Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • How the CIS Foundations Benchmarks Are Key to Your Cloud Security
  • Critical Vulnerability
  • Data Breach

How the CIS Foundations Benchmarks Are Key to Your Cloud Security

5 years ago Brent Holder
How the CIS Foundations Benchmarks Are Key to Your Cloud Security

Many organizations are migrating their workloads to the cloud. But there are challenges along the way. Specifically, security leaders are concerned about their ability to protect their cloud-based data using secure configurations.

Tripwire found this out when it partnered with Dimensional Research to survey 310 professionals who held IT security responsibilities for their organizations’ public cloud environments across more than a dozen different sectors. In that study, 37% of respondents told Tripwire that their risk management capabilities in the cloud were somewhat lacking compared to the same resources used for other parts of their organizations’ infrastructure. More than three-quarters (76%) of survey participants said it was difficult to maintain secure configurations in the cloud, a finding which illuminates why 93% of leaders said they were worried that human error could cause their employers to accidentally expose their cloud-based data.

These survey results raise an important question: how are organizations supposed to maintain secure configurations in the cloud?

The CIS Foundations Benchmarks as a Starting Point

Organizations can begin by turning to the Center for Internet Security (CIS). This community-driven group has created a series of benchmarks consisting of best practices that organizations can use to stay secure. Some of those benchmarks pertain to OSes like Windows and Linux, while others relate to applications.

The CIS benchmarks that concern us today are those that provide prescriptive guidance for configuring the security options of organizations’ AWS, Azure and Google accounts. Those best practices are designed to help organizations not open themselves up to certain risks from the moment they set up their cloud accounts. As such, the benchmarks do not get into how organizations can secure their individual cloud-based workloads and services.

The cloud benchmarks vary depending on the provider. But there are a few shared elements between them. These are as follows:

Identity and Access Management

Identity and Access Management (IAM) is about making sure that the right people are able to log in with the right privilege levels. As such, organizations can use IAM to determine that there aren’t problematic settings through which unprivileged users can access privileged information.

Steve Tipton, ISC senior sales engineer for Tripwire, explains that IAM is so important today given the increasing complexity of organizations’ IT networks:

In this continually evolving technological world, organizations have more data to protect in a variety of places such as on-premises, the cloud, mobile devices, legacy applications, etc. The normal boundaries that were used to protect data are disappearing rapidly. This has created massive challenges for organizations that want to control data access in a connected and distributed environment.

It’s therefore important that organizations work to implement IAM for the cloud. Towards that end, they can use CIS Critical Security Control (CSC) 16 to maintain an inventory of all accounts with the help of an authentication system. This measure will ensure that organizations know about all of the users that they need to secure. Additionally, they need to make sure that they have an automated process for revoking system access when an employee’s role changes in the organization of when they no longer work at the organization. Such a process should involve disabling user accounts but not deleting them so as to preserve audit trails.

Logging and Monitoring

Organizations need to have access to the details of when a critical system change occur and/or when something goes wrong with their cloud infrastructure. Absent that information, organizations won’t have the visibility into their cloud environments that they need in order to investigate potential attacks and root out potential intrusions before they balloon into security incidents. That’s why organizations need access to their system logs.

To achieve this level of visibility, organizations can use CIS Control 6 to ensure that local logging is operational on all cloud systems and network devices, activate settings for collecting detail logs on their protected systems and make sure that they have adequate storage place to house their logs. They also need a way to manage these logs so that they can gain insight into critical events while reducing unnecessary noise.

Networking

Finally, organizations need to determine that malicious actors can’t achieve anonymous access into their cloud infrastructure. At issue is the threat of data exfiltration. Nefarious individuals could infiltrate an organization’s network, move laterally to sensitive systems and send its sensitive information back to a server under their control. Such activity would undermine organization’s cloud data security and threaten both their compliance efforts and reputation.

Acknowledging that reality, organizations can harden their cloud security using CIS CSC 14. This security measure recommends that organizations use access control lists to enforce the principle of least privilege. It also specifies how organizations can use automated controls to enforce access controls concerning their cloud-based data.

Strengthening Cloud Security with Tripwire

Tripwire can help organizations to configure their cloud accounts correctly using the CIS Controls identified above as well as other security measures. More information is available here.

The post ” How the CIS Foundations Benchmarks Are Key to Your Cloud Security” appeared first on TripWire

Source:TripWire – Brent Holder

Tags: Cloud, Critical Severity, Google, Linux, TripWire

Continue Reading

Previous TrickBot Continues Resurgence with Port-Scanning Module
Next REvil, Ryuk and Tycoon Ransomware: How They Work and How to Defend Against Them

More Stories

  • Cyber Attacks
  • Data Breach

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

8 hours ago [email protected] (The Hacker News)
  • Data Breach

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

10 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

14 hours ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
  • DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
  • China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
  • Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
  • The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT