Meanwhile in Security

By: Jesse Trucks
Listen for free

  • Summary

  • Cloud security is a minefield of news that assumes the word "Security" is lurking somewhere in your job description. It doesn't have to be this way. Weekly cloud security news for people with other jobs to do. Cloud Security For Humans.
    © The Duckbill Group, 2021
    Show More Show Less
Politics & Government
Show More Show Less
activate_Holiday_promo_in_buybox_DT_T2
Episodes
  • Standing in the Rain Isn't Diving in the Sea

    Standing in the Rain Isn't Diving in the Sea
    Sep 2 2021
    Links:Microsoft Azure Cloud Vulnerability Exposed Thousands of Databases: https://www.darkreading.com/cloud/microsoft-azure-cloud-vulnerability-exposed-thousands-of-databasesGoogle, Amazon, Microsoft Share New Security Efforts After White House Summit: https://www.darkreading.com/operations/google-amazon-microsoft-share-new-security-efforts-post-white-house-summitNew Data-Driven Study Reveals 40% of SaaS Data Access is Unmanaged, Creating Significant Insider and External Threats to Global Organizations: https://www.darkreading.com/cloud/new-data-driven-study-reveals-40-of-saas-data-access-is-unmanaged-creating-significant-insider-and-external-threats-to-global-organizationsResearchers Share Common Tactics of ShinyHunters Threat Group: https://www.darkreading.com/attacks-breaches/researchers-share-common-tactics-of-shinyhunters-threat-groupHow to automate forensic disk collection in AWS: https://aws.amazon.com/blogs/security/Confidential computing: an AWS perspective: https://aws.amazon.com/blogs/security/New in October: AWS Security Awareness Training and AWS Multi-factor Authentication available at no cost: https://aws.amazon.com/blogs/security/amazon-security-awareness-training-and-aws-multi-factor-authentication-tokens-to-be-made-available-at-no-cost/Use IAM Access Analyzer to generate IAM policies based on access activity found in your organization trail: https://aws.amazon.com/blogs/security/TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use them. It’s an awesome approach to detecting breaches. I’ve used something similar for years myself before I found them. Check them out. But wait, there’s more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It’s awesome. If you don’t do something like this, instead you’re likely to find out that you’ve gotten breached the very hard way. So, check it out. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You’ll know which one of those you fall into. Take a look. I’m a big fan. More to come from Thinkst Canary weeks ahead.Jesse: Disaster befell much of the middle south of the US when Ida slammed into the coast and plowed its way up north through the land. What does a hurricane have to do with security? Business continuity. Business continuity is the discipline of maintaining business operations, even in the face of disasters of any kind, such as a hurricane-driven storm surge running over the levees and flooding whole towns. If you have all your computing systems in the cloud in multiple regions, then such a disaster won’t fully halt your business operations.However, you still might have connectivity issues and possibly either temporary or permanent loss of non-cloud systems. Be sure your non-cloud systems have appropriate backups off-site to another geographically disparate location. Better yet, push backups into your cloud infrastructure and consider ways to utilize that data with your cloud systems during a crisis. Hmm, perhaps you’ll like it so much you will push everything else up to the cloud that isn’t a laptop, tablet, or phone.Meanwhile in the news, Microsoft Azure Cloud Vulnerability Exposed Thousands of Databases. Security for cloud providers can potentially have catastrophic and large scale repercussions. Keep an eye out for any problems that come up that might affect your operations and your data. Do keep in mind your platform has a direct impact on your own risk profile.Google, Amazon, Microsoft Share New Security Efforts After White House Summit. The National Institute of Standards and Technology—or NIST—is building a technology supply chain framework with the big tech companies, including Apple, Amazon, ...
    Show More Show Less
    9 mins
  • Can You Hear Me, Can You See My Screen?

    Can You Hear Me, Can You See My Screen?
    Aug 26 2021
    Links:How to Make Your Next Third-Party Risk Conversation Less Awkward: https://www.darkreading.com/vulnerabilities-threats/how-to-make-your-next-third-party-risk-conversation-less-awkward5 Vexing Cloud Security Issues: https://www.itprotoday.com/hybrid-cloud/5-vexing-cloud-security-issuesAttackers Increasingly Target Linux in the Cloud: https://www.darkreading.com/threat-intelligence/attackers-increasingly-target-linux-in-the-cloudTop 5 Best Practices for Cloud Security: https://www.infosecurity-magazine.com/magazine-features/top-5-best-practices-for-cloud/Zix Releases 2021 Mid-Year Global Threat Report: https://www.darkreading.com/cloud/zix-releases-2021-mid-year-global-threat-reportThe big three innovations transforming cloud security: https://siliconangle.com/2021/08/21/big-three-innovations-transforming-cloud-security/The Benefits of a Cloud Security Posture Assessment: https://fedtechmagazine.com/article/2021/08/benefits-cloud-security-posture-assessmentHow to Maintain Accountability in a Hybrid Environment: https://www.darkreading.com/cloud/how-to-maintain-accountability-in-a-hybrid-environment6 Cloud Security Must-Haves–with Help from CSPM, CWPP or CNAPP: https://www.eweek.com/security/6-cloud-security-must-haves-with-help-from-cspm-cwpp-or-cnapp/The hybrid-cloud security road map: https://www.techradar.com/news/the-hybrid-cloud-security-road-mapHow Biden’s Cloud Security Executive Order Stacks Up to Industry Expectations: https://securityintelligence.com/articles/biden-executive-order-industry-expectations/Cloud Security: Adopting a Structured Approach: https://customerthink.com/cloud-security-adopting-a-structured-approach/The Overlooked Security Risks of the Cloud: https://threatpost.com/security-risks-cloud/168754/TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use them. It’s an awesome approach to detecting breaches. I’ve used something similar for years myself before I found them. Check them out. But wait, there’s more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It’s awesome. If you don’t do something like this, instead you’re likely to find out that you’ve gotten breached the very hard way. So, check it out. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You’ll know which one of those you fall into. Take a look. I’m a big fan. More to come from Thinkst Canary weeks ahead.Jesse: It is 2021. Conference calls and remote meetings have the same decade-old problems. Connection drops, asking if anyone can hear us, asking if anyone can see our screen, even though we can clearly see the platform is in sharing mode with our window front and center. Why is this so hard? We live in the golden age of the cloud.Shouldn’t we be easily connecting and sharing like we’re in the same room rather than across the planet? Yes we should. Sure, there have been improvements, and now we can do high-quality video, connect dozens or hundreds of people from everywhere on a webinar, and usually most of us can manage a video meeting with some screen sharing. I don’t understand how we can have Amazon Chime, WebEx, Teams, Zoom, Google Meet—or whatever it’s called this month—GoToMeeting, Adobe Connect, FaceTime, and other options, and still not have a decent way for multiple people to see and hear one another and share a document, or an application, or screen without routine problems. All of these are cloud-based solutions.Why do they all suck? When I have to use some of these platforms, I dread the coming meeting. The worst I’ve seen is Amazon Chime—yes, that’s you, Amazon—Microsoft Teams—as always—and Adobe Connect. Oof. The rest are largely similar with ...
    Show More Show Less
    10 mins
  • Attacks, Tools, and Ails

    Attacks, Tools, and Ails
    Aug 19 2021
    Links:AWS Cancels re:Inforce Security Conference in Houston Due to COVID-19: https://www.crn.com/news/cloud/aws-cancels-re-inforce-security-conference-in-houston-due-to-covid-19Cloud-native security benefits and use cases: https://searchcloudsecurity.techtarget.com/tip/cloud-native-security-benefits-and-use-casesThe state of cloud security: IaC becomes priority one: https://techbeacon.com/security/state-cloud-security-iac-becomes-priority-oneTakeaways from Gartner’s 2021 Hype Cycle for Cloud Security report: https://venturebeat.com/2021/08/12/takeaways-from-gartners-2021-hype-cycle-for-cloud-security-report/IBM upgrades its Big Iron OS for better cloud, security, and AI support: https://www.networkworld.com/article/3626486/ibm-upgrades-its-big-iron-os-for-better-cloud-security-and-ai-support.htmlSecuring cloud environments is more important than ever: https://federalnewsnetwork.com/commentary/2021/08/securing-cloud-environments-is-more-important-than-ever/The Misunderstood Security Risks of Behavior Analytics, AI & ML: https://www.darkreading.com/risk/the-misunderstood-security-risks-of-behavior-analytics-ai-mlAccenture Says it ‘Detected Irregular Activity,’ Restored Systems from Backup: https://www.darkreading.com/attacks-breaches/accenture-detected-irregular-activity-Google Releases Tool to Help Developers Enforce Security: https://www.darkreading.com/application-security/google-releases-tool-to-help-developers-enforce-securityHow to Make Your Next Third-Party Risk Conversation Less Awkward: https://www.darkreading.com/vulnerabilities-threats/how-to-make-your-next-third-party-risk-conversation-less-awkwardCost of Cyberattacks Significantly Higher for Smaller Healthcare Organizations: https://www.darkreading.com/threat-intelligence/healthcare-sees-more-attacks-with-costs-higher-for-smaller-groupsTranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use them. It’s an awesome approach to detecting breaches. I’ve used something similar for years myself before I found them. Check them out. But wait, there’s more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It’s awesome. If you don’t do something like this, instead you’re likely to find out that you’ve gotten breached the very hard way. So, check it out. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You’ll know which one of those you fall into. Take a look. I’m a big fan. More to come from Thinkst Canary weeks ahead.Jesse: There are many types of attacks that result in security breaches. To understand how many of them work, you need to understand how software languages function and how the hardware operations work in memory and in the CPU. However, you can learn a lot about security without having to learn those things. You can look at some of the attack vectors and gain a high-level understanding of what is happening. For example, man in the middle, or MITM, attacks are when someone inserts malicious code into the communication of two entities. That MITM service will capture communications, make a copy, then send it along like normal.A buffer overflow happens when the allocated memory space for some type of input–whether its contents of a file or dialog boxes and the like—is less than the amount of input. In simpler terms, there is a bucket available for input. The attacker pours more water into the bucket than the bucket can handle. The result is that code in memory could be overwritten and become executable. So, you can learn about security flaws without digging under the surface to see what is actually happening. However, I strongly urge anyone doing security-related things to learn more about these attack types, ...
    Show More Show Less
    10 mins

What listeners say about Meanwhile in Security

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.co.uk reviews

Amazon reviews
No Reviews are Available