Aug 26, 2021
Can You Hear Me, Can You See My Screen?
* How to Make Your Next Third-Party Risk Conversation Less Awkward: https://www.darkreading.com/vulnerabilities-threats/how-to-make-your-next-third-party-risk-conversation-less-awkward
* 5 Vexing Cloud Security Issues: https://www.itprotoday.com/hybrid-cloud/5-vexing-cloud-security-issues
* Attackers Increasingly Target Linux in the Cloud: https://www.darkreading.com/threat-intelligence/attackers-increasingly-target-linux-in-the-cloud
* Top 5 Best Practices for Cloud Security: https://www.infosecurity-magazine.com/magazine-features/top-5-best-practices-for-cloud/
* Zix Releases 2021 Mid-Year Global Threat Report: https://www.darkreading.com/cloud/zix-releases-2021-mid-year-global-threat-report
* The big three innovations transforming cloud security: https://siliconangle.com/2021/08/21/big-three-innovations-transforming-cloud-security/
* The Benefits of a Cloud Security Posture Assessment: https://fedtechmagazine.com/article/2021/08/benefits-cloud-security-posture-assessment
* How to Maintain Accountability in a Hybrid Environment: https://www.darkreading.com/cloud/how-to-maintain-accountability-in-a-hybrid-environment
* 6 Cloud Security Must-Haves–with Help from CSPM, CWPP or CNAPP: https://www.eweek.com/security/6-cloud-security-must-haves-with-help-from-cspm-cwpp-or-cnapp/
* The hybrid-cloud security road map: https://www.techradar.com/news/the-hybrid-cloud-security-road-map
* How Biden’s Cloud Security Executive Order Stacks Up to Industry Expectations: https://securityintelligence.com/articles/biden-executive-order-industry-expectations/
* Cloud Security: Adopting a Structured Approach: https://customerthink.com/cloud-security-adopting-a-structured-approach/
* The Overlooked Security Risks of the Cloud: https://threatpost.com/security-risks-cloud/168754/
Jesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.
Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use them. It’s an awesome approach to detecting breaches. I’ve used something similar for years myself before I found them. Check them out. But wait, there’s more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It’s awesome. If you don’t do something like this, instead you’re likely to find out that you’ve gotten breached the very hard way. So, check it out. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You’ll know which one of those you fall into. Take a look. I’m a big fan. More to come from Thinkst Canary weeks ahead.
Jesse: It is 2021. Conference calls and remote meetings have the same decade-old problems. Connection drops, asking if anyone can hear us, asking if anyone can see our screen, even though we can clearly see the platform is in sharing mode with our window front and center. Why is this so hard? We live in the golden age of the cloud.
Shouldn’t we be easily connecting and sharing like we’re in the same room rather than across the planet? Yes we should. Sure, there have been improvements, and now we can do high-quality video, connect dozens or hundreds of people from everywhere on a webinar, and usually most of us can manage a video meeting with some screen sharing. I don’t understand how we can have Amazon Chime, WebEx, Teams, Zoom, Google Meet—or whatever it’s called this month—GoToMeeting, Adobe Connect, FaceTime, and other options, and still not have a decent way for multiple people to see and hear one another and share a document, or an application, or screen without routine problems. All of these are cloud-based solutions.
Why do they all suck? When I have to use some of these platforms, I dread the coming meeting. The worst I’ve seen is Amazon Chime—yes, that’s you, Amazon—Microsoft Teams—as always—and Adobe Connect. Oof. The rest are largely similar with more or less the same features and quality, except FaceTime, which is still only a personal use platform and not so great for conferences for work. I just want one of these to not suck so much.
Meanwhile in the news. How to Make Your Next Third-Party Risk Conversation Less Awkward. You know that moment. Someone asks a question at the networking event. The deafening silence while you stare at the floor trying to find a way to get out of embarrassing yourself. Do your future self a favor and do some work before this happens again. You’ll feel better and you’ll have better visibility while improving your security posture.
5 Vexing Cloud Security Issues. Unlike the tips and best practices list, this one is a ‘don’t be stupid’ type list. Some of these are foundational basic security steps. Watch out for the zombies.
Attackers Increasingly Target Linux in the Cloud. Linux is the most common cloud-hosted OS. It shouldn’t be surprising that it’s the most common platform to attack, as well. Secure and monitor your cloud hosts closely. This is also a good reason to consider pushing toward a dynamic services model without traditional operating system footprints.
Top 5 Best Practices for Cloud Security. Oh, yay. Another top number list for newbs. We all need reminding of the basics of best practices, especially as they evolve. Are you doing these five things? Why not?
Announcer: Have you implemented industry best practices for securely accessing SSH servers, databases, or Kubernetes? It takes time and expertise to set up. Teleport makes it easy. It is an identity-aware access proxy that brings automatically expiring credentials for everything you need, including role-based access controls, access requests, and the audit log. It helps prevent data exfiltration and helps implement PCI and FedRAMP compliance. And best of all, teleport is open-source and a pleasure to use. Download teleport at goteleport.com. That’s goteleport.com.
Jesse: Zix Releases 2021 Mid-Year Global Threat Report. I suggest looking at the whole report, however, know attackers are using email, SMS and text messages, and customizing phishing more than ever before. Your people are going to see more social engineering attacks, so be sure everyone understands the basics of what types of things not to say on the phone and the usual about not following URLs in messages and emails.
The big three innovations transforming cloud security. CASB, SASE, and CSPM—pronounced ‘cazzbee’ ‘sassy’ and, well, nothing fancy for CSPM that rolls off the tongue, so just use the letters—are your new friends. With the three of these used for your cloud environment, you’ll have better visibility and control of your risk profile and security posture.
The Benefits of a Cloud Security Posture Assessment. Okay, so we’ve covered CSPM some, but you need a CSPA before you implement your CSPM. I tried to…