Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/15/2019
09:30 AM
Connect Directly
Twitter
RSS
E-Mail

7 Biggest Cloud Security Blind Spots

Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles.
4 of 8

Hybrid Architecture
According to a recent report from the Cloud Security Alliance, some 55% of organizations run complex cloud computing environments that operate with a hybrid architecture. Such a setup offers a great way for large organizations to transition gradually to the cloud, but it introduces security visibility challenges as organizations struggle to track assets across the entire architecture and monitor activity across a complex myriad of hybrid cloud connections. In fact, a report out earlier this year from Firemon shows 80% of organizations are challenged by the limitations and complexity of tools used for monitoring and managing security across hybrid environments.

Image Source: Adobe Stock (Mongkol Chuewong)

Hybrid Architecture

According to a recent report from the Cloud Security Alliance, some 55% of organizations run complex cloud computing environments that operate with a hybrid architecture. Such a setup offers a great way for large organizations to transition gradually to the cloud, but it introduces security visibility challenges as organizations struggle to track assets across the entire architecture and monitor activity across a complex myriad of hybrid cloud connections. In fact, a report out earlier this year from Firemon shows 80% of organizations are challenged by the limitations and complexity of tools used for monitoring and managing security across hybrid environments.

Image Source: Adobe Stock (Mongkol Chuewong)

4 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
billycripe
50%
50%
billycripe,
User Rank: Strategist
9/3/2019 | 10:34:30 AM
Forensics and Visibility
Great summary of a bunch of key research!
The challenges with forensics and visibility, especially in the dynamic and decentralized world of container-based architectures are compounded with new TLS 1.3 encryption, pinned certificates coming from 3rd party APIs and even TLS 1.2 with perfect forward secrecy enabled. 

Security teams must have a way to get decrypted visibility in the cloud so they can do threat hunting, forensic / root cause analysis and passive, out of band inspection. Even DevOps teams increasingly need this for troubleshooting and appPerfMon activities. 

Symmetric Key Intercept is a new, out-of-band decryption technique for the cloud that should be investigated. Instead of creating contorted cloud architectures (like routing all back-end API calls through a front-end MITM set-up), out of band decryption that can handle the new standards provides decrypted visibility in the cloud without sacrificing the benefits that drew you to the cloud in the first place. 
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13545
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.
CVE-2019-13541
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.
CVE-2019-17367
PUBLISHED: 2019-10-18
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
CVE-2019-17393
PUBLISHED: 2019-10-18
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and pa...
CVE-2019-17526
PUBLISHED: 2019-10-18
** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').pop...