Vulnerable AWS Lambda Function – Initial Access in Cloud Attacks

June 10, 2022 | 147 views

cloudsecurityalliance
Our security research team prepared to explain a real attack scenario from the black box and white box perspective on how a vulnerable AWS Lambda function could be used by attackers as initial access into your cloud environment. Finally, we show the best practices to mitigate this vector of attack.

Serverless is becoming mainstream in business applications to achieve scalability, performance, and cost efficiency without managing the underlying infrastructure. These workloads are able to scale to thousands of concurrent requests per second. One of the most used Serverless functions in cloud environments is the AWS Lambda function.

One essential element of production raising an application is security. An error in code or a lack of user input validation may cause the function to be compromised and could lead the attackers to get access to your cloud account.

About AWS Lambda function
AWS Lambda is an event-driven, serverless compute service which permits the execution of code written in different programming languages and automates actions inside a cloud environment.

One of the main benefits of this approach is that Lambda runs our code in a highly available compute infrastructure directly managed by AWS. The cloud provider takes care of all the administrative activities related to the infrastructure underneath, including server and operating system maintenance, automatic scaling, patching, and logging.

The user can just use the service implementing their code and the function is ready to go.

Security, a shared pain
From a security perspective, due to its nature to be managed by the cloud provider but still configurable by the user, even the security concerns and risks are shared between the two actors.

Since the user doesn’t have control over the infrastructure behind a specific Lambda function, the security risks on the infrastructure underneath are managed directly by the cloud provider.

Using AWS IAM, it’s possible for the user to restrict the access and the permitted actions of the lambda function and its components. Misconfiguration on permission over IAM roles or objects used by the Lambda function might cause serious damage, leading attackers inside the cloud environment. Even more importantly, the code implemented into the Lambda function is under user control and, as we will see in the next sections, if there are security holes into the code, the function might be used to access the cloud account and move laterally.

Attack Scenarios
We are going through two attack scenarios using two different testing approaches: black box and white box testing, which are two of the main testing approaches used in penetration testing to assess the security posture of a specific infrastructure, application, or function.

Looking at the Lambda function from a different perspective would help to create a better overall picture of the security posture of our function, and help us better understand the possible attacks and the related risks.

Black box vs white box
In Black box testing, whoever is attacking the environment doesn’t have any information about the environment itself and the internal workings of the software system. In this approach, the attacker needs to make assumptions about what might be behind the logic of a specific feature and keep testing those assumptions to find a way in. For our scenario, the attacker doesn't have any access to the cloud environment and doesn’t have any internal information about the cloud environment or the functions and roles available in the account.

In White box testing, the attacker already has internal information which can be used during the attack to achieve their goals. In this case, the attacker has all the information needed to find the possible vulnerabilities and security issues.

For this reason, white box testing is considered the most exhaustive way of testing. In our scenario, the attacker has read-only initial access in the cloud environment and this information can be used by the attacker to assess what is already deployed and better target the attack.

In this attack scenario the attacker found a misconfigured S3 bucket open to the public where there are different files owned by the company.

The attacker is able to upload files into the bucket and check the files configuration once uploaded. A Lambda function is being used to calculate the tag for each file uploaded, although the attacker doesn’t know anything about the code implemented in the lambda.

We can be pretty confident there is an AWS Lambda function behind those values. The function appears to be triggered when a new object is created into the bucket. The two tags, Path and Size, seem to be calculated dynamically for each file, perhaps executing OS commands to retrieve information.

We can assume the file name is used to look for the file inside the OS and also to calculate the file size. In other words, the file name might be a user input which is used in the OS command to retrieve the information to put in the tags. Missing a user input validation might lead an attacker to submit unwanted input or execute arbitrary commands into the machine.

In this case, we can try to inject other commands into the file name to achieve remote code execution. Concatenating commands, using a semicolon, is a common way to append arbitrary commands into the user input so that the code would execute them if the user input isn’t well sanitized.

Mitigation
We have seen the attack scenario from the black box and white box perspectives, but what can we do to mitigate this scenario? In the proposed scenario, we covered different AWS components, like S3 buckets and AWS lambda, in which some security aspects have been neglected.

In order to successfully mitigate this scenario, we can act on different levels and different features. In particular, we could:

Disable the public access for the S3 bucket, so that it will be accessible just from inside and to the users who are authenticated into the cloud account.
Check the code used inside the lambda function, to be sure there aren’t any security bugs inside it and all the user inputs are correctly sanitized following the security guidelines for writing code securely.
Apply the least privileges concept in all the AWS IAM Roles applied to cloud features to avoid unwanted actions or possible privilege escalation paths inside the account.
Let’s have a look at all the points mentioned above in detail on how we can enforce those mitigations.

Disable the public access for the S3 bucket
An S3 bucket is one of the key components in AWS used as storage. S3 buckets are often used by attackers who want to break into cloud accounts.

It’s critical to keep S3 buckets as secure as possible, applying all the security settings available and avoiding unwanted access to our data or files.

For this specific scenario, the bucket was publicly open and all the unauthorized users were able to read and write objects into the bucket. To avoid this behavior, we need to make sure that the bucket is available, privately applying the following security settings to restrict the access.

Spotlight

Luxent

Luxent builds and delivers cloud solutions that make users powerful and businesses successful.

OTHER ARTICLES
CLOUD SECURITY

What Is Cloud-Native and Why Does it Matter for CI

Article | June 29, 2022

Continuous intelligence (CI) relies on the real-time analysis of streaming data to produce actionable insights in milliseconds to seconds. Such capabilities have applications throughout a business. In today’s dynamic marketplace, new CI applications that use data from various sources at any given time might be needed on very short notice.The challenge is how to have the flexibility to rapidly develop and deploy new CI applications to meet fast-changing business requirements. A common approach employed today is to use a dynamic architecture that delivers access to data, processing power, and analytics capabilities on demand. In the future, solutions also will likely incorporate artificial intelligence applications to complement the benefits of traditional analytics. Increasingly, cloud-native is the architecture of choice to build and deploy AI-embedded CI applications. A cloud-native approach offers benefits to both the business and developers. Cloud-native applications or services are loosely coupled with explicitly described dependencies.

Read More
CLOUD SECURITY

Why Microsoft Should Spinoff Its Cloud Business

Article | July 11, 2022

Microsoft currently features old-school solutions that are growing relatively slowly (Office and Windows) and new cloud solutions that are growing tremendously (Dynamics 365 and Azure). If the company stays in its current form, Microsoft stock will keep steadily advancing. But because the company’s total top and bottom lines are never going to increase much more than 30% or 35% per year, the shares are never going to deliver truly huge returns. But that would change if the company was to spin off its rapidly growing cloud businesses. In such a scenario, the current owners of Microsoft stock would receive shares in a cutting edge cloud services company (let’s call it Azure), and shares in a company focused on providing old, mostly PC-based software to businesses and consumers.

Read More
CLOUD SECURITY

Intelligence Giant Upgrading its Cloud Technology

Article | August 4, 2022

With the huge amounts of data in all fields, a future in the cloud is imperative to help deal with this explosion of data, especially in the field of intelligence technology. This is the reason why the US Central Intelligence Agency is updating its cloud technology. The agency has recently released a draft request for proposal for its Commercial Cloud Enterprise contract.The C2E tens of billions contract will be a multi-award commercial cloud computing contract with a five-year base period and two five-year options for a period of performance of up to 15 years, according to nextgov.com.In a March 2019 presentation by the Directorate of Digital Innovation, a division of the CIA, the department outlined its vision for C2E. It would be broad and include infrastructure, platform and software cloud services supporting a broad range of users, with a variety of security clearances and a worldwide presence, as reported by techcrunch.com. The principal C2E Program objective is to acquire cloud computing services directly from commercial cloud service providers with established records for innovation and operational excellence in cloud service delivery for a large customer base,the department stated in the presentation.Apparently, the agency prefers to avoid all the attention that the Pentagon’s JEDI cloud procurement process got, and quietly go about its business.

Read More

AWS tags US$235 million to expand its cloud infrastructure in Latin America

Article | February 10, 2020

Amazon Web Services (AWS) is raising its stake on cloud computing infrastructure in Latin America. Proof of this is that the IT company will use R$1 billion (around US$235 million) to expand its data center in Sao Paulo. These millions will be used for its Data Processing Center located in that part of Brazil. In addition, a portion of these US$235 million will also be used to increase the services it offers to both public and private parties.The move gives reason to suggest that AWS is upping the ante in the future of startups and tech in the region that rely on cloud services to develop their own products.It launched its cloud center in Brazil in 2011 but it’ll be getting some beefing up thanks to these funds. Moreover, AWS has two Edge networks in São Paulo and two in Rio de Janeiro. As well as one in each of the following cities: Bogotá (Colombia), Buenos Aires (Argentina), and Santiago (Chile).The objective of all of this is to be the region’s prime provider of cloud infrastructure and beat out its competition AKA, Google Cloud Platform and Microsoft’s Azure.

Read More

Spotlight

Luxent

Luxent builds and delivers cloud solutions that make users powerful and businesses successful.

Related News

CLOUD SECURITY

Laminar Expands Partnership with Amazon Web Services

Laminar | November 21, 2022

Laminar, a leader in public cloud security, today announced it is expanding its partnership with AWS with the general availability of its Cloud Data Security Platform on AWS Marketplace and its addition to the AWS Partner Network. AWS Marketplace AWS Marketplace is a digital catalog that customers can use to find, buy, deploy, and manage third-party software, data, and services to business solutions and run their business on AWS. Because Laminar’s Cloud Data Security Platform is optimized for cloud-native, secure stacks, it fits seamlessly within AWS cloud-native architectures. The Laminar Cloud Data Security Platform allows joint customers to autonomously discover, catalog, and prioritize data assets across a wide range of AWS compute and storage technologies: EC2, S3, RDS, Dynamo DB, etc. to classify data without manual intervention and prioritize the most sensitive data while highlighting critical events. Organizations' data stays safe in AWS while only metadata is sent to the Laminar Cloud. AWS Partner Network The AWS Partner Network (APN) is a global community of partners that leverages programs, expertise, and resources to build, market, and sell customers' offerings. As an AWS Partner, Laminar is uniquely positioned to help customers take full advantage of all that AWS has to offer and operate at the speed of the cloud. “We’re pleased to join the AWS Partner Network and have our solutions available on AWS Marketplace to enable joint customers to easily access and use our cloud data security platform at a time of significant momentum for our company, Our company was recently named a representative vendor for Data Security Posture Management in Gartner’s 2022 Hype Cycle for Data Security which signifies the need for solutions to help organizations who are facing increasing external risks and threats, as well as the rise of internal unknown or ‘shadow’ cloud data stores. By using Laminar with their AWS services, customers can grow their digital businesses, while ensuring consistent data protection for all their AWS cloud data.” Amit Shaked, CEO and co-founder at Laminar “By now, organizations understand that the cloud brings a myriad of benefits including speed and productivity, but are increasingly worried that it comes at the cost of security,” said Sean Ir, VP Partnerships and Business Development at Laminar. “Laminar gives customers visibility and control that allows them to accelerate their migration to AWS and capitalize on a defense-in-depth approach to cloud data security.” About Laminar Laminar’s Data Security Posture Management (DSPM) protects data for everything you build and run in the cloud across cloud providers (AWS, Azure, and GCP) and cloud data warehouses such as Snowflake. The platform autonomously and continuously discovers and classifies new datastores for complete visibility, prioritizes risk based on sensitivity and data risk posture, secures data by remediating weak controls and actively monitors for egress and access anomalies. Designed for the multi cloud, the architecture takes an API-only approach, without any agents, and without sensitive data ever leaving your environment. Founded in 2020 by a brilliant team of award winning Israeli red team experts, Laminar is proudly backed by Insight Partners, Tiger Global, Salesforce Ventures, TLV Partners, and SentinelOne.

Read More

AWS INFRASTRUCTURE

Redis Extends Strategic Collaboration Agreement with AWS

Redis | November 23, 2022

Redis, the real-time data platform, announced today a multi-year strategic collaboration agreement (SCA) with Amazon Web Services, Inc. (AWS). Building on the companies’ existing work together, this agreement will make it easier and faster for customers to adopt Redis Enterprise Cloud’s real-time data processing capabilities with the global reach of AWS services. This SCA is designed to deliver new product support, industry-specific solutions, and go-to-market strategies beginning with customers migrating on-premises open source or relational databases to the cloud. Additionally, Redis’ Enterprise Cloud solution that runs on AWS services will make it easier for customers to modernize or build entirely new, intelligent applications. Ultimately this focus will empower customers––ranging from the financial services, gaming, retail, and healthcare/life sciences industries to create highly available geo-distributed applications that require sub-millisecond performance; for example indexing and complex queries of frequently read data. “Today’s businesses must be able to leverage data as it’s created. Redis Enterprise Cloud on AWS allows developers to deploy and run modern applications with real-time, right now performance from anywhere on the planet,” said Jason Forget, Chief Revenue Officer and President, Redis. “While Redis has been working closely with AWS for years, we view this collaboration as a way to further customers' desire to build and deploy at global scale with the local latency required by modern applications.” Redis currently uses AWS’s global reach and go-to-market programs to educate and incentivize Redis Enterprise Cloud deployments on AWS. Customers can purchase Redis Enterprise Cloud in AWS Marketplace which offers a simplified and consolidated bill that combines their Redis Enterprise Cloud usage with their AWS consumption. Redis and AWS: Powering the Global Real-Time Economy “Our machine learning models deliver multiple recommendations during a single user session. We needed a high-performance database in order to handle these read and write operations that could be integrated with our machine learning platform, Amazon SageMaker. Redis Enterprise Cloud on AWS solves this issue very well for us. I don't think we've ever completed a migration that quickly with such a high volume of data,” said Daniel Galinkin, Head of Machine Learning Engineering at iFood, a Brazilian online food ordering and delivery platform. “We need to be able to take a large amount of reference data and be able to use it for real-time decision making. Redis Enterprise Cloud on AWS was the ideal solution to meet our technical requirements as we evolve from our own data centers to also leverage AWS infrastructure. We’re able to support multiple data centers and AWS Regions with Active-Active Redis to optimize for the lowest local latency, provide durability, and control rate limiting to deliver the best experience for our customers. We’ve extended Redis Enterprise Cloud on AWS for feature calculations, along with Amazon DynamoDB, to structure, store, and quickly access the data to make calculations for a model,” said Humberto Morales, Chief Architect at Telesign, a digital identity and communications platform-as-a-service. “AWS and Redis have a history of working together. We look forward to expanding our relationship and continuing to deliver innovative solutions for our customers, With this new strategic collaboration between AWS and Redis, we are focused on helping our customers meet their needs seamlessly, and enabling businesses to utilize their data more effectively.” Ruba Borno, Vice President, Worldwide Channels and Alliances at AWS For details on where to find and connect with Redis at AWS re:Invent read the Redis blog or pre-schedule a meeting with an expert in Booth #845. About Redis Data is the lifeline of every business, and Redis helps organizations reimagine how fast they can process, analyze, make predictions, and take action on the data they generate. Redis provides a competitive edge to any business by delivering open source and enterprise-grade data platforms to power applications that drive real-time experiences at any scale. Developers rely on Redis to build performance, scalability, reliability, and security into their applications. Born in the cloud-native era, Redis uniquely enables users to unify data across multi-cloud, hybrid and global applications to maximize business potential. Learn how Redis can give you this edge at redis.com.

Read More

CLOUD SECURITY

Cyera and Wiz Partner to Strengthen Cloud Security with Data Security Posture Management

Wiz | November 18, 2022

Cyera, the data security company, can now seamlessly integrate with Wiz to provide prioritized attack surface minimization and automated remediation based on sensitive data exposure. Cyera leverages its Data Security Graph to help security teams quickly understand the blast radius that an active security threat or vulnerability represents, and how to respond to remediate the issue. "Wiz introduced a new approach to cloud security that enables organizations to embrace the cloud while reducing risk, Partnering with other cloud-first companies that enable security teams benefits everyone as it improves the overall cloud security posture." Assaf Rappaport, CEO of Wiz Enhancing Cloud Detection and Response with Data Security Posture Cyera's data security posture management platform enables security teams to understand the data they manage, and what's at risk. By automatically and continuously identifying data stores across IaaS, PaaS and SaaS, Cyera proactively assesses internet facing exposures and access permissions, and provides detection and response capabilities to keep an organization's most precious data safe from exposure. This integration adds Cyera's deep data context to Wiz's extensive risk posture assessments. "Cyera provides enterprises with a deep understanding of the sensitive data they have, how it extends their threat surface and how to take action to remediate the risk it represents," said Yotam Segev, CEO of Cyera. "Together, our solutions will empower security teams to approach cloud security holistically, focusing on the risks that matter most." Holistic cloud data protection, at scale The new solution will enable security teams to prioritize risk remediation based on sensitive data exposure. "Security teams need to understand how sensitive data represents risk to their business," said Mike Britton, Chief Information Security Officer for Abnormal Security. "Getting your security posture right requires you to understand the difference between how an application, an IT employee, or someone in HR should be able to access and handle sensitive information, before you can effectively apply the right controls that protect your business without disrupting it." Examples of how this partnership improves cloud security with data security posture include: Adding context on the risk that publicly exposed data represents to operational resilience into detection and response workflows Identifying where improved data security controls and less permissive access to sensitive customer or employee data can improve cyber-resilience and protect against ransomware threats Correlating cloud configuration issues, critical data store vulnerabilities, and data security risk to ensure teams can respond quickly to the most material risks to their cloud environments About Cyera Cyera is the data security company that gives businesses context and control over their most valuable asset: data. As a pioneer in data security posture management, Cyera instantly provides companies visibility over all of their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. Backed by leading investors including Sequoia, Accel, and Cyberstarts, Cyera is redefining the way companies do cloud data security. About Wiz Wiz is reinventing cloud security from the inside out. Led by an experienced and visionary team, Wiz is on a mission to help organizations create secure cloud environments that accelerate their businesses. By creating a normalizing layer between cloud environments, the Wiz platform enables organizations to rapidly identify and remove critical risks.

Read More

CLOUD SECURITY

Laminar Expands Partnership with Amazon Web Services

Laminar | November 21, 2022

Laminar, a leader in public cloud security, today announced it is expanding its partnership with AWS with the general availability of its Cloud Data Security Platform on AWS Marketplace and its addition to the AWS Partner Network. AWS Marketplace AWS Marketplace is a digital catalog that customers can use to find, buy, deploy, and manage third-party software, data, and services to business solutions and run their business on AWS. Because Laminar’s Cloud Data Security Platform is optimized for cloud-native, secure stacks, it fits seamlessly within AWS cloud-native architectures. The Laminar Cloud Data Security Platform allows joint customers to autonomously discover, catalog, and prioritize data assets across a wide range of AWS compute and storage technologies: EC2, S3, RDS, Dynamo DB, etc. to classify data without manual intervention and prioritize the most sensitive data while highlighting critical events. Organizations' data stays safe in AWS while only metadata is sent to the Laminar Cloud. AWS Partner Network The AWS Partner Network (APN) is a global community of partners that leverages programs, expertise, and resources to build, market, and sell customers' offerings. As an AWS Partner, Laminar is uniquely positioned to help customers take full advantage of all that AWS has to offer and operate at the speed of the cloud. “We’re pleased to join the AWS Partner Network and have our solutions available on AWS Marketplace to enable joint customers to easily access and use our cloud data security platform at a time of significant momentum for our company, Our company was recently named a representative vendor for Data Security Posture Management in Gartner’s 2022 Hype Cycle for Data Security which signifies the need for solutions to help organizations who are facing increasing external risks and threats, as well as the rise of internal unknown or ‘shadow’ cloud data stores. By using Laminar with their AWS services, customers can grow their digital businesses, while ensuring consistent data protection for all their AWS cloud data.” Amit Shaked, CEO and co-founder at Laminar “By now, organizations understand that the cloud brings a myriad of benefits including speed and productivity, but are increasingly worried that it comes at the cost of security,” said Sean Ir, VP Partnerships and Business Development at Laminar. “Laminar gives customers visibility and control that allows them to accelerate their migration to AWS and capitalize on a defense-in-depth approach to cloud data security.” About Laminar Laminar’s Data Security Posture Management (DSPM) protects data for everything you build and run in the cloud across cloud providers (AWS, Azure, and GCP) and cloud data warehouses such as Snowflake. The platform autonomously and continuously discovers and classifies new datastores for complete visibility, prioritizes risk based on sensitivity and data risk posture, secures data by remediating weak controls and actively monitors for egress and access anomalies. Designed for the multi cloud, the architecture takes an API-only approach, without any agents, and without sensitive data ever leaving your environment. Founded in 2020 by a brilliant team of award winning Israeli red team experts, Laminar is proudly backed by Insight Partners, Tiger Global, Salesforce Ventures, TLV Partners, and SentinelOne.

Read More

AWS INFRASTRUCTURE

Redis Extends Strategic Collaboration Agreement with AWS

Redis | November 23, 2022

Redis, the real-time data platform, announced today a multi-year strategic collaboration agreement (SCA) with Amazon Web Services, Inc. (AWS). Building on the companies’ existing work together, this agreement will make it easier and faster for customers to adopt Redis Enterprise Cloud’s real-time data processing capabilities with the global reach of AWS services. This SCA is designed to deliver new product support, industry-specific solutions, and go-to-market strategies beginning with customers migrating on-premises open source or relational databases to the cloud. Additionally, Redis’ Enterprise Cloud solution that runs on AWS services will make it easier for customers to modernize or build entirely new, intelligent applications. Ultimately this focus will empower customers––ranging from the financial services, gaming, retail, and healthcare/life sciences industries to create highly available geo-distributed applications that require sub-millisecond performance; for example indexing and complex queries of frequently read data. “Today’s businesses must be able to leverage data as it’s created. Redis Enterprise Cloud on AWS allows developers to deploy and run modern applications with real-time, right now performance from anywhere on the planet,” said Jason Forget, Chief Revenue Officer and President, Redis. “While Redis has been working closely with AWS for years, we view this collaboration as a way to further customers' desire to build and deploy at global scale with the local latency required by modern applications.” Redis currently uses AWS’s global reach and go-to-market programs to educate and incentivize Redis Enterprise Cloud deployments on AWS. Customers can purchase Redis Enterprise Cloud in AWS Marketplace which offers a simplified and consolidated bill that combines their Redis Enterprise Cloud usage with their AWS consumption. Redis and AWS: Powering the Global Real-Time Economy “Our machine learning models deliver multiple recommendations during a single user session. We needed a high-performance database in order to handle these read and write operations that could be integrated with our machine learning platform, Amazon SageMaker. Redis Enterprise Cloud on AWS solves this issue very well for us. I don't think we've ever completed a migration that quickly with such a high volume of data,” said Daniel Galinkin, Head of Machine Learning Engineering at iFood, a Brazilian online food ordering and delivery platform. “We need to be able to take a large amount of reference data and be able to use it for real-time decision making. Redis Enterprise Cloud on AWS was the ideal solution to meet our technical requirements as we evolve from our own data centers to also leverage AWS infrastructure. We’re able to support multiple data centers and AWS Regions with Active-Active Redis to optimize for the lowest local latency, provide durability, and control rate limiting to deliver the best experience for our customers. We’ve extended Redis Enterprise Cloud on AWS for feature calculations, along with Amazon DynamoDB, to structure, store, and quickly access the data to make calculations for a model,” said Humberto Morales, Chief Architect at Telesign, a digital identity and communications platform-as-a-service. “AWS and Redis have a history of working together. We look forward to expanding our relationship and continuing to deliver innovative solutions for our customers, With this new strategic collaboration between AWS and Redis, we are focused on helping our customers meet their needs seamlessly, and enabling businesses to utilize their data more effectively.” Ruba Borno, Vice President, Worldwide Channels and Alliances at AWS For details on where to find and connect with Redis at AWS re:Invent read the Redis blog or pre-schedule a meeting with an expert in Booth #845. About Redis Data is the lifeline of every business, and Redis helps organizations reimagine how fast they can process, analyze, make predictions, and take action on the data they generate. Redis provides a competitive edge to any business by delivering open source and enterprise-grade data platforms to power applications that drive real-time experiences at any scale. Developers rely on Redis to build performance, scalability, reliability, and security into their applications. Born in the cloud-native era, Redis uniquely enables users to unify data across multi-cloud, hybrid and global applications to maximize business potential. Learn how Redis can give you this edge at redis.com.

Read More

CLOUD SECURITY

Cyera and Wiz Partner to Strengthen Cloud Security with Data Security Posture Management

Wiz | November 18, 2022

Cyera, the data security company, can now seamlessly integrate with Wiz to provide prioritized attack surface minimization and automated remediation based on sensitive data exposure. Cyera leverages its Data Security Graph to help security teams quickly understand the blast radius that an active security threat or vulnerability represents, and how to respond to remediate the issue. "Wiz introduced a new approach to cloud security that enables organizations to embrace the cloud while reducing risk, Partnering with other cloud-first companies that enable security teams benefits everyone as it improves the overall cloud security posture." Assaf Rappaport, CEO of Wiz Enhancing Cloud Detection and Response with Data Security Posture Cyera's data security posture management platform enables security teams to understand the data they manage, and what's at risk. By automatically and continuously identifying data stores across IaaS, PaaS and SaaS, Cyera proactively assesses internet facing exposures and access permissions, and provides detection and response capabilities to keep an organization's most precious data safe from exposure. This integration adds Cyera's deep data context to Wiz's extensive risk posture assessments. "Cyera provides enterprises with a deep understanding of the sensitive data they have, how it extends their threat surface and how to take action to remediate the risk it represents," said Yotam Segev, CEO of Cyera. "Together, our solutions will empower security teams to approach cloud security holistically, focusing on the risks that matter most." Holistic cloud data protection, at scale The new solution will enable security teams to prioritize risk remediation based on sensitive data exposure. "Security teams need to understand how sensitive data represents risk to their business," said Mike Britton, Chief Information Security Officer for Abnormal Security. "Getting your security posture right requires you to understand the difference between how an application, an IT employee, or someone in HR should be able to access and handle sensitive information, before you can effectively apply the right controls that protect your business without disrupting it." Examples of how this partnership improves cloud security with data security posture include: Adding context on the risk that publicly exposed data represents to operational resilience into detection and response workflows Identifying where improved data security controls and less permissive access to sensitive customer or employee data can improve cyber-resilience and protect against ransomware threats Correlating cloud configuration issues, critical data store vulnerabilities, and data security risk to ensure teams can respond quickly to the most material risks to their cloud environments About Cyera Cyera is the data security company that gives businesses context and control over their most valuable asset: data. As a pioneer in data security posture management, Cyera instantly provides companies visibility over all of their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. Backed by leading investors including Sequoia, Accel, and Cyberstarts, Cyera is redefining the way companies do cloud data security. About Wiz Wiz is reinventing cloud security from the inside out. Led by an experienced and visionary team, Wiz is on a mission to help organizations create secure cloud environments that accelerate their businesses. By creating a normalizing layer between cloud environments, the Wiz platform enables organizations to rapidly identify and remove critical risks.

Read More

Events