SaaS apps have become the “easy button” for organizations seeking a fast and simple way to make foundational business apps available to their employees. According to Gartner, “SaaS remains the largest public cloud services market segment, forecasted to reach $176.6 billion in end-user spending in 2022,” growing 14% over 2021.

In the latest example of a cloud service being exploited for cyber espionage, researchers from Trend Micro have shed light on a campaign, conducted between March and October 2022, targeting government, academic, foundations, and research sectors of multiple countries including Myanmar, Australia, the Philippines, Japan, and Taiwan.

At AWS re:Invent 2022, CrowdStrike is announcing expanded service integrations with AWS to provide breach protection across your AWS environment, simplified infrastructure management and security consolidation. Visit us at Booth 109, Nov. 28-Dec. 2 in Las Vegas, to learn more about our comprehensive integrations with AWS.

With the continual increase of attacks, vulnerabilities, and misconfigurations, today’s security organizations face an uphill battle in securing their cloud environments. These risks often materialize into unaddressed alerts, incidents, and findings in their security products. However, part of the issue is that many security teams are often stretched too thin and overburdened by alert fatigue.

As global network infrastructure expands to include devices without traditional compute power, every organization’s attack surface becomes increasingly complex. Parallel to the increased complexity in the threat landscape is the increased scale and complexity of the signals and data necessary to produce meaningful cybersecurity insights. At its core, cybersecurity is a big data problem, requiring centralization of disparate data sources in uniform structure to enable continuous analytics.

Amazon Security Lake allows customers to build security data lakes from integrated cloud and on-premises data sources as well as from their private applications. Directing your security telemetry into a unified data lake makes it easier to manage, analyze, and route security-log and event data to third-party SIEM solutions that leverage that telemetry.

Google Drive is an integral part of Google Workspace (formerly known as G Suite). With over 6 million customers and over 2 billion monthly active users, Google’s platform is the world’s largest collaboration tool for companies both large and small. In Google Drive, employees across the world create, edit, and share files on a daily basis. This, however, does not occur without the risk of data leakage.

As organizations are increasingly moving their workloads to the cloud, cloud security is becoming more important than ever.

Cloud data storage has many practical advantages over traditional data centers, but making a move also comes with many unique security considerations. When moving to AWS, begin how you wish to continue. Companies that transition to cloud data storage must update their approach to information security to protect their data. Setting up proper security practices during migration will help future teams securely and efficiently deliver applications and features.

Devo recently announced that it has entered into a strategic collaboration agreement with Amazon Web Services (AWS). This is a significant milestone for Devo and great news for our mutual customers with AWS. We caught up with Tony Le, cloud partnerships director, to take a deeper dive into what this means and how the collaboration will benefit our users in the long run.

We are pleased to announce that Netskope Private Access (NPA) is now available to test drive, meaning you can experience a truly modern zero trust network access (ZTNA) solution firsthand with no commitment and no software to download or install. Selecting and implementing the right ZTNA solution is a crucial part of the SASE journey, and our goal is to make your process of evaluating Netskope Private Access as easy as possible.

As organizations are rapidly moving to the cloud to leverage the cloud advantage, services are also moving to the cloud, including cybersecurity solutions such as SIEM. In fact, SIEM as a Service is rapidly gaining momentum as an alternative to traditional, on-premises SIEM solutions. In its 10 Questions to Answer Before Adopting a SaaS SIEM report, Gartner had predicted that by 2023, 80% of SIEM solutions will have capabilities that are delivered via the cloud.

Investigating the origin of activity in cloud-native infrastructure—and understanding which activity is a potential threat—can be a challenging, time-consuming task for organizations. Cloud environments are complex by nature, comprising thousands of ephemeral, interconnected resources that generate large volumes of alerts, logs, metrics, and other data at any given time.

Rubrik allows customers to protect their workloads like VMs, Disks, and SQL instances running on Azure. We have customers who protect a large number of Azure subscriptions through our SaaS product. We offer features like File-Level Recovery to allow customers to make faster recoveries and Storage Tiering to save on storage costs associated with the backups. To support these features, we run compute in the customer’s environment to read the data from Azure Disk snapshots.

Cloud Security Posture Management (CSPM) aims to automate the identification and remediation of risks across your entire cloud infrastructure. A core requirement of the CSPM framework is the need to enforce a principle of least privilege. There are certain overlaps with Cloud Infrastructure Entitlement Management (CIEM) solutions. CIEM is a newer categorization that came after CSPM.

The ongoing growth in the adoption of cloud services poses escalating opportunities and risks in equal measure. The increased capacity and scalability of cloud environment lends itself to an accelerated pace and higher volume of software and application development than ever before. This trend brings into play a huge increase in the number of software components and dependencies that developers use in their code bases.

A common use case for Open Policy Agent (OPA) is to decouple authorization from the application. This enables policies and decisions to be managed centrally and lifecycled independently to the application. For application use cases, OPA can be integrated at the API Gateway, Service Mesh or Microservices layer or any combination of these.

Migrating to the Cloud brings many advantages for companies. First of all, they reduce their operating costs by almost 40%. They also increase their agility, reduce the maintenance time of traditional IT infrastructures, and gain flexibility and scalability. However, as the number of workloads deployed in the Cloud grows, more and more organizations are struggling to keep pace with security requirements.

When it comes to security in AWS, there is the shared responsibility model for AWS services, which is divided into AWS responsibility ‘security of the cloud’ and customer responsibility ‘security in the cloud’. For more detail on this please check the shared-responsibility-model. Figure 1: AWS Shared Responsibility Model Source: shared-responsibility-model.

In Teleport 8, we introduced the TLS Routing feature that can multiplex all client connections on a single TLS/SSL port. Recently we've added support for TLS Routing for Database Access when Teleport is deployed behind an AWS Application Load Balancer (ALB). In this article, we will take a deep look at the problem with Teleport behind an ALB and how we solved it.

Editor’s note: This is Part 2 of a five-part cloud security series that will cover protecting an organization’s network perimeter, endpoints, application code, sensitive data, and service and user accounts from threats.

As the new year draws closer, we’ve asked our experts here at Netskope to see what they have on their radar for 2023. Similar to years past, we’ve broken these predictions out into “Long Shots,” more out-there predictions we think could potentially happen in the next year, and “Trending Topics,” predictions around topics you may have seen discussed a bit this year but digging into how we expect them to evolve. Here’s what our experts see for 2023.

Netskope Threat Labs recently discovered a phishing campaign that is abusing Adobe Acrobat to host a Microsoft Office phishing page. While abusing free cloud services to host malicious content is a popular attack technique, this is the first time we have seen Adobe Acrobat used to deliver malicious content. The attack starts with a phishing email that lures the user into opening a PDF file that redirects them to an Adobe Acrobat URL.

It is always interesting to learn about real-world examples of technologies at work. So, when ThreatQuotient invited me to share how we at Sysdig are using the ThreatQ Platform to enhance our cloud detection and response solutions, I was happy to participate.

Recently, I met with Or Weis — a Snyk Ambassador — to discuss access control in the cloud. Or is an entrepreneur, based in Tel Aviv, where he founded Permit.io, a solution that empowers developers to bake in permissions and access control into any product in minutes and takes away the pain of constantly rebuilding them.

Last week Netskope was awarded the “Cloud Services Vendor Of The Year” trophy at the UK’s CRN Awards. It is the second award we have won for our efforts in the UK channel this year – earlier in the summer we took home CRN’s “Technology Innovation” gong as well.

Cloud storage misconfigurations continue to become more prevalent and problematic for organizations as they expand their cloud infrastructure, driving the importance of technologies such as cloud security posture management (CSPM) as crucial tools for protectors everywhere. Consider the recently reported public exposure of data associated with some Microsoft customers and prospects.

This post walks you through the steps of setting up a point-to-site VPN connection from a Windows server running Netwrix StealthAUDIT, so you can discover and monitor all your Azure SQL databases.

Many security engineers have woken up to dozens of Slack messages and emails telling them the day they dreaded is here: a vulnerability has been deployed, and now it must be fixed. Meetings and plans are abandoned while security engineers rush to fix the problem. It’s often a process failure that has led to the now-urgent issue. And these emergency issues can appear across a spectrum that includes all types of remediation efforts.

TL;DR: AWS Object Lamba can authorize requests to S3. We can create an Object Lambda that calls Open Policy Agent (OPA) to get a policy decision. This delegation allows us to implement policies using Rego and manage them in Styra Declarative Authorization Service (DAS).

As organizations continue to move their business operations into the cloud, the expanded attack surface generated by the “digital transformation” continues to present new opportunities for threat actors. Luckily, strategies to mitigate these new risks do exist and, as always, these center around the techniques and tactics of the adversaries.

Let’s dig deeper into the techniques used by attackers and the mitigations you should implement when ransomware on Azure affects you. By now, we should all be aware of ransomware from the constant news articles associated with this known threat. As we explained in the anatomy of a cloud attacks, ransomware is a way for attackers to make money when they gain control of your accounts through data encryption, therefore restricting your access to the system.

Security policies are still awaiting digital transformation. A key phrase in today’s cloud-driven world, “digital transformation” generally refers to the ongoing work of digitizing formerly paper-based processes. “Paper,” however, is not literal — many processes don’t use paper, but still flow as if they were. Uploading a document to Google Drive, in other words, doesn’t amount to digital transformation.

Cloud misconfigurations can cause devastating financial and reputational damage to organizations. Yet, such undesirable circumstances can be avoided by understanding the common misconfiguration errors and mitigating them before malicious actors can exploit them. Ava Chawla, AlgoSec’s Global Head of Security provides some valuable insights on cloud misconfigurations and offers useful tips on how to avoid them.

What is different about cloud log management versus on-premises? The answer may seem simple, but several elements such as CloudTrail vs. CloudWatch come into play. In this article, we will cover some of the most important differences, and then dig deeper into a specific example of AWS CloudTrail vs. CloudWatch.

Government agencies are instructed by Executive Order to improve the delivery of digital services to citizens while also safeguarding critical data and systems. Often, this leads to a difficult decision between speed of application production and software security. However, as recent events have shown, sacrificing security in the name of speed compromises the safety of citizens and government infrastructure.