud Platform (GCP), through the rapid adoption of online collaboration tools and other cloud resources.
A recent survey by Check Point determined that misconfigurations are the top threat to cloud security, with three-quarters of respondents saying they are very or extremely concerned about cloud security and 68% naming misconfigurations as their biggest cloud worry. Their concerns are not unfounded.
Cloud misconfigurations were responsible for potentially exposing an estimated 33.4 billion records in 2018 and 2019, victimizing high-profile organizations and costing organizations some $5 trillion. Considering many misconfigurations go unreported, the figures are likely significantly larger. And not only are misconfigurations obvious harbingers of data exposure, they also can present the ideal foothold to launch a more complex (and potentially more devastating) attack on an organization.
This is by no means an exhaustive list, but can serve as a reliable encapsulation of agreed-upon advice among experts:
At the end of the day, the stats do not lie. Misconfigurations are inevitably going to happen, so the key will be limiting their time of exposure and reducing mean time to detect and respond (MTTD/MTTR). This can be accomplished with the help of automated remediation in concert with security orchestration, automation and response (SOAR).
For example, Check Point CloudGuard Dome9 users gain visibility, control, and compliance across all cloud assets to manage cloud security posture and detect and remediate misconfigurations from a single source of network authority. Meanwhile, the Siemplify SOAR platform integrates with CloudGuard Dome9 to enable enrichment of alerts by integrating data from other Check Point tools, such as ThreatCloud and data from third-party tools such as Azure Active Directory. This integration allows analysts to investigate alerts from CloudGuard Dome9 and implement playbooks that automate remediation from a single console, saving your team time and effort.
Learn more about remote security operations and how Siemplify can help with A Technical Guide to Remote Security Operations, or begin test driving the SOAR platform today through a free trial or by downloading the Siemplify Community Edition.
Dan Kaplan is director of content at Siemplify.
The post Responding to Cloud Misconfigurations with Security Automation and Common-Sense Tips appeared first on Siemplify.
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from Siemplify authored by Dan Kaplan. Read the original post at: https://www.siemplify.co/blog/responding-to-cloud-misconfigurations-with-security-automation-and-common-sense-tips/
- BTFS is Poised to Disrupt the Cloud Storage Industry? - ihodl.com - October 15th, 2020
- Reducing cloud storage costs: what you need to know - ITProPortal - October 15th, 2020
- Save an extra 20% on VPNs, password managers, and cloud storage - Mashable - October 15th, 2020
- Cohesity hooks up with AWS to pipe data management-as-a-service at users, starting with backup - Blocks and Files - October 15th, 2020
- The Best Backup and Restore Courses and Online Training for 2020 - Solutions Review - October 15th, 2020
- NetApp Insight 2020 conference news and coverage - TechTarget - October 15th, 2020
- iPad productivity tips: Keyboard tricks, shortcuts, and more - Fast Company - October 15th, 2020
- Cloud At The Edge, GPU Storage And LTO Gen 9 - Forbes - September 25th, 2020
- Zoom is being sued over its cloud storage practices - TechRadar - September 25th, 2020
- Microsofts storage dream: a hard disk drive the size of a wardrobe with Samsung Galaxy S20 parts - TechRadar - September 25th, 2020
- How to Access S3 Buckets from Windows or Linux - ITPro Today - September 25th, 2020
- There is a hole in my cloud bucket - Fudzilla - September 25th, 2020
- Red Hat shifts automated data pipeline into OpenShift Blocks and Files - Blocks and Files - September 25th, 2020
- Seagate gets into object storage with new CORTX software Blocks and Files - Blocks and Files - September 25th, 2020
- Kioxia's Ethernet SSD stirs into EBOF life as architects dream - Blocks and Files - September 25th, 2020
- Ceph scales to 10 billion objects Blocks and Files - Blocks and Files - September 25th, 2020
- Google accused of using its online dominance to hold back competitors; to face antitrust lawsuit: Report - Times Now - September 25th, 2020
- Synology DiskStation can keep your digital life organized and safe - The Dallas Morning News - September 25th, 2020
- Looking for a job? The Library is here to help! | Globe Times - swglobetimes.com - September 25th, 2020
- Multi Cloud Storage Market is Projected to Increment at an Eye-Catching CAGR by 2023 | 21.2% CAGR | Know the COVID19 Impact - Verdant News - September 25th, 2020
- Internet of Things (IoT) Cloud Platform Market: Demand Rate with Regional Outlook, Applications, Consumer Profiles & Forecast 2026 - The Daily... - September 25th, 2020
- This tiny CPU firm could play a key role in the future of Apple One - TechRadar - September 25th, 2020
- Could Snowflake Rival Amazon in Cloud Storage and Services? Here's What You Need to Know About the New So - Tech Times - September 15th, 2020
- How Cloud Computing Can Deal With Lightning Strikes and Hackers - Carnegie Endowment for International Peace - September 15th, 2020
- How to approach IT logging in the cloud vs. on premises - TechTarget - September 15th, 2020
- This lifetime web hosting subscription comes with up to 1TB of storage - Mashable - September 15th, 2020
- Keep It in the Cloud! Best Cloud Storage Systems of 2020 - iDrop News - September 6th, 2020
- Impact of COVID-19 on Cloud Storage Software Market 2025 Expected to reach Highest CAGR including major key players Amazon Web Services, Microsoft,... - September 6th, 2020
- Facebook adds cloud storage providers Dropbox and Koofr to its photo and video portability tool - Digital Information World - September 6th, 2020
- Cloud storages you need to know - The Star, Kenya - September 6th, 2020
- How COVID-19 is Impacting the Consumer Cloud Storage Services Market by Industry Analysis, by Type, Application and Top Players:Apple, Google, Box,... - September 6th, 2020
- Cloud Storage Gateway Market to Witness Stunning Growth by 2027; Key Players are Riverbed Technology, SoftNAS, Inc., Oracle, Microsoft, Nasuni... - September 6th, 2020
- COVID-19 Is Driving a Cloud Computing Surge That Will Only Continue | Opinion - Newsweek - September 6th, 2020
- Asia Pacific Personal Cloud Market Industry Analysis and Market Forecast (2019-2026) _ Hosted Types, Revenues, User Type, and Geography. - Galus... - September 6th, 2020
- Amazon's Blink Unveils New Wireless Security Cameras with HD Video, Flexible Storage Options, and New Battery Expansion Pack Cameras Start at $79.99... - September 2nd, 2020
- Cloud Storage Software Market Will Raise Beyond Imagination over Period 2025 | Microsoft, Oracle, Rackspace Hosting, Red Hat, IBM - Scientect - September 2nd, 2020
- Stand Alone Cloud Storage Market Current Industry Size and Future Prospective with Key Players, Drivers and Trends - The Daily Chronicle - September 2nd, 2020
- Media And Entertainment Storage TAM To Exceed $16B By 2025 - Forbes - September 2nd, 2020
- The Launching Ceremony for XnMatrix Wrapped Up, the Next Generation of Cloud Computing Eco-System Sets Sail - PRNewswire - September 2nd, 2020
- Why not open our own Container Registry, muses GitHub as it gives orgs a hand at resource-sharing DEVCLASS - DevClass - September 2nd, 2020
- Sharing responsibility: Why we need to work together to keep the cloud secure - ComputerWeekly.com - September 2nd, 2020
- Data breach exposes tens of thousands of NSW drivers licences online - ABC News - September 2nd, 2020
- 10 Key Takeaways From NetApp CEO George Kurian: Cloud, Coronavirus And Growth - CRN: Technology news for channel partners and solution providers - September 2nd, 2020
- How to Prepare for the Next Time the Cloud Goes Down - Gizmodo - September 2nd, 2020
- Demand for Consumer Cloud Storage Services Market from Major End-use Sectors to Increase in the Near Future - The Scarlet - August 29th, 2020
- Prevent the storage and data security risks of remote work - TechTarget - August 29th, 2020
- Samsung kills Gallery Sync and Drive support in favor of OneDrive - Android Central - August 29th, 2020
- 4 great Android apps to edit the perfect photo - Phandroid - News for Android - August 29th, 2020
- Google Cloud and STS to Automate US Navy Maintenance Inspections Using AI and ML Technology - PRNewswire - August 29th, 2020
- New innovative report on Cloud Storage Gateway Market Future Growth Analysis, Business Demand and Opportunities to 2027 - The Scarlet - August 29th, 2020
- Global Cloud Based Storage Market 2020 Industry Outlook, Comprehensive Insights, Growth and Forecast 2026 - Good Night, Good Hockey - August 29th, 2020
- In quest to go paperless (and save money), Mizuho to start charging for bank books - Japan Today - August 29th, 2020
- NetApp posts strong Q1, plots big re-organisation Blocks and Files - Blocks and Files - August 29th, 2020
- The Handiest Video Doorbells to Remotely Test Who's At your Doorstep - Herald Planet - August 29th, 2020
- Explore the best free cloud backup services on the market - TechTarget - August 26th, 2020
- Integrated Media Technologies Joins the Active Archive Alliance - Sports Video Group - August 26th, 2020
- Storj Labs and FileZilla Collaborate to Offer Secure File Storage in the Remote Work Era - Database Trends and Applications - August 26th, 2020
- Cloud Compliance Frameworks: What You Need to Know - Security Boulevard - August 26th, 2020
- Reevert Unveils Advanced Tools to Enhance Network Security and Efficiency for Remote Workforces - PRNewswire - August 26th, 2020
- Enhancing Network Visibility for SD-WAN in the Era of Cloud and SaaS - The Fast Mode - August 26th, 2020
- Where to Back Up Your Smartphone Photos Online (and Why You Should) - Lifehacker - August 24th, 2020
- NordLocker encryption heads to the cloud - IT PRO - August 24th, 2020
- What Is the OneDrive File Size Limit? Microsoft's 2020 Updates - Cloudwards - August 24th, 2020
- A Security Flaw In 'Manage Versions' Feature Of Google Drive Could Allow Malware Attackers Trick Victims Into Installing Rogue Code - Digital... - August 24th, 2020
- Medical Image Cloud Market Expected to Witness High Growth over the Forecast Period 2020 2025 - The Daily Chronicle - August 24th, 2020
- What Is OneDrive? A 2020 Guide to Microsoft's Cloud Storage - Cloudwards - August 20th, 2020
- Stand Alone Cloud Storage Market Growth, Industry Verticals and Forecast to 2026 - Scientect - August 20th, 2020
- Outlook on the Healthcare Data Storage Global Market to 2026 - Opportunity Analysis for New Entrants - ResearchAndMarkets.com - Business Wire - August 20th, 2020
- Personal Cloud Storage Market by Top Manufacturers with Production, Price, Revenue (value) and Market Share to 2026 - The Daily Chronicle - August 16th, 2020
- Pure Storage and Cohesity in Partnership to Deliver Rapid Recovery at Scale - insideHPC - August 16th, 2020
- Cloud Storage Systems Market Analysis, Size, Regional Outlook, Competitive Strategies and Forecasts to 2025 - eRealty Express - August 16th, 2020
- Cloud Storage Market Size by Top Companies, Regions, Types and Application, End Users and Forecast to 2027 - Bulletin Line - August 16th, 2020
- How to install the Seafile cloud storage solution on Ubuntu Server 20.04 - TechRepublic - July 31st, 2020
- Five on-premise and cloud options for network-attached storage - ComputerWeekly.com - July 31st, 2020
- Want to back up the worlds largest SSD? Use this 100TB cloud storage - TechRadar - July 31st, 2020
- 4 reasons why Tresorit is the best cloud storage service - Tech Advisor - July 31st, 2020
- Cloud Technologies Your Business Needs in 2020 - The Seeker - July 31st, 2020
- FBI Alerts to Rise in Targeted Netwalker Ransomware Attacks - HealthITSecurity.com - July 31st, 2020
- The entire Netflix movie archive will fit on this 90PB storage system - TechRadar - July 31st, 2020
- Student discounts: the best offers in 2020 - Creative Bloq - July 31st, 2020