Powerful Cloud Permissions You Should Know: Series Final
Sonraí Security
by Tally Shea
1w ago
MITRE ATT&CK Stage: Exfiltration and Impact This blog is the final publication in a series exploring the most powerful cloud permissions and how they map to the MITRE ATT&CK Framework. You can find the series beginning on the Initial Access stage here. — The end of the MITRE Framework concludes with Exfiltration or Impact. An attacker may be trying to steal organizational data and remove it from your environment – exfiltration – or just interrupt and disrupt your operations – impact. Even a well-intended employee can misuse these permissions and cause potential impact to your business ..read more
Visit website
Powerful Cloud Permissions You Should Know: Part 5
Sonraí Security
by Tally Shea
3w ago
MITRE ATT&CK Stage: Defensive Evasion This blog is the fifth publication in a series exploring the most powerful cloud permissions and how they map to the MITRE ATT&CK Framework. If you have not yet read the first blog on the Initial Access stage, you can find it here and follow along the series. – A lot of activity in the cloud is traceable. Most organizations know it is best practice to enable logging and security tools to help in auditing or protection practices. However, there are a few actions one can take to disable these processes or cover their tracks. Once an attacker is in yo ..read more
Visit website
Powerful Cloud Permissions You Should Know: Part 4
Sonraí Security
by Tally Shea
1M ago
MITRE ATT&CK Framework: Credentials Access This blog is the fourth publication in a series exploring the most powerful cloud permissions and how they map to the MITRE ATT&CK Framework. You can find the beginning of the series here. —– ‘Credential Access’ is the next stage of the MITRE ATT&CK Framework we’ll explore – an attacker’s efforts to hijack accounts and steal passwords. For the purpose of mapping permissions to the framework, we’ve considered any sort of credential theft OR the ability to create new credentials as ‘credential access’. Using legitimate credentials – the toke ..read more
Visit website
Powerful Cloud Permissions You Should Know: Part 3
Sonraí Security
by Tally Shea
1M ago
MITRE ATT&CK Framework: Lateral Movement & Privilege Escalation This blog is the third publication in a series exploring the most powerful cloud permissions and how they map to the MITRE ATT&CK Framework. You can find the previous blog on Persistence techniques here. — An attacker is in your cloud. They are looking to move around it in search of further opportunity. Whether it is pivoting in and out of different accounts, hopping from identity or the next, or gaining more privilege, they’re on the move. Traditionally, Privilege Escalation and Lateral Movement are distinct stages in ..read more
Visit website
Powerful Cloud Permissions You Should Know: Part 2
Sonraí Security
by Tally Shea
2M ago
MITRE ATT&CK Framework: Persistence This blog is the second publication in a series exploring the most powerful cloud permissions and how they map to the MITRE ATT&CK Framework. If you have not yet read the first blog on the Initial Access stage, you can find it here. – Once an attacker has gained a foothold into your environment, their first thought is, ‘how can I stay here?’ Meaning, what nooks and crannies can they create or windows can they leave open to offer them ways back into your cloud or ways, inflict further damage, or just remain. This is how we categorized permissions into ..read more
Visit website
Powerful Cloud Permissions You Should Know: Part 1
Sonraí Security
by Tally Shea
2M ago
MITRE ATT&CK Framework: Initial Access A cloud permission is never a dangerous thing by nature. In fact, their power is solely defined by the context in which they are used. Whether a permission falls into the wrong hands for malicious use, or an employee uses it and unintentionally introduces new risk, cloud permissions can be powerful tools. Some permissions inherently hold more power than others and should be controlled accordingly. With over 40,000+ possible actions across the major cloud providers, prioritizing locking down the permissions with the greatest potential for damage is cri ..read more
Visit website
A Guide to GCP Organization Policy: Managing Access
Sonraí Security
by Tally Shea
3M ago
Governance, security and compliance become difficult projects at scale. If you’re an enterprise operating out of Google Cloud, you’re likely looking for ways to manage access, enforce guardrails, and make configuration constraints to resources across your organization. Below, we will introduce all you need to know about GCP Organization Policies and describe how you can leverage them to centralize control over your environment. What is a GCP Organization Policy? Organization Policy is a powerful tool provided by Google Cloud, designed to give you centralized and systematic control over your cl ..read more
Visit website
How to Manage S3 Permissions & Access
Sonraí Security
by Tally Shea
3M ago
Amazon Web Services (AWS) S3, or Simple Storage Service, is a highly scalable object storage service that allows businesses to store and retrieve any amount of data. S3 permissions are the explicit rules within policies that determine who can access the service entirely and more specifically the objects within it. Let’s dive into why managing access is important. The Role of IAM Policies in S3 Managing identity and access to the S3 service is vital. Because S3 is a storage service, it hosts sensitive and business-critical data for most enterprises using AWS – think business secrets, employee i ..read more
Visit website
What is Azure Policy: All You Need to Know
Sonraí Security
by Tally Shea
4M ago
What is Azure Policy? Azure Policy is a service within Microsoft Azure that allows organizations to create, assign, and manage policies. These policies define rules and effects over resources, identities, and groups, in an effort to ensure compliance and uphold security. Enforcement comes in two forms – flagging non compliance so your team can remediate the concern or simply blocking deployment. Before delving deeper into Azure Policy, let’s narrow in on what a security policy is, especially in the context of the Cloud. A security policy in cloud computing is a set of rules and guidelines tha ..read more
Visit website
An Analysis: 3 Breaches and the Role of Cloud Permissions
Sonraí Security
by Tally Shea
4M ago
Good security has long been about creating a barrier to entry. It’s been about ‘keeping them out.’ The spotlight, attention, and budget, has been dedicated to that pivotal moment – whether the perimeter is breached or not. This approach worked on-prem (for good reason) but things are different in the cloud. Our big take: securing high-value cloud permissions should be the (time, resources, and budget) priority after perimeter defense. Here’s why we think that. No matter what effort you focus on whether its vulnerability and workload management, platform and configuration controls, or employee ..read more
Visit website

Follow Sonraí Security on FeedSpot

Continue with Google
Continue with Apple
OR