Expose Yourself Without Insecurity: Cloud Breach Patterns presented at BSidesAtlanta 2020

by Brandon Salazar,

URL : https://zoom.us/j/711704515

Summary : Cloud providers continue to increase in usage for the next generation of internet services. Dynamic and ephemeral exposures are being created on an unprecedented level and your old generation of internet scanners can’t find them. Let us show you how they can be found and what it means for the future of unwanted internet exposures. Right now, at the click of a button, can you answer the question “What in my cloud environments is internet-facing?”. For most security teams the answer to this question would be a sigh and then “No.” We know that complexity is the enemy of security. We also know a comprehensive asset inventory is step one to any capable security program. How can we monitor for unnecessary exposures without knowing what’s on the internet? In this presentation we will look at the most pragmatic ways to continuously analyze your cloud environments and operationalize that information to identify vulnerabilities. Through examination of exposure patterns and analysis of passive DNS data, we explore real-world examples of global cloud breaches waiting to happen. There are thousands of vulnerable systems for the commonly used services (e.g. ElasticSearch) and more from the up and coming services you may not even know your organization is using yet. Main Takeaways: * Most security orgs are maintaining their inventory the old way (i.e. IP ranges) which doesn’t cut it in a dynamic cloud world * IPv4 scanners can’t find virtual host services that are ephemeral or require specific paths in the request to function properly * Global exposures are only going to increase unless we look at the solution differently and understand the patterns for these breaches waiting to happen