Cloud misconfigurations continue to be a serious concern for organizations, and the list of security incidents caused by the exposure of data from Saas and IaaS applications only continues to grow.
There’s a common misconception that cloud providers handle security, a relic leftover from hosting providers of previous decades. The truth is, cloud providers use a shared responsibility model, leaving a lot of security up to the customer. Stories of AWS compromise are widespread, with attackers often costing organizations many thousands of dollars in damages.
The Splunk Attack Range project has officially reached the v1.0 release. By achieving this milestone, we wanted to reflect on how we got here, what features we’ve built for v1.0 and what the future looks like for Splunk Attack Range. What is the Splunk Attack Range? 🧐
Implementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, clusters, stored information, and input/output data streams. When you add configuration and user management to the mix, it’s clear that there is a lot to secure!
At Elastic Security, we approach the challenge of threat detection with various methods. Traditionally, we have focused on machine learning models and behaviors. These two methods are powerful because they can detect never-before-seen malware. Historically, we’ve felt that signatures are too easily evaded, but we also recognize that ease of evasion is only one of many factors to consider.
Although a business appears to make every effort to protect its assets, there is still no security guarantee. Hackers being fully aware of this uncertainty, tend to take complete advantage by tricking users or bypassing restrictions of the technology products in use, allowing them to acquire complete access. Such perils have given rise to the necessity of having a proactive approach towards cyber security to identify, prepare and respond to events.