Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

1/18/2019
09:00 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

8 Tips for Monitoring Cloud Security

Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
Previous
1 of 9
Next

(Image: Gorodenkoff - stock.adobe.com)

(Image: Gorodenkoff stock.adobe.com)

If your company struggles with visibility into cloud security metrics, it's not alone. Cloud security is fundamentally different from on-prem security and requires different practices as companies move applications, services, and data to this new environment. 
 
You can no longer view security as a "fence around everything," says Chris Ford, vice president of product management at Threat Stack. "In this new world of highly changing infrastructure, you need visibility into all the different areas of infrastructure where you can detect risk and begin to put security posture in place. "This all depends on your ability to observe behaviors."

When it comes to today's cloud security practices, companies are in "reactive mode," says Balaji Parimi, CEO of CloudKnox. They're focused on protecting their cloud environments by using tools that provide visibility into anomalous activity and then responding to it, he explains.

"While there is some merit to these 'reactive' tools, companies must prioritize pre-emptive measures in order to prevent catastrophic scenarios," Parimi says. He advises they evaluate tools that will help prevent, or at least minimize, risks linked to poorly provisioned identities.

Watching for overprovisioned or incorrectly provisioned identities is one of the ways companies can improve security monitoring in the cloud. Here, experts share their best practices for how to approach cloud security monitoring and what to watch for in their cloud environments.

Feel free to share your own in the comments. 

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
gif-washco
50%
50%
gif-washco,
User Rank: Apprentice
1/18/2019 | 10:37:22 AM
Oopsy: IaaS is "Infrastructure as a Service"
There is a reference in this article (page 3) on IaaS as "Internet as a Service". It is really "Infastructure as a Service".
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15151
PUBLISHED: 2019-08-18
AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
CVE-2019-15149
PUBLISHED: 2019-08-18
core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected.
CVE-2019-15145
PUBLISHED: 2019-08-18
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-15146
PUBLISHED: 2019-08-18
GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c.
CVE-2019-15147
PUBLISHED: 2019-08-18
GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.