We broke the news on the multi-billion dollar Capital One AWS breach which is one of the largest banking breaches ever.
This breach was somewhat unusual because it was found not by the company itself or law enforcement but instead because the hacker, Paige Thompson who is pictured at the top of this post bragged about it online.
Capital One has disclosed that a March 22-23 breach affected 100 million people in the US and a further 6 million in Canada. 140,000 social security numbers were stolen and 80,000 bank account numbers.
The problem however is spreading beyond the bank to the cloud provider.
In a letter to the Federal Trade Commission (FTC) last week, U.S. senators Ron Wyden (D-Ore.) and Elizabeth Warren (D-Mass.) called for the investigation of Amazon’s role in the Capital One data breach.
Some time back we conducted an exclusive interview with Tim Woods, VP Technology Alliances, FireMon.
We think it is an important read as cybersecurity in the cloud is generally overlooked more than on-premise systems because out of sight, out of mind as they say. We hope you find the interview useful.
How did the breach happen?
The individual responsible (Paige Thompson) reportedly had first-hand knowledge where the Capital One data resided. She discovered access to the data was essentially allowed unchallenged as a result of misconfigured security application controls. Companies take cloud configuration too lightly and frequently assume that data storage in the cloud inherently makes it secure. This particular bad actor was not very adept at covering their tracks and while it remains early, the hope is exposure may be limited. Others have not been so lucky. Hackers are routinely using automated methods to crawl the web searching for public data exposure due to misconfigurations.
How can this happen in such a large company with so many resources?
Unfortunately, the problem is not as uncommon as one might think. Companies are increasingly moving their workloads and data stores to the cloud. The larger the data stores and more distributed the data stores become can contribute to the potential for exploitation. And even though a larger company may have many resources, if those resources are not properly trained or equipped then the probability of misconfigurations goes up. It is very important to understand that the security configuration aspects of cloud deployments are a shared responsibility between the cloud provider and the consumer of the cloud service. One analyst has predicted that by 2020 95% of cloud data exposures will be the result of consumer misconfiguration not the cloud provider’s fault.
How can it be prevented in the future?
In network security (cloud or on-premise) there are no silver bullets or 100% guarantees. But technology is available that can assess the effectiveness of a given security policy, monitor for change, and analyze change when it occurs. Automating the behavioral analysis of security policies is a great first step. A better strategy is to build repeatable security configurations standards and technically enforceable compliance guidelines that become integrated components of the application deployment process.
What do companies need to watch for in terms of firewall configuration?
Companies should always monitor and assess and changes to firewall configurations as they happen or if possible, proactively assess proposed changes prior to implementation. Practicing good firewall hygiene includes removing technical mistakes (redundant/shadowed), removing unused rules as they are identified, and ensuring that overly permissive rules are eradicated. Risky rule assessment of the access that a firewall policy provides is paramount especially when correlated with vulnerability scan data.
Are any firewalls more secure than others?
No, you can have the absolute best, most feature-rich product available, but if the technology is not properly managed, companies will fail to realize the return on the security investment.
What are some other cybersecurity areas companies need to watch for?
Real-time network discovery always comes to the top of my list. I like to say it is very difficult, if not impossible, to manage what you can’t see and even harder to secure what you don’t know about. Given the dynamic nature of cloud risk posture can change very rapidly and security teams cannot afford reduced visibility to the infrastructure they are charged to protect.
Tell us more about your company?
FireMon is a security software development company. We offer enterprise security management solutions that provide comprehensive visibility across your entire network. Our flagship product “Security Manager” yields real-time visibility and control over your complex hybrid network infrastructure, policies and risk. Key security performance indicators are presented in a single pain of glass for the entire security real estate.
What will your company look like in the future? New products/services, etc.
FireMon has over 15 years of security platform experience trusted by the most prominent enterprise companies today across virtually every market sector. At FireMon we are constantly engaged in conversations with our customers in an effort to solve not only their current challenges but also the challenges that loom on the horizon ahead. Security must be present and have parity with the speed of business. It’s our goal to give our customer the freedom they need to move at the speed they require.
Attentions IT and MSPs:
Come and learn about the latest in everything business tech… Cybersecurity, Collaboration, UCaaS, the Channel, IT, IOT, Edge, AI, and the Future of Work at the world’s only MSP Expo part of the ITEXPO #TechSuperShow, Feb 12-14, 2020 Fort Lauderdale, FL.