Remote work initiatives can result in cloud security risks as security and IT teams quickly migrate to the cloud while still supporting legacy technology.
As you adopt new cloud technologies, it’s harder to gain visibility into security risks outside of your control. Any administrative changes and other common misconfigurations gone unnoticed can have cascading effects on security, and widen an organization’s attack surface, unintentionally exposing sensitive data to the internet.
Organizations of all sizes struggle with securing a hybrid environment of on-premises and cloud applications, services and infrastructure. To compensate, they may turn to a growing number of security tools that are too costly, complex and manual.
To help secure organizations of all sizes migrating to cloud infrastructure and software as a service (SaaS), Blumira has built integrations with cloud infrastructure, identity providers and applications to ensure we have coverage across different platforms and vendors.
This provides value for our customers as they endeavor to gain visibility, centralize cloud monitoring and simplify their detection and response capabilities.
Our solution has been reviewed by AWS to meet the highest standards for security, reliability and operational excellence. Blumira has officially joined the Amazon Partner Network (APN) as an Independent Software Vendor (ISV).
Our platform monitors GuardDuty, CloudTrail and VPC Flow Logs for malicious activity, centralizing log flows for continuous monitoring to help you protect your AWS environment.
Learn more about how to integrate your AWS log sources with Blumira’s cloud SIEM in our AWS: Getting Started Guide.
Common misconfigurations can result in the exposure of AWS S3 (Simple Storage Service) buckets, which are scalable object storage that you can use to store applications, backup and recovery, disaster recovery, hybrid cloud storage and more.
Any administrative change in settings can unknowingly result in the public exposure of potentially sensitive or customer data, which can result in data breaches, compliance violations and costly fines.
In the Capital One breach from 2019, a software engineer used scanning software to identify AWS customers with misconfigured firewalls that had access permissions to S3 buckets. She decrypted and exfiltrated data from a found account (U.S. Dept. of Justice).
A few years back, S3 bucket exposures were more common due to the lack of visibility and inability of companies to keep track of bucket configurations. Additionally, there were certain bucket access control lists (ACLs) that allowed for public access to buckets, due to both poor naming and user education on ACL permissions (SecurityBoulevard).
Blumira’s SIEM monitors CloudTrail logs for these types of changes and misconfigurations, parsing and analyzing billions of events to pare them down to a few prioritized alerts sent in near real-time to your team to respond to quickly.
S3 Detection: Finding Analysis
In this example detection, we’ve identified that a specific Amazon S3 bucket has been granted publicly anonymous access by a certain user originating from an IP address. If this was unexpected behavior, it could indicate a misconfiguration or compromised credentials.
S3 Detection: Workflow Remediation
To help you respond quickly, we populate the finding with a pre-built playbook to walk through remediation. In this case, we recommend you review the S3 bucket in question that we identified, its ARN (Amazon Resource Number) and the bucket owner to determine if it was an expected or authorized change.
If not, you should mark the finding as malicious activity, work to quarantine the IAM principal and investigate further. If your team needs more advice or information to understand this finding or what your next steps should be, you can directly message the responsive Blumira security team for additional help.
In addition to S3 misconfigurations, we monitor your AWS cloud environment for indicators of other cloud security threats to help you identify malicious activity and stop an attack in progress.
Additional AWS Security Resources
Join VP of Product Jim Simpson and CTO Matt Warner as they cover how to reduce cloud security risks with Blumira’s cloud and AWS security monitoring solution in our on-demand webinar, Security Advisor Series: Tackling Cloud Security Threats in AWS.