How CSPM and CIEM may Solve your Cloud Compliance Challenges
With compliance essential to your organization, what strategy to take? Can you rely on a standard cloud security posture management tool — or do you need more?...
Keep Your S3 Safe from CloudTrail Auditors
AWSCloudTrailReadOnlyAccess currently allows s3:GetObject for “*” and s3:ListAllMyBuckets. And reading CloudTrail logs may also give access to bucket object keys. Be careful!...
Wayward Sheriffs and Confused Deputies: Risks in GCP Third Party Access
Most GCP third-party vendors ask for permanent service account keys for access -- increasing credential leakage risk. Used correctly, short-lived credentials offer a secure alternative....
Testing the Waters: First Impressions of CloudTrail Lake
Our first impressions of AWS's new managed audit and security lake that allows you to aggregate, immutably store, and query activity logs....
Tracking Adversaries in AWS Using Anomaly Detection
Here’s how to minimize the impact of a breach by identifying malicious actors’ anomalous behavior and taking action....
SEGA’s Saga of Nearly Compromised Credentials
A look at VPNO’s recent findings of publicly accessible S3 buckets on SEGA’s infrastructure and what we can learn from it....
Protect Your AWS Environment Beyond Patching Log4j
Check out crucial strategic lessons overlooked by enterprises dealing with the recently reported Log4j vulnerability....
How to Start Up Your Cloud Security
Startups may think they can postpone implementing a cloud security program but should in fact take early action — here’s why, and easy steps for doing so....
Not Just Buckets: Are You Aware of ALL Your Public Resources?
A misconfiguration of resource-based policies can inadvertently make resources public. Do you have such misconfigured policies present in your environment?...
How Smart Secrets Storage Can Help You Avoid Cloud Security Risks
The not-so-sensitive locations that may tempt you when storing sensitive information — why to avoid them and how....
Five Strategies for Mitigating Your S3 Misconfiguration Ransomware Threat
Check out these detailed steps to improve ransomware protection of your AWS environment....
The Urgent Threat of Ransomware to S3 Buckets Due to Misconfigurations
Learn all about misconfigurations that can lead to S3 ransomware exposure and the mitigation tools you can leverage to prevent it....