ADAM SPEAKS AT THE AGILEBLUE WEBINAR

On March 24. Tony Pietrocolo the President at AgileBlue hosted a webinar around identifying your cloud vulnerabilities and hardening your cloud posture. This webinar included two speakers, Rosemary Monroe who is a principal consultant for Online Business Systems, and Adam Rosenman the CEO of Rose IT Solutions.

The main focuses that were on the agenda for this webinar were:

1. How to continuously monitor and manage your cloud security across multi-cloud infrastructures

2. Detecting threats within your cloud

3. AgileBlue’s steps to CSPM and hardening your cloud

IDENTIFYING YOUR CLOUD VULNERABILITIES AND HARDENING YOUR CLOUD POSTURE

We are seeing more and more cloud breaches as of late. It is not because someone is hacking into them or the user is negligent and clicking on links, but because of misconfigurations. There are a million types of configurations and not everyone knows the best practices that need to be done in order to avoid cloud breaches.

Businesses such as Amazon and Google are making big changes to grow in CSPM areas to avoid breaches due to misconfigurations, mismanagement, and mistakes. Google is even making deals with governments in order to bring their platforms in, bringing forth more pressure to avoid cloud security threats. As you can see in the graph below, the biggest cloud security threat is simply misconfiguration. It isn’t the more malicious threats you would assume such as hacking, but simple a misconfigured cloud platform. This is the biggest threat mainly because there is a lack of understanding when it comes to configuring cloud security.

WHAT IS A MISCONFIGURATION?

At a general level, a misconfiguration could be anything from not having your storage configured correctly to not having your access controls configured in a way that’s controlling the access at the right levels. Runaway resources could be misconfigured because they are a part of your cloud’s ecosystem. Anything that you can apply a configuration to that controls access and utilization of your cloud, could potentially be misconfigured. A misconfiguration of the cloud is such a broad statement because the cloud itself is so broad. This could be a wide range of things that are configured incorrectly. When something is misconfigured in your environment you are jeopardizing the safety of your business and your data.

It’s important to remember that although Amazon and Google are secured systems, this does not ensure that your information is secured. This means that they are in a secured position but you have to set up configurations to make sure that your information is personally secured. You can’t forget that you are in charge of yourself when it comes to cloud security.

WHAT IS CSPM?

Cloud Security Posture Management (CSPM) is technology to identify misconfiguration issues and compliance risks in the cloud. An important purpose of CSPM programming is to continuously monitor cloud infrastructure for gaps in security policy enforcement. Visibility is everything when it comes to cyber security. When you get an attack or breach, it is likely because of a lack of that visibility.

WHY CSPM?

• Continuous cloud and multi-cloud monitoring

• Risk visualization and assessment

• Automate remediation or remediate at the click of a button

• Compliance monitoring

• DevOps

• Scan your storage buckets for misconfigurations that could make data accessible to the public

WHY DO WE MONITOR CLOUD INFRASTRUCTURE AND THREATS?

Adam says that we monitor cloud infrastructure and threats in order to secure our digital initiatives. Projects that businesses are moving to the cloud for efficiency and scalability purposes need to be aware of targeted attacks, security, and risk management. Leaders must adopt continuous adaptive risk and trust assessment approaches to allow real-time, risk-based decision-making.

Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks. Comprehensive protection required an adaptive protection process integrating predictive, preventative, detective, and response capabilities.

CHALLENGES WITH MONITORING CLOUD INFRASTRUCTURE AND THREATS

• Business transformation accelerates with or without security and risks people, processes, and infrastructure being ready

• Information security lacks continuous visibility it needs to detect advanced attacks

• Enterprise systems are under continuous attack and are continuously compromised, an ad hoc approach to “incident response” is the wrong mindset

• Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers thus requiring predictive threat analytics to get ahead of the curve

• Most organizations overly invest in prevention-only strategies deployed within non-integrated silos, increasing costs and decreasing effectiveness

IMPORTANCE OF MONITORING CLOUD INFRASTRUCTURE

• Unification of IT, Net, Storage, Cloud, Dev, and Security Op’s understanding of immediate risks at hand

• Enhancement of Infosec strategy, policy, and funding roadmaps where it matters to sustain operations based on high-risk vectors

• Identification of risk which prioritizes mitigations identified from active threat actor tactics, techniques, and procedures

• Extraction of additional value from EDR, NDR, and SIEM investments by aligning behavioral detections to threat actor techniques

• Support of Zero Trust and CARTA initiatives through continuous monitoring and assessment of attack surfaces

COMMON ISSUES IN CLOUD DEPLOYMENT

One of the biggest and most common issues during cloud deployment is the misunderstanding of the Shared Responsibility Model. When the customers don’t understand the responsibilities handled by the cloud service provider and the responsibilities they themselves need to handle. When this is not fully understood it leads to inaccurate inventory, inadequate encryption, and flawed assumptions about BC/DR. Here is a graph of the Shared Responsibility Model for both the customer and the cloud service provider.

KEY TAKEAWAYS FROM THE SHARED RESPONSIBILITY MODEL

• Review the shared responsibility model of your CSP

• Review contracts

• CSP’s documentation

• Review CSP’s proof of controls

• Review supply chain (multiple CSPs providing different services)

• Trust but verify services provided/consumed

• Ensure an accurate inventory is defined and maintained

KEY TAKEAWAYS FROM IDENTITY MANAGEMENT (IAM)

• Implement centralized, automated access management and policy-driven environment creation

• Implement least privilege and role or attribute-based access, model

• Assign access only to modalities

• Implement MFA for all access

BENEFITS OF CLOUD CONFIGURATION

1. Discovery and Visibility – Provides discovery and visibility into cloud infrastructure assets and security configurations. Users can access a single source of truth across multi-cloud environments and accounts.

2. Misconfiguration Management and Remediation – Eliminates security risks and accelerates the delivery process by comparing cloud application configurations to industry and organizational benchmarks so violations can be identified and remediated in real-time.

3. Continuous Threat Detection – Proactively detect threats across the application development lifecycle by cutting through the noise of multi-cloud environment security alerts with targeted threat identification and management approach. The number of alerts is reduced because the CSPM focuses on adversaries most likely to exploit areas.

4. Dev SecOps – Reduces overhead expenses and eliminates friction and complexity across multi-cloud providers and accounts via centralization of controls.

ABOUT ROSENMAN IT SOLUTIONS LLC

Rosenman IT Solutions LLC provides technical support for all your IT needs and is based in the USA. We are a managed services provider and IT consulting firm based in Troy, Michigan. Combined with our expertise, creativity, and versatility for your business’s success, our solutions are here to help your business through any IT service or challenge you may have nationwide with 24/7 support!