Misconfigured identity and access management (IAM) is much more widespread. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

News, Technology, Daily News, Tech News

4.8 • 1.1K Ratings

🗓️ 21 November 2020

⏱️ 19 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Identity and access are intrinsically connected when providing security to cloud platforms. But security is only effective when environments are properly configured and maintained. In the 2H 2020 edition of the biannual Unit 42 Cloud Threat Report, researchers conducted Red Team exercises, scanned public cloud data and pulled proprietary Palo Alto Networks data to explore the threat landscape of identity and access management (IAM) and identify where organizations can improve their IAM configurations. During a Red Team exercise, Unit 42 researchers were able to discover and leverage IAM misconfigurations to obtain admin access to a customer’s entire Amazon Web Services (AWS) cloud environment – a potentially multi-million dollar data breach in the real-world. These examples highlight just how serious the failure to secure IAM can be for an organization. Joining us in this week's Research Saturday to discuss the report for Palo Alto Networks' Unit 42 is CSO of Public Cloud, Matt Chiodi. The research can be found here: Highlights from the Unit 42 Cloud Threat Report, 2H 2020 Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	Today's episode is sponsored by SRM, your first call for cybersecurity and
0:18.1	investigations. Threats today are evolving faster than ever before and since 2005 SRM has pioneered
0:25.3	tailored security solutions for global corporations and their executives.
0:29.5	Whether it's defending against cyber attacks with their award-winning team of ethical hackers and incident response specialists,
0:36.4	or navigating the murky waters of compliance and ESG challenges,
0:40.9	SRMs, Insight and Straight straightforward advice will help you navigate complex risks
0:46.4	and emerge more resilient.
0:48.4	Their secret, a culture that nurtures the sharpest minds, giving them access to the newest technologies and the freedom
0:55.3	to solve problems in new ways, enabling them to craft simple effective solutions for your
1:01.4	unique cyber challenges.
1:03.7	Search your first call to discover how SRM can help your business. Hello everyone and welcome to the CyberWire's research Saturday.
1:25.0	I'm Dave Bitner and this is our weekly conversation with researchers and analysts
1:29.0	tracking down threats and vulnerabilities, solving some of the hard problems of protecting ourselves in a rapidly
1:35.2	evolving cyberspace.
1:37.3	Thanks for joining us.
1:38.3	What we found was that this problem that we had found in this one customer was actually much more widespread.
1:49.0	This is something that is likely affecting thousands of cloud accounts worldwide.
1:54.4	That's Matt Coyote.
1:55.6	He's chief security officer for public cloud at Palo Alto networks.
1:59.8	The research we're discussing today is their second half 2020 edition of their
2:04.3	biannual unit 42 cloud threat report.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.