CLOUD

now browsing by tag

 
 

#cybersecurity | #hackerspace | Reduce Cloud Security Complexity With Zero Touch Automation

Source: National Cyber Security – Produced By Gregory Evans

The increase in hybrid and multi-cloud environments has increased complexity for cloud security

Technology has advanced at a rapid pace over the past 20 years, and companies have had to digitally innovate to keep up with competitors. As organizations increase their digital assets, they are also increasingly moving to public and hybrid cloud environments for storage and infrastructure needs.

Interestingly, after embarking further into these cloud transformations, organizations also started wanting to add instant service availability and infrastructure-as-code into their own data centers. As a result, public cloud vendors are now offering private data center solutions such as AWS Outpost, Google Anthos and Azure Stack.

At the same time, FireMon’s 2019 Global Customer Survey found that these transitions will continue to increase, with 92% of companies planning to move some element of operations to the public cloud by 2021. As well, 41% have also already deployed in hybrid environments. And, according to Gartner, system infrastructure will also shift 20% further toward cloud solutions by 2020.

These types of hybrid enterprises are also increasing with the need to integrate a variety of cloud services and system architectures: on-premises, IaaS, PaaS and SaaS. Therefore, as companies increase their digital assets, they require more cloud services. This creates hybrid and multi-cloud environments that can become overly complicated. 

The Challenge of Securing Cloud Environments

As these transitions occur more frequently, hybrid and multi-cloud environments also become more complex due to three main challenges: limited network control, little to no integration across services and a lack of qualified security personnel with enough domain and cross-domain knowledge and training.

Companies must take advantage of digital transformations and the cloud to stay competitive. However, this change also brings new challenges in managing network security processes across such complex environments, often with reduced security visibility and collaboration across SecOps, NetOps, DevOps and even semi-official CloudOps teams.

In trying to secure their networks, companies often rely on using multiple vendors, but too many hands overcomplicate the problem rather than providing a cohesive solution. For example, according to FireMon’s 2019 “State of the Firewall Report,” more than three-fourths of respondents use two or more vendors for enforcement points on their network. And more than half use three or more vendors to manage their network.

The truth is that most large security and networking vendors have a comprehensive security architecture and platform capability. But even if an organization aspires to consolidate with a single vendor, it will take a long time, and in many cases never be attainable due to longtime legacy, new acquisitions, security leadership changes and more. And even if a single vendor is decided on, it might not be possible to use its unique properties and native services across needed public cloud, containers and orchestrators, microservices, zero trust and soon 5G infrastructure and services.

All of these parties also increase human errors when trying to cope with manual network changes, including logging into multiple consoles to manage security processes. As systems become too large, it is difficult to holistically manage the environment, avoid outages and reduce risk and SLA times while still enabling business growth, with the same number of security staff.

As a result, virtually all cloud data breaches to date have been caused by misconfiguration errors and not by sophisticated hacking. These errors come in two types: improper use of the native security controls offered by cloud providers, and organizations deploying misconfigured servers. According to Gartner, through 2023, more than 99% of firewall breaches and 80% of cloud breaches will be caused by human-introduced misconfigurations.

The solution to securing hybrid cloud environments is to eliminate unnecessary complexity caused by manual network and security policy management processes. Routine IT security tasks should be automated as much as safely possible to help reduce complexity and human-introduced issues.

Automation: The Key to Cloud Security

True security automation is key to protecting virtual assets as more companies move to the cloud. Automated Network Security Policy Management (NSPM) eliminates guesswork and reduces the manual steps that lead to misconfigurations while meeting security and compliance policies. By automating routine manual processes, a layer of complexity is simplified to improve cloud security.

Automation also provides more network control when done right. Automated network security policy management should provide continuous monitoring, scalable data controls, a collaborative policy platform, policy gold rules that provide access permissions and security guardrails that prevent misconfigurations and improve overall consistency. In a complex hybrid and multi-cloud environment, consistency and predictability are key to unifying the security of an entire system.

One of the other security challenges of embracing public clouds is that cloud security works differently than traditional network security and policies often look very different than traditional network security policies. For example, the source and destinations in cloud rules can be objects such as an instance or VM (not the same as the host) that have interfaces and IPs attached and are not the same as an IP-to-IP object. Additionally, an object could also be a native cloud service that resolves to ephemeral public cloud vendor IPs, where the IPs themselves are not obvious or even known to the customer.

Therefore, managing separate cloud and data center security policies, and with different solutions, could lead to misalignment, reduced visibility and compliance and weakened overall security. Although previously difficult, it is now possible to have a unified policy across hybrid infrastructure, supporting native cloud objects such as VMs, VPCs, security groups and more. The alternative approach of implementing separate cloud security and network security solutions, even if they are from the same vendor, would simply not work efficiently in a large-scale hybrid environment, without reinforcing team silos.

Benefits of Going Beyond ‘Zero Touch’ Automation

While companies secure and gain visibility over the cloud, they can also reap the benefits of true security automation by going beyond zero touch automation, which automates the network security life cycle by pushing policy and configuration changes to devices. Automated tools that go beyond zero touch are flexible and adaptable to unify security policy management.

When we say to go beyond zero touch automation, we mean to not stop at zero touch device deployment as a singular event. Rule deployment is not the outcome itself. The real outcome is to have a loop that continually and automatically recalibrates the security policy as infrastructure changes are detected, services scale up within boundaries of what is and isn’t allowed or they need simplified quick approvals.

For the best results, automated network security policy management should match and grow with a company’s security needs and capabilities. Security tools should increase their forms of automation over time to better manage and protect a company’s entire network.

The benefits of going beyond zero touch automation to integrate security processes include:

  • Full visibility: Simplify operations and provide the ability to control security rules.
  • Eliminate misconfigurations: By removing manual change management processes, we avoid human error altogether.
  • Improve efficiency: Automate repetitive tasks to minimize business disruption and avoid outages.
  • Ensure continuous compliance: Network security policy management tools should not sacrifice speed for compliance. With real-time policy assessments and device policy recalibration based on application-centric rules, true security automation will guarantee policies are being followed.

Security challenges will continue to advance as cloud platforms continue to expand. While automation will remain the key to maintaining hybrid and multi-cloud security in an increasingly complex environment, companies can benefit now from incorporating automated tools that enable their business to adapt and secure their entire system.

Source link

The post #cybersecurity | #hackerspace |<p> Reduce Cloud Security Complexity With Zero Touch Automation <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Cloud Security that Performs – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

We heard from another customer today that their incumbent cloud security vendor keeps going down. And when it is not down, DLP scans take hours, if they complete at all.   What is going on?

https://securityboulevard.com/

*** This is a Security Bloggers Network syndicated blog from Bitglass Blog authored by Nat Kausik. Read the original post at: https://www.bitglass.com/blog/cloud-security-performance-1

Source link

The post #cybersecurity | #hackerspace |<p> Cloud Security that Performs – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Docker Registry Snafus Expose Firms to Cloud Compromise

Source: National Cyber Security – Produced By Gregory Evans

Security experts are warning that widespread Docker registry misconfigurations could be exposing countless organizations to critical data theft and malicious attacks.

Palo Alto Networks’ Unit 42 research group focused on one of the most popular platforms around for managing containers. Docker registries are servers designed to store and organize the all-important images, which contain bundled application code, dependent libraries and operating system files.

As these registries therefore provide access to app source code and business-critical data, it’s vital that they are properly secured. However, Palo Alto Networks discovered misconfigurations in registries’ network access controls which left many exposed.

In total, the Unit 42 team found 941 Docker registries exposed to the internet and 117 registries accessible without authentication. There were 2956 repositories and 15,887 tags in these registries, meaning effectively that nearly 3000 applications and almost 16,000 unique versions of these were exposed.

Scores of registries allowed the “push” operation, meaning hackers could replace legitimate app images with those containing backdoors. Others allowed for deletion, meaning cyber-criminals could encrypt or delete and hold them for ransom, while more still allowed any user to pull and run the images.

“The remediation strategy for this particular misconfiguration is straightforward, such as adding a firewall rule to prevent the registry from being accessed from the internet and enforcing authentication header in all the API requests,” the firm concluded.

“However, with an ever-increasing number of applications and complexity of infrastructure, security becomes a daunting job. Automated tools are needed to scan for vulnerabilities and monitor malicious activities constantly. The earlier the issues can be identified, the less chance they will be exploited in the production.”

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Docker Registry Snafus Expose Firms to Cloud Compromise appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | [Webinars] Black Duck on VMware Cloud and open source scans

Source: National Cyber Security – Produced By Gregory Evans Learn about the addition of Black Duck to VMware Cloud Marketplace and the benefits and limitations of different types of open source scans. Synopsys Black Duck Is Now on the VMware Cloud Marketplace The use of open source software is free, but that doesn’t mean it […] View full post on AmIHackerProof.com

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Source: National Cyber Security – Produced By Gregory Evans

microsoft azure hacking

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.

Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes.

According to a report researchers shared with The Hacker News, the first security vulnerability (CVE-2019-1234) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.

If exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure—it doesn’t matter if they’re running on a shared, dedicated or isolated virtual machines.

According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack.

By leveraging an insure API, researchers found a way to get the virtual machine name and ID, hardware information like cores, total memory of targeted machines, and then used it with another unauthenticated HTTP request to grab screenshots, as shown.

microsoft azure screenshots

Whereas, the second issue (CVE-2019-1372) is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises’ business code.

What’s more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.

Check Point published a detailed technical post on the second flaw, but in brief, it resided in the way DWASSVC, a service responsible for managing and running tenants’ apps and IIS worker processes, which actually run the tenant application, communicate with each other for defined tasks.

Since Azure Stack failed to check the length of a buffer before copying memory to it, an attacker could have exploited the issue by sending a specially crafted message to DWASSVC service, allowing it to execute malicious code on the server as the highest NT AUTHORITY/SYSTEM privilege.

“So how can an attacker send a message to DWASSVC (DWASInterop.dll)? By design, when running the C# Azure function, it runs in the context of the worker (w3wp.exe),” the researchers said.

“This lets an attacker the possibility to enumerate the currently opened handles. That way, he can find the already opened named pipe handle and send a specially crafted message.”

Check Point researcher Ronen Shustin, who discovered both vulnerabilities, responsibly reported the issues to Microsoft last year, preventing hackers from causing severe damage and chaos.

After patching both issues late last year, the company awarded Shustin with 40,000 USD under its Azure bug bounty program.

The Original Source Of This Story: Source link

The post Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | GUEST ESSAY: Strategic tactics are key to a robust Cloud Security Posture Management regime

Source: National Cyber Security – Produced By Gregory Evans A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | Cyber Risks Cloud Census With Resources, Congress Seats at Stake

Source: National Cyber Security – Produced By Gregory Evans The U.S. Census Bureau’s decennial count is raising concerns that its new digital systems are vulnerable to attacks or malfunctions that could unfairly rejigger congressional seats or shuffle federal resources. The 2020 headcount, for the first time conducted primarily online, kicked off in remote parts of […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Google Cloud Identity Pricing – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans Google Cloud Identity is free to some extent, but if interested in the broader features of Google Cloud Identity, it can be quite expensive over time. The post Google Cloud Identity Pricing appeared first on JumpCloud. *** This is a Security Bloggers Network syndicated blog from […] View full post on AmIHackerProof.com

#hacking | 5 Key Security Lessons From The Cloud Hopper Mega Hack

Source: National Cyber Security – Produced By Gregory Evans US Department of Homeland Security building, Washington DC AFP via Getty Images In December 2019, the U.S. government issued indictments against two Chinese hackers who were allegedly involved in a multi-year effort to penetrate the systems of companies managing data and applications for customers via the […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Cloud, 5G and ‘wetware’ attacks — the 5 biggest cybersecurity threats of 2020

Source: National Cyber Security – Produced By Gregory Evans (Source: Giphy) Businesses are getting cosier with the cloud. As more data pours in, it makes sense to use a public cloud server rather than set up servers in-house. But just because they’re moving to a ‘cloud smart’ agenda doesn’t mean that they aren’t being ‘cloud […] View full post on AmIHackerProof.com