{"id":102033,"date":"2019-09-20T06:00:26","date_gmt":"2019-09-20T13:00:26","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=102033"},"modified":"2019-09-19T13:49:21","modified_gmt":"2019-09-19T20:49:21","slug":"cloud-aws-critical-cloud-misconfigurations","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2019\/09\/cloud-aws-critical-cloud-misconfigurations\/","title":{"rendered":"Top 3 AWS Critical Cloud Misconfigurations and How to Remediate"},"content":{"rendered":"

By <\/span>Nathaniel \"Q\" Quist, Sr. Threat Researcher, Public Cloud Security<\/span><\/p>\n

 <\/p>\n

It\u2019s no secret that cloud adoption yields tremendous business benefit \u2014 increased agility, reduced cost, flexibility, ease-of-use, the list goes on. The problem is, companies have adopted cloud faster than they\u2019ve been able to adopt security processes and practices to support it.\u00a0 Developer teams are enthusiastically spinning up cloud workloads and standing up new AWS infrastructure, while security teams may feel they are left to mop up.<\/span><\/p>\n

Some of the major, headline-grabbing cloud breaches we saw over this past year reflect basic security configuration mistakes: allowing traffic to Port 22 from the public internet, leaving the remote desktop protocol (RDP) exposed. We wouldn\u2019t perform these actions within on-prem infrastructure, so why are we seeing this in cloud? A bird\u2019s eye view of what\u2019s going on would look much like a repeat of what we saw in the 90s: developers excitedly leveraging the newest technologies and acting with little to no thought about the security implications of their latest project.<\/span><\/p>\n

\"AnNovice configuration mistakes transform the cloud into a Wild West for hackers, full of gold mines of opportunity for them. This helps explain the rapid emergence of <\/span>cybercrime groups, like Rocke, that specialize in targeting the public cloud<\/span><\/a>. The good news is, hackers are looking for easy money, so if you make it difficult for them by using proper configurations, they will look elsewhere.<\/span><\/p>\n

My team and I have spent the past few years collecting data from hundreds of cloud environments in order to learn about the biggest threats to the public cloud. We found that within the last year, 65% of attacks were due to misconfiguration. Our research has identified the top three critical misconfigurations that are most common in organizations\u2019 AWS environments. For each of these, following a set of simple recommendations will help organizations better secure their clouds and avoid becoming the next easy targets for attackers.<\/span><\/p>\n

 <\/p>\n