Name: Privilege Escalation Attacks in AWS: How They Work, How To Stop Them
Start: 2021-01-21T19:00:00Z
End: 2021-01-21T19:00:57.000Z
Location: BrightTALK
Rating: 4.7

Sonrai Security delivers an enterprise identity and data governance platform for AWS, Azure, Google Cloud, and Kubernetes.

Security teams need a new mindset to keep up with the risks created by modern devops practices in the cloud.

Visibility into attack paths and a vulnerability’s blast radius is required to truly manage security risks. Teams need to evaluate and prioritize vulnerabilities based on their potential impact to the business, with insight into the risks unique to the host. For example, if you don’t know every identity on your workload and what access their permissions allow, you can’t see which vulnerabilities could lead to an over permissioned identity with crown-jewel data access.


Join this webinar to see how security teams are benefiting from the unique combination of agentless vulnerability scanning, CSPM, CIEM, data protection and automation to bring their public cloud to a state of security excellence.
Jeff Moncrief, Field CTO of Sonrai Security, will discuss and demonstrate the following:

● Why workload vulnerability scanning is only step one in a comprehensive cloud security strategy

● How attackers are exploiting vulnerabilities in your cloud through attack paths that lead to your most sensitive data

● The technological advantages of agentless scanning and governance automation for managing risk “at the speed of cloud”

● How understanding “blast radius”, “risk amplification” and vulnerabilities unique to the host can help you prioritize risks in your cloud and speed up your remediation strategies

Blast Radius & Active Attack Paths: The Keys to Securing Your Cloud

Organizations are gaining access to huge volumes of information every day. However, most of this data is wrapped in a complex ephemeral world of identities and resources.

For the data to be protected organizations must aggregate, structure, normalize, and see all the information. Only then can they tag, classify, and index the data before finally enforcing controls and governance policies. However, many organizations struggle with determining when and how to manage access to data consistently, and how and when to modulate controls to ensure continuous security, governance, and compliance to prevent data loss. In this webinar, we will discuss best practices for data access and movement for AWS, Azure, GCP, and Kubernetes.

This webinar is intended for cloud administrators and security teams who are looking for robust data access and movement strategy to protect data in the cloud running on AWS, Azure, or Google Cloud instances. We’ll look at some of the best practices and use cases for data access prevention and governance.

5 Cloud Data Access Challenges and How to Solve Them

In the effort to keep your cloud secure, are you monitoring all your cloud identities - person and non-person - and their entitlements? Probably not, as gaining effective visibility into your cloud is notoriously complex. That lack of visibility and control over identity access and entitlements to your resources and assets is almost surely putting your crown-jewel resources and cloud security posture at risk.

Analysts, like Gartner and Forrester Research, see the ability to govern identities and mitigate risk as essential for any enterprise with a large cloud infrastructure footprint. “Cloud Infrastructure & Entitlement Management” (CIEM) is what’s proposed to tackle this problem. 

Yes, yet another acronym. We'll decode where it overlaps with existing solutions (like CSPM), what's truly new about it, and what security concepts it addresses are most important. 

Sonrai CISO and Director of Cloud Research Eric Kedrosky and is joined by security veteran David Shackleford (Founder & Principal of Voodoo Security) to parse through the hype and figure out why identity security is becoming more critical to the public cloud.

Cloud Infrastructure Entitlement Management (CIEM): Another Security Acronym

Identity and data permissions in AWS, properly used, will allow you to deliver security far superior to anything possible in a data center world.  However, many organizations are struggling to securely manage all of these identities and the risks to their cloud. In turn, malicious actors are acutely aware of the gaps and are actively exploiting them. Learn how least privilege, least access, separation of duties, privilege escalations, executed properly, can be quickly and easily enforced where it actually matters in your cloud.

Join our session where we will answer the following:
* How Sonrai’s Intelligent CSPM provides visibility and remediation inside your AWS environments
* How your organization can apply appropriate security controls to enhance identity security and data protection
* What specific frameworks and policies are necessary to identify and reduce risk across your environment

Supercharge your AWS security posture using identity and data controls

The dynamic infrastructure in Azure, AWS, and GCP is critical for modern enterprises to meet their business goals. It’s also new territory for security teams, as things that used to be static metal are now made up by code, and who can access what changes day by day.

The major cloud providers release, on average, 17 new permissions a day. With seemingly infinite paths to data being created - and cloud data sprawl occurring in most companies - getting to peak security maturity requires disciplined prioritization of tasks for the cloud security team.

In this webcast, we chart out a prioritized list of issues to focus on, progressing environments from ‘vulnerable’ to ‘zero trust’ on a maturity scale. The prioritization is shaped by issues’ likelihood to lead to breach, how commonly the issues occur, and how easy the issues are to solve without major tooling. By focusing on a maturity journey, we establish a sustainable and achievable path towards zero trust without overwhelming the team or compromising business goals, like faster time-to-production.

Join this session to learn:

*The most important infrastructure & configuration vulnerabilities to close
*Most common identity issues (toxic combinations, privilege escalation abuse, etc) and how to eliminate them
*How to determine what security maturity level is appropriate for each environment
*Sustainable practices to keep up with changing identity permissions
*Advanced automation & tooling techniques

Charting a Path to Cloud Security Maturity: A Guide for Cloud & Security Teams

In 2020, U.S. businesses were the victim of 1,108 data breaches. By the end of this past September, 2021’s total was 1,291 data breaches making 2021 one of the worst years to date. Luckily, cloud data breaches follow distinct patterns that we can study and learn from.

In this webinar, Eric Kedrosky, CISO and Director of Cloud Research at Sonrai Security, and David Shackleford, Owner and Principal Consultant of Voodoo Security, dissect five notorious and distinct types of cloud data breaches.

Follow along as they break down the top examples of cloud data breaches in the news this year and how they could have been prevented. Each of these five events fits into an archetype within a family of breaches. Join this webinar to learn in detail
* the anatomy of each profile of breach
* what series of events allowed the breach to happen
* what we can learn from past oversights, and further preventative measures.

Lessons for Cloud Teams from the 5 Cloud Data Breach Archetypes of 2021

Deploying an application on Azure is fast, easy, and cost-effective, leading many organizations to rapidly increase their Azure footprint in recent months. Throw in the forced adoption of work from home we saw in 2020 and many organizations are facing digital chaos with much larger clouds than before.  The good news is that this chaos is manageable if you know what to look for.

How do you manage security, compliance, and access risk in a scalable way within the Azure environment? Ignoring security gaps and relying on a single vendor dramatically increases risk, but with many cloud and security teams being asked to reduce costs in the challenging economic climate, taking a single vendor approach can be tempting.  

This checklist is intended to help enterprises think through various operational security considerations as they deploy sophisticated enterprise applications on Azure. It can also be used to help you build a secure cloud migration and operation strategy for your organization.
Join Eric Kedrosky, CISO and Director of Cloud Research at Sonrai Security, to learn more about the security risks, compliance considerations, and access considerations in Azure.

Key Takeaways:

- Understand the common security and access risks associated with Azure
- Learn how to ensure security for identities and data in your Azure environment
- Best practices for compliance to protect critical data and identity access

Azure Security Checklist: Governance, Identities, and Compliance Priorities

Digital transformation has brought many organizations to the cloud, eager to take advantage of opportunities for rapid innovation, productivity gains, and cost savings that can help sustain an edge over the competition. But this new world of software development also requires new ways of thinking about security, and is as much a cultural change as a technology shift. In order to realize the benefits of the cloud, developers need the autonomy to produce code and product as they see fit. This requires agility and speed that cannot be slowed down by security and compliance measures. So how do we build cloud architectures that still foster this independence but can also provide centralized governance to protect cloud workloads, platforms,and data?

This is a question that many teams have struggled with, but we’re here to help answer. Join Sandy Bird, CTO and co-founder of Sonrai Security, for this presentation focused on helping you design a secure cloud framework.  Attendees will learn:
* Why the complexities of identity & data management in cloud environments create new risks we may not be aware of
* Ways to build a culture where autonomy is preserved and cloud risk management is still respected
* How to detect risks such as policy violations, misconfigurations, data drift and toxic combinations without harming productivity

Autonomy vs Centralization: Cloud Security in the Modern Enterprise

2021's most notorious data breaches explained

It's Probably Your Fault: 2021 Data Breaches Explained

As hard as it may be, security experts are often expected to act like psychics when it comes to predicting the greatest risks to the organization. While the disruptive forces unleashed by the COVID-19 pandemic continue to shape the global business ecosystem, one important trend remains unchanged: the steady march toward a public cloud world. 

With years of industry experience behind them, hosts Eric Kedrosky, CISO & Director of Cloud Research at Sonrai Security, and David Shackleford, Owner and Principal Consultant of Voodoo Security, are primed and ready to share their cloud security prophecies for 2022 with you!

Get out your crystal ball and join us for a look into the future of cloud security and how cloud security will evolve in 2022. Attendees will hear:
* The new fundamentals of cloud security,
* The simple mistakes that will to lead to the greatest cloud security headaches,
* Which security practices will become irrelevant in 2022 and beyond, and
* Why malicious actors will keep getting smarter and what you should expect from attackers.

Cloud Security Predictions: What to Lookout for in 2022

Do you know where your data is? It seems like such a simple question. Many security teams think they do, because they have a map and a plan of where data is **supposed** to be. Seeing where data actually is in the cloud requires more than a static plan - you need the capacity for dynamic reconnaissance. You also need a deep understanding of how data can be accessed to assign it a true ‘location’ to harden. 

Couple this complexity with the ever-growing scale of cloud, and data classification becomes critical: with an ever-growing cloud footprint, vulnerabilities need to be prioritized by sensitivity. PII in a public bucket is a much bigger problem than SOC compliance issues in a staging environment. They both need attention, but you’ll never have the resources to cover off every issue with the same speed.

Securing data starts with seeing data, and seeing it clearly. Where it lives, how sensitive it is, and how it can be accessed are the first pieces of information to gather to prioritize your security tasks. Then you can start the work of hardening the most vulnerable positions, adjusting posture management, and limiting access.

This is the first webcast in a series on securing data in the public cloud. Sonrai CISO Eric Kedrosky and Voodoo Security Founder’s Dave Shackleford team up to discuss the challenges of data reconnaissance and scanning in the cloud, covering topics like:
-Common data visibility issues
-Data classification: issues, best practices, and automation techniques
-Mapping out a risk management strategy based on data intel
-Securing the objects and locations where sensitive data lies with posture management and other governance strategies

For the rest of the upcoming Securing Data in Public Cloud series, subscribe to our channel.

Find, Classify, Secure: Data Recon in AWS & Azure

Everyone enjoys a good scare, but there’s nothing more frightening than the risks that are lurking in your cloud! Effective permission chaining, orphaned accounts, unrestricted data movement, platform misconfigurations; these issues and more are still plaguing companies despite countless examples of cloud data breaches that should have been a wake up call to us all.

More than a decade into cloud security, even the most advanced companies are struggling with basic security risk in the cloud. Some don’t know where the problems lie, and others don’t have the right tools to remediate new security and compliance risks. Approaches from the on-prem world, like traditional IAM, don’t cut it anymore. Teams need new methods for managing data, identity and cloud platform risks.

Join Eric Kedrosky, CISO and Director of Cloud Research at Sonrai Security and Nathan Schmidt, Principal Security Architect at Sonrai Security for this haunting exploration of the “Tales from the Field”, an event focused on the first hand account of security risks that have bedeviled companies in the public cloud. 

Attendees will learn: 
* How the complexity of the cloud created new security risks that we’re failing to address
* Examples of recent cloud data breaches & the causes that might be hiding in your cloud
* The best practices teams can adopt to avoid identity, data and platform risks and put these ghouls to rest, once and for all

Orphaned Accounts & * Permissions: A Cloud Security Horror Story

Many organizations have accelerated their digital transformation in recent months, often out of necessity to keep operations running from rapid WFH growth. In turn, this transformation has seen AWS adoption grow exponentially.

There are many benefits to using AWS, but how do you manage security, compliance, and access risk within the AWS environment? Ignoring security gaps and relying on a single vendor dramatically increases risk, but with many cloud and security teams being asked to reduce costs in the challenging economic climate, taking a single vendor approach can be tempting.  

Join this webinar to learn more about the security risks, compliance considerations, and access considerations in AWS and how you can implement strategies to mitigate them.

Key Takeaways:

- Understand the common security and access risks associated with AWS
- Learn how to ensure security for identities and data in your AWS environment
- Best practices for compliance to protect critical data and identity access

AWS Checklist for 2021: Expert Advice on Security and Risk Priorities

During a cloud migration, it’s very important to choose the right tools and resources to make your transformation seamless and secure. When World Fuel Services decided they were going to reduce their data centers from 22 to 2 in under two years, they sought more than just a security solution, they looked for a partner who could help them build a strong foundation and mature cloud operating model. In choosing Sonrai, they knew it wasn’t just technology they needed, but expertise in process, security and governance to help them scale in a new technological frontier.

Watch this session from The Cube AWS Startup Showcase featuring Avi Boru, Director of Cloud Engineering at World Fuel Services, and Sandy Bird, CTO & Cofounder of Sonrai Security as they talk about important considerations in moving from the data center to the cloud, and how cloud technologies have literally turned the security world upside down. This 25 minute discussion covers:
* How the cloud gives us opportunities to “redo security” and be more secure than we ever were on prem
* The benefits of decentralizing security across your cloud, development and operations teams
* Why identity is the new perimeter, replacing firewalls in the cloud, and
* The absolute importance of having a strong cloud security governance model to put an end to security “whack-a-mole”

Building Secure Cloud Foundations in AWS with Sonrai & World Fuel Services

We’re years into the cloud era, yet companies are still making the same mistakes. Week after
week, we’re still seeing the same “breach headlines”. The issues have been so well documented—
what are people missing?

The truth is, security teams are using outdated paradigms that lead them to repeat old mistakes.
Join Nemertes CEO Johna Till Johnson and Eric Kedrosky, Research Director & Chief
Information Security Officer at Sonrai Security as they discuss "Top Five Ways To Get Cloud Security Right" in a lively, interactive discussion. They’ll sketch out the challenges and highlight the steps that enterprise security technologists need to take to get cloud security right.

Participants will learn what they’re missing in next-generation cloud security, and how to tackle the
knotty issues of cloud identity, access management, and policy enforcement.

What Security Folks Are Afraid To Ask: Data, Identity & Infrastructure

AWS, like every advanced cloud platform, has well-known security flaws that can lead to catastrophic problems if you are not paying careful attention. One of the most dangerous allows innocuous accounts usually granted to developers to be given admin access. Such attacks work because a sequence of seemingly unimportant missteps in configuring different parts of AWS allows the escalation to occur. This webinar will show how these attacks work and how to be diligent about monitoring to make sure such attacks never succeed on your watch.

This webinar will cover:

The general nature of escalation attacks
* How AWS is specifically vulnerable
* What to do to monitor for mistakes that make these escalation attacks possible
* How to use Sonrai Security to automate such monitoring

Privilege Escalation Attacks in AWS: How They Work, How To Stop Them

Amazon Web Services

Breach Prevention

Cloud

Cyber Security

DevOps

Hackers

Identity Management

Information Security

Public Cloud

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Privilege Escalation Attacks in AWS: How They Work, How To Stop Them

Presented by

About this talk

More from this channel