eBooks & Reports

What Makes a Misconfiguration Critical? AWS Security Tips

Issue link: https://resources.threatstack.com/i/1013570

Contents of this Issue

Navigation

Page 0 of 0

What Makes a Misconfiguration Critical? AWS Security Tips AW S S E C U R I T Y In the cloud, where there are no perimeters and limitless endpoints, there are many ways attackers can get direct access to your environment. With 73% of companies having critical AWS cloud security misconfigurations like wide open SSH and infrequent software updates, the risk of a true breach remains a reality. How do you know whether a misconfiguration is going to put you at risk? And how do you identify where your gaps are? • 73% of companies have critical AWS security misconfigurations • A critical misconfiguration leads to a risk of a breach or another cyber attack • Configurations should be audited regularly to avoid lingering mishaps HIGHLIGHTS 55 Summer Street, Boston, MA 02110 1+ 617.337.4270 threatstack.com Threat Stack enables growth-driven companies to scale securely and meet complex cloud security needs by identifying and verifying insider threats, external attacks, and data loss in real time. Purpose-built for today's infrastructure, the Threat Stack Cloud Security Platform ® and Cloud SecOps Program℠ combine continuous security monitoring and risk assessment to empower security and operations teams to better manage risk and compliance across their entire infrastructure, including cloud, hybrid-cloud, multi-cloud, and containerized environments. For more information or to start a free trial, visit threatstack.com. COPYRIGHT © 2018 THREAT STACK, INC. / TS-BLOG-AWSSECURITY-2018-4 Signs of a Critical AWS Security Misconfiguration If a misconfiguration could lead to any of the following situations, then it's considered critical: • Can be leveraged in a direct data breach • Can be leveraged in a more complex attack • Enables trivial attacks on an AWS console • Reduces or eliminates critical visibility (security or compliance) Not sure if a misconfiguration could lead to any of the above? Think like an attacker. If you can envision an attack based on a misconfiguration, chances are, someone else can too. Spotting a Critical Misconfiguration The best process for spotting misconfigurations is running regular configuration audits, allowing you to find any errors you missed in the setup process. Mishaps like leaving SSH wide open to the internet can allow an attacker to attempt remote server access from anywhere, rendering traditional network controls like VPN and firewalls moot. Failing to enforce multi-factor authentication (MFA) is another big misconfiguration concern. Our survey found that 62% of companies did not actively require users to use MFA, making brute force attacks all too easy for adversaries to carry out. Auditing your configurations regularly will show you how you hold up against CIS Benchmarks and AWS best practices. How to Continuously Monitor For Misconfigurations The fastest way to fix a misconfiguration is to know about it the moment it happens. Someone creates a security group that is wide open to the world? You need to know right now. New IAM user created without MFA? Don't miss it. It is important that you not only fix the issue at hand, but avoid similar misconfigurations in the future with ongoing, not just point in time auditing.

Articles in this issue

Links on this page

view archives of eBooks & Reports - What Makes a Misconfiguration Critical? AWS Security Tips