Cloud APIs’ accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
Public cloud infrastructure presents security teams with a new invisible management layer, creating new security challenges that demand better understanding. Many organizations don’t properly understand the cloud identity and access management layer and often fail to secure it.
Such misunderstandings usually lead to dangerous misconfigurations that can drive customer risk; for example, in the case of the recent Capital One breach. Current security practices and controls are not sufficient to mitigate the risk posed by misunderstanding of the public cloud, explain Igal Gofman, XM head of security research, and Yaron Shani, XM senior security researcher.
When Gofman and Shani began to research cloud-focused threats, they realized many popular defense mechanisms focus on specific attack vectors: for example, brute force protections against cloud services and applications like password spray tools or AWS recon tools. Post-breach defense is usually based on different user activities and machine learning algorithms.