As the ten year anniversary of Amazon Web Services (AWS) launch approaches, Amazon has much to celebrate, including generating $1.57 billion in revenue in Q1 2015.
AWS’s increased adoption is fueled by a rapidly growing number of organizations running critical workloads on the IaaS platform. Cybercriminals are catching up, targeting the substantial payload AWS environments represent.
It’s safe to assume breaking into Amazon’s data center or hacking into their infrastructure exceeds the skill level of your average cybercriminal, though hijacking credentials is all-too-easy through social engineering, spear phishing, and other contemporary cybercrime tactics.
Amazon provides outstanding security at the infrastructure level, but securing usage and user behavior is ultimately the responsibility of the customer. For security-minded AWS customers, the following AWS security considerations are worth pondering.
AWS Access Management: What Else Can I Do?
It doesn’t matter how a cybercriminal obtains user credentials (i.e., plucks them off the sticky note under your desk or executes a remarkably simple spear phishing attack); once they have them, the malicious individual is capable of impersonating an AWS user. This is a particularly horrifying situation when considering the possibility of privileged user account compromise (read: admins) and the limitless power privileged users possess within AWS.
What you can do about it: CloudLock helps secure access and protect against cyberthreats through privileged access management capabilities, including:
- Attempts to bypass multi-factor authentication (MFA)
- Root-level access and activities
- New access and key/secret pair creation
What Are AWS Users Doing?
Security professionals can learn a great deal by looking into the behavior of their users, particularly in cloud environments, where the most dangerous 1% of users introduce 75% of cybersecurity risk. Security solutions that harness data points around user behavior are capable of shining a light on areas of risk that otherwise may go unnoticed.
What you can do about it: Driven by user behavior analytics policies, CloudLock provides alerts on potentially risky events worth reviewing, including:
- Anomalous user behavior
- Geolocation anomalies
- Access via unauthorized geographies, (i.e., not explicitly whitelisted countries)
Are My AWS Configurations Up To Par?
AWS Configuration settings have considerable security implications; misconfigurations can not only directly expose sensitive data, but can result in systems and services lacking a sufficient standard of security controls (for instance, the minimum amount of characters required for a password, or required frequency of password reset).
If security configurations are modified – either through inadvertent error or as a product of malicious intent, the ramifications are very real, removing barriers between cybercriminals and their dangerous goals.
What you can do about it: CloudLock helps monitor, manage, and enforce security configuration settings across AWS.
- Modifications to password policy
- Changes to security groups, virtual private cloud (VPC) definitions, and identity and access management (IAM) policies
What Can My Other Systems Tell Me?
As users remain the prime target for cybercriminals, gaining insight into user behavior to establish what constitutes typical – and anomalous – behavior is crucial. Without a means of comparing otherwise disparate data points, organizations run the risk of letting cybercriminals slip through the cracks.
What you can do about it: CloudLock correlates information across cloud platforms (including SaaS, IaaS, IDaaS, and PaaS) and throughout the organization (SSO integration, SIEM integration) to add depth and context to seemingly innocuous events and incidents, including cross-platform user behavior analytics (UBA).Consider the example of a user logging into Dropbox from New York at 8pm, and logging into AWS from San Francisco two hours later – a physical impossibility. While point solutions would miss this level of insight, CloudLock identifies such behavior as anomalous and indicative of potential account compromise, then alerts security teams of suspicious activity that merits further investigation.
Don’t Take Our Word For It
Experience the CloudLock Security Fabric first-hand in a demo and take the first step to securing your cloud ecosystem, including SaaS, PaaS, IaaS, and IDaaS environments to solve five primary needs: Threat Protection, Cloud DLP, App Discovery and Control, Risk and Compliance Management, and Auditing and Forensics.