Category: Events

Alert Logic by HelpSystems launched general availability of its new intelligent response capabilities this year. The innovations, including simple mode and a mobile application, relieve IT and security departments of repetitive response tasks and the need for constant administration through human-guided and fully automated workflows. Seedrs, Europe’s leading online private investment platform, is among the first adopters of the new capabilities, now available at no additional cost to Alert Logic MDR® customers.

Alert Logic Intelligent Response™ is designed to minimise the impact of a breach via embedded SOAR capabilities with workflows to enable response actions across network, endpoints, and cloud environments. This provides a backstop if attacks bypass prevention tools, improving an organisation’s security posture while allowing them to adopt automation at their own pace. As part of a holistic response strategy, the solution addresses detection, notification, and containment with multiple actions and use cases in a simplified user experience, making it easy for any organisation to create automated response actions.

“The wizard-based user interface of Alert Logic’s simple mode made the whole intelligent response configuration possible in just minutes,” said Jonas Pereira, Senior DevOps Engineer, Seedrs. “I also have full visibility of our infrastructure, and our safety, literally in my pocket with the Alert Logic mobile application, ensuring we can effectively respond to any potential threat instantly.”

Intelligent response simple mode focuses on the three most commonly needed actions:

  • Shun an attacker at the edge of a network, for Alert Logic and AWS WAFs
  • Isolate a host for SentinelOne or Microsoft Defender for Endpoint users
  • Disable user credentials that may be compromised, via AWS IAM or Azure Active Directory (including Office 365)

These three use cases are vital for preventing attacks or reducing the impact of successful attacks. Organisations may introduce the human touch anywhere in the process and increase the level of automation to suit their needs. Customisable response playbooks also save time by helping security experts integrate automated response actions into their business processes.

In addition to simple mode, the Alert Logic mobile application streamlines human-guided response, allowing security teams to remotely execute decisions for response actions immediately. Using the mobile application, CISOs can instantly approve response actions from anywhere, for a more flexible work environment.

“The beta customers who helped guide development of Alert Logic Intelligent Response told us they needed a flexible solution that allowed them to adopt automation at their own pace to increase their security posture,” said Onkar Birk, Managing Director, Alert Logic by HelpSystems. “We’re putting response in front of people in an intuitive way, getting them involved in the process, taking security actions to contain problems, and enabling resource-stretched teams to deploy best practice security.”

To learn more about Alert Logic Intelligent Response, visit https://www.alertlogic.com/why-alert-logic/intelligent-response/

Or visit Alert Logic on Stand D41 at International Cyber Expo – the must-attend cybersecurity event for industry collaboration, created by the community, for the community – on the 27th and 28th of September 2022 (London Olympia).

Register to attend for FREE here: https://ice-2022.reg.buzz/e1 

 

The post Learn About Alert Logic’s New Intelligent Response Capabilities at International Cyber Expo appeared first on IT Security Guru.

We face an exciting evolution in the cybersecurity sector. 

Attackers are becoming both more efficient and intelligent at evaluating their targets and successfully carrying out their intended campaigns. Often money is at the forefront of their minds but, as we have seen recently, drivers may also be geo-political or activist views. Whatever their motivations, financial or otherwise, their methods continue to be both immoral and, in most jurisdictions, illegal. Understanding and tackling these threats becomes ever harder for organisations.

 

Enter reconnaissance. The first stage described in dedicated frameworks such as MITRE ATT&CK or Lockheed Martin Kill Chain  is that of reconnaissance. The period when an attacker will be gathering valuable data in order to enable them to understand where they might best focus their activities to create maximum value for their aims. Reconnaissance can take many forms such as searching social media to understand more of the psychology of the situation, the main players, what they like and dislike, their movements and interactions so that a social engineering approach can be created. Understanding what external exposure there might be for computer systems also potentially shows areas of misconfiguration or technical vulnerability that could enable a successful attack. Understanding the latest vulnerabilities across the wider infrastructure such as networked printers, uninterruptible power supplies, VPN servers or back-end business critical application servers can give an attacker a valuable insight into where to devote their time. Searching the dark web for potentially previously exfiltrated lists of users and passwords might be another area of focus for an attacker as they piece together the various sets of data that enable them to form an attack plan.

The availability and evolution of such attacks alongside the ever-increasing speeds of internet connectivity all serve to make understanding the reconnaissance phase even more critical for the defenders. Their aim is to lower their time to detect (TTD) and time to remediate (TTR). We often see data exfiltration prior to the deployment of ransomware along with backups being deleted and data encrypted so identifying these critical metrics should be front and centre of all organisations’ planning and prioritisation.

 

To combat the attacks and ensure attackers are discovered in minutes rather than days or months organisations have a multitude of toolsets and components open to them. A key part of the challenge is picking solutions that enable the teams to understand the risks and reduce aspects such as alert fatigue so that the resulting solutions are more sustainable, auditable and beneficial. Encouraging efficiencies and better collaboration amongst often disparate teams can also be a potential positive side effect of solving these challenges.

Of the variety of toolsets available two aligned to the reconnaissance phase are deception and digital risk protection services. We will delve into these to illustrate the potential benefits organisations could derive from them.

Firstly, deception can add huge value and provide invaluable telemetry. This can enable your organisation to react quickly whilst also learning about the attacker’s tactics, techniques and procedures. This allows teams to gain the knowledge to adjust defences in line with the changing attack vectors in use at that time. Deception can also be used where critical workloads are being moved into the public cloud and project teams want an early warning system in place to account for the potential of misconfiguration of the associated security controls within the cloud provider as is often seen. A multitude of decoys is possible to enable a full spectrum replica to be created. Decoys such as printers, uninterruptible power supplies, ESXi servers network shares and custom decoys are all possible.  Deploying fake but highly convincing decoys around the network can enable risk-averse automation (where an attacker is quarantined as soon as they so much as even ping a decoy) through to more risk-accepting ones (where SOC teams can watch what an attacker does in intimate detail for an extended period to understand motivations and behavior). For example, an attacker might put a dropper file into a decoy thinking they can use a zero-day exploit in a critical business system to achieve their objectives. The reality would be that the deception platform would talk to the sandbox to have the zero-day exploit forensically analyzed and immediately the new security intelligence would be distributed around the broader infrastructure to protect the network, users, and data from this new risk.. Deception is now a key shield for organisations seeking to expand their capabilities and defeat their attackers much earlier in the cycle. 

Secondly, Digital Risk Protection Services are a way to expand the visibility of organisations beyond their electronic boundaries and get a more global vision of what attackers can see. Being able to understand the external attack surface can help remediate problems before they escalate. Examples include: helping protect brand reputation linked with, for example, typo domain squatting, website copies, rogue app monitoring, dark web information sales and social media posts. Having this level of visibility can replicate the attacker’s viewpoint and enable organisations to close holes, increase the difficulty and lower the risk. 

 

Ref Fortinet Security Fabric

 

Increased visibility and better intelligence are, of course, less valuable if there is no easy way to distribute that critical knowledge across the overall infrastructure. As Gartner recently stated, a Cybersecurity Mesh Architecture (CSMA) is crucial to enabling organisations to better equip themselves with a sustainable cybersecurity capability. If you’d like to learn more about this, you can visit Fortinet at International Cyber Expo on stand G50. The event will be hosted at London Olympia on the 27th and 28th of September 2022. Do not miss their Product Innovation session on FortiDeceptor on 27th September at 13:45-14:05 as well!

 

The post Fighting Cyber Attackers Earlier to Reduce Risk appeared first on IT Security Guru.

Earlier this week it was announced that the Transatlantic Cyber Security Business Network (TCBN) have partnered with the International Cyber Expo 2022. The event, which runs from 27th-28th September at Olympia London, Kensington, will host 5000 delegates and over 100 leading cyber vendors. As part of the event, TCBN will host its own exhibit that will provide a central hub for the team and members to participate, network and collaborate throughout the event.

TCBN, established in 2021 by Andy Williams (former UK cyber trade envoy to the US), Political Intelligence, and Plexal (the UK’s largest cyber innovation centre) is a network committed to enhancing the longstanding cyber business relationship between the UK and US. According to the network, events such as the International Cyber Expo aim to bring together a coalition of cybersecurity organisations and cyber vendors from both sides of the Atlantic through a series of events, trade missions and online thought leadership engagements.

The network has grown significantly over the past 15 months, with 45 organisations now forming part of the network, including our 4 Supporting Partners (techUK, Crest, Cylon & Cyber Exchange) along with 6 Council Members (Armis, Armour Comms, BlockApt, CryptoQuantique, Garrison & Veracode). 

TCBN stated: “At International Cyber Expo 2022 we look to build out our visibility so that organisations wanting to expand through the transatlantic cyber market can utilise our network and connections to help them do so.”

At the event, co-founder Andy Williams is due to present a keynote on the ‘Techhub Stage’ at 2.55pm on the 27th September. The event, entitled ‘Targeting the $65bn US Cybersecurity Market,’ will explore the US as the world’s largest market for cybersecurity products and services; address the issues for cyber vendors associated with success in the US market; and explore the support available to UK organisations with transatlantic ambitions.

The TCBN team will be at booth no. E20, where they will be speaking to members about their mission in support of building a strong transatlantic cyber relationship.

They added: “We are inviting all our members to join us at our exhibit and would warmly receive all who come to listen to Andy’s key insights into the transatlantic cyber relationships.”

You can register to attend the International Cyber Expo (whether you are a TCBN member or not) now: https://ice-2022.reg.buzz/e1

 

The post Transatlantic Cyber Security Business Network (TCBN) partners with International Cyber Expo 2022 appeared first on IT Security Guru.

Arriving at the keynote hall for Black Hat 2022, I was immediately struck by the size of the crowd – after the seemingly endless pandemic hiatus, the cyber industry had come out in force.  The mood was one of enthusiasm, and the entire place reverberated with the vibrancy of reunion. It was a great event […]… Read More

The post Black Hat USA 2022: Key Highlights appeared first on The State of Security.

Pushing Open-Source Security Forward: Insights From Black Hat 2022

Open-source security has been a hot topic in recent years, and it's proven to be something of a double-edged sword. On the one hand, there's an understanding of the potential that open-source tools hold for democratizing security, making industry best practices accessible to more organizations and helping keep everyone's data better protected from attackers. On the other hand, open-source codebases have been the subject of some of the most serious and high-impact vulnerabilities we've seen over the past 12 months, namely Log4Shell and Spring4Shell.

While the feeling around open-source understandably wavers between excitement and trepidation, one thing is for sure: Open-source frameworks are here to stay, and it's up to us to ensure they deliver on their potential and at the same time remain secure.

The future of open-source was common theme at Black Hat 2022, and two members of the Rapid7 research team — Lead Security Research Spencer McIntyre and Principal Security Researcher Curt Barnard — shined a light on the work they've been doing to improve and innovate with open-source tools. Here's a look at their presentations from Black Hat, and how their efforts are helping push open-source security forward.

A more powerful Metasploit

Spencer, whose work focuses primarily on Rapid7's widely used attacker emulation and penetration testing tool Metasploit, shared the latest and greatest improvements he and the broader team have made to the open-source framework in the past year. The upgrades they've made reflect a reality that security pros across the globe are feeling everyday: The perimeter is disappearing.

In a threat environment shaped by ransomware, supply chain attacks, and widespread vulnerabilities like Log4Shell, bad actors are increasingly stringing together complex attack workflows leveraging multiple vulnerabilities. These techniques allow adversaries to go from outside to within an organization's network more quickly and easily than ever before.

The updates Spencer and team have made to Metasploit are intended to help security teams keep up with this shift, with more modern, streamlined workflows for testing the most common attack vectors. These recent improvements to Metasploit include:

Credential capturing: Credential capture is a key component of the attacker emulation toolkit, but previously, the process for this in Metasploit involved spinning up 13 different modules and managing and specifying configurations for each. Now, Metasploit offers a credential capture plugin that lets you configure all options from a single start/stop command, eliminating redundant work.

User interface (UI) optimization: URLs are commonly used to identify endpoints — particularly web applications — during attacker emulation. Until now, Metasploit required users to manually specify quite a few components when using URLs. The latest update to the Metasploit UI understands a URL's format, so users can copy and paste them from anywhere, even right from their browser.

Payloadless session capabilities: When emulating attacks, exploits typically generate Meterpreter payloads, making them easy to spot for many antivirus and EDR solutions — and reducing their effectiveness for security testing. Metasploit now lets you run post-exploitation actions and operations without needing a payload. You can tunnel modules through SSH sessions or create a WinRM session for any Metasploit module compatible with the shell session type, removing the need for a payload like reverse shell or Meterpreter.

SMB server support: Metasploit Version 6 included SMB 3 server support, but only for client modules, which was limiting for users who were working with modern Windows targets that had disabled SMB 3 client support. Now, SMB 3 is available in all SMB server modules, so you can target modern Windows environments and have them fetch (often payload) files from Metasploit. This means you don't need to install and configure an external service to test for certain types of vulnerabilities, including PrintNightmare.

Defaultinator: Find default credentials faster

Metasploit is at the heart of Rapid7's commitment to open-source security, but we're not stopping there. In addition to continually improving Metasploit, our research team works on new open-source projects that help make security more accessible for all. The latest of those is Defaultinator, a new tool that Curt Barnard announced the release of in his Black Hat Arsenal talk this year. (Curt also joined our podcast, Security Nation, to preview the announcement — check out that episode if you haven't yet!)

Defaultinator is an open-source tool for looking up default usernames and passwords, providing an easy-to-search data repository in which security pros can query these commonly used credentials to find and eliminate them from their environment. This capability is becoming increasingly important for security teams, for a few key reasons:

  • Some commonly used pieces of hardware in IT environments come with default credentials that could give attackers an easily exploitable method of network access. Curt gave the example of the Raspberry Pi microcontroller board, which always comes with the username "pi" and password "raspberry" for initial login — a security flaw that resulted in a 10 CVSS vulnerability published in 2021.
  • Meanwhile, IoT devices have been proliferating, and many of these manufacturers don't have security best practices at the front of their mind. That means hardcoded default credentials for first-time logins are common in this type of tool.
  • Many software engineers (Curt included) spend a lot of time in Stack Overflow, and many of the code snippets found there contain example usernames and passwords. If you aren't careful when copying and pasting, default credentials could make their way into your production environment.

With a whopping 54 CVEs for hardcoded usernames and passwords released just in 2022 so far (by Curt's count), security pros are in need of a fast, accurate way to audit for default credentials. But until now, the tools for these kinds of audits just haven't been out there, let alone widely available.

That's why it was so important to make Defaultinator, the first tool of its kind for querying default usernames and passwords, an open-source solution — to ensure broad accessibility and help as many defenders as possible. Defaultinator offers an API search-based utility or a web-based user interface if you prefer not to interact with the API. It runs in Docker, and the quickstart repository on Github takes just four lines of code to get up and running.

Watch the replays of Spencer's and Curt's presentations, as well as other great sessions from Black Hat 2022, at our replay page.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


[VIDEO] An Inside Look at Black Hat 2022 From the Rapid7 Team

Of all the cybersecurity conferences that fill up our summertime schedules, Hacker Summer Camp — the weeklong series of security events in Las Vegas that includes BSides, Black Hat, and DEF CON — holds a special place in our hearts. When else do so many members of the cybersecurity community come together to share their work, their challenges, and some quality face-to-face time? (We're particularly in need of that last one after missing out on so many-full scale events in 2020 and 2021.)

Black Hat is the centerpiece of this jam-packed lineup of cybersecurity sessions and meet-ups, both in terms of its timing at the middle of the week and the fact that it hosts the greatest number of speakers, presentations, and gatherings. There's a lot to recap each year from this one event alone, so we asked three of our Rapid7 team members who attended the event— Meaghan Donlon, Director of Product Marketing; Spencer McIntyre, Manager of Security Research; and Stephen Davis, Lead Sales Technical Advisor — to tell us about their experience. Here's a look at their highlights from Black Hat 2022.

What was it like being in Vegas and back at full-scale in-person conferences after two years?

[VIDEO] An Inside Look at Black Hat 2022 From the Rapid7 Team

What was your favorite presentation from Black Hat? What insights did the speaker offer that will change the way you think about security?

[VIDEO] An Inside Look at Black Hat 2022 From the Rapid7 Team

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


International Cyber Expo today announced the speaker line-up for its annual Global Cyber Summit sponsored this year by Snyk, and hosted at Olympia London on the 27th and 28th of September 2022. Introduced by former CEO of NCSC, Professor Ciaran Martin CB, the Summit endeavours to be an educational platform for IT professionals, C-Level executives and board members on the issues impacting the industry; both current and emerging.  

In a combination of roundtable discussions, fireside chats and presentations, sessions will explore a variety of themes; from cyber warfare, ransomware, and the legal landscape as it relates to data privacy, to building diversity into one’s business culture, and the questions raised by emerging technologies like the metaverse, blockchain and quantum computing.   

Having introduced the summit, Professor Ciaran Martin CB will hand over to an exciting mix of globally-recognised experts, exploring the state of cybersecurity from an unconventional approach; this will be continued on the second day. 

On Day 1, Professor Ciaran Martin CB will be accompanied on stage by: 

  • Dr. Victoria Baines, British Computer Society Fellow and former Trust and Safety Manager for Facebook EMEA, will speak about online trust and safety in the age of surveillance as well as touch upon the politics of security, more generally.
  • Charlie Morrison, Head of the Cyber Griffin team – a programme which makes up one arm of the City of London Police’s Cyber Crime Unit – will delve into the current intelligence and trends observed within the nation’s centre of business, otherwise known as the ‘Square Mile’. 
  • Christine Bejerasco, Chief Technology Officer at With Secure and a globally sought-after keynote speaker, will explore the agility of threat actors and the width of the attack surface before diving into an outcome-based approach to cybersecurity. 
  • Lisa Forte’s Respect in Security Team will be taking to the stage for a panel discussion with TEDx speaker, Marilise de Villiers, Founder & CEO – ROAR, amongst others, and will be exploring how far the industry has come in embracing diversity, but within the context of the Respect in Security campaign. Jitender Arora, CISO at Deloitte, will be joining in the conversation. 

 

On Day 2, some highlights include:

  • Titled ‘How to Steal a Vaccine’, Rob Shapland, ethical hacker and head of Cyber Innovation at Falanx Cyber, demonstrates how cybercriminals design, plan and maximise the success of their attacks in an effort to steal Covid vaccines.
  • Like all government agencies and in particular, with the National Cyber Security Centre being part of Government Communications HQ (GCHQ), anonymity is part of the game. However, the NCSC has confirmed a senior director to give real insights as to how they are keeping industry and the public safe from growing cyber threats and will be answering questions as to how to best use their services.
  • With the Summit’s international focus, Scott Wilcox, CEO of Sicuro will be giving insights from a Dubai and Middle East perspective where he is based, examining why security departments are unprepared for persistent threats and more. What will be clear are the similarities that transcend international borders.

“We are honoured to welcome a myriad of esteemed industry experts to speak at this year’s Global Cyber Summit; all of whom share in our mission to empower the community with knowledge and drive collaboration to tackle our ever-growing list of challenges,” said Philip Ingram MBE, former senior British Military Intelligence Officer and Content Lead for the International Cyber Expo. “The last thing we want to do is sit an audience in front of another sales pitch, so we have made a point not to accept paid speaking opportunities. We are committed to producing a show that brings value to our attendees, and I believe we will have accomplished that, thanks to our guest speakers.” 

All sessions will be ranked according to technicality, allowing attendees – be they non-technical or highly-technical – to find discussions best suited to them.  

For the full Global Cyber Summit programme, visit: https://www.internationalcyberexpo.com/global-cyber-summit  

 To register for FREE as a visitor: https://ice-2022.reg.buzz/e1

The post Industry All-Stars Take Stage at International Cyber Expo’s Global Cyber Summit appeared first on IT Security Guru.

What We're Looking Forward to at Black Hat, DEF CON, and BSidesLV 2022

The week of Black Hat, DEF CON, and BSides is highly anticipated annual tradition for the cybersecurity community, a weeklong chance for security pros from all corners of the industry to meet in Las Vegas to talk shop and share what they've spent the last 12 months working on.

But like many beloved in-person events, 2020 and 2021 put a major damper on this tradition for the security community, known unofficially as Hacker Summer Camp. Black Hat returned in 2021, but with a much heavier emphasis than previous years on virtual events over in-person offerings, and many of those who would have attended in non-COVID times opted to take in the briefings from their home offices instead of flying out to Vegas.

This year, however, the week of Black Hat is back in action, in a form that feels much more familiar for those who've spent years making the pilgrimage to Vegas each August. That includes a whole lot of Rapid7 team members — it's been a busy few years for our research and product teams alike, and we've got a lot to catch our colleagues up on. Here's a sneak peek of what we have planned from August 9-12 at this all-star lineup of cybersecurity sessions.

BSidesLV

The week kicks off on Tuesday, August 9 with BSides, a two-day event running on the 9th and 10th that gives security pros, and those looking to enter the field, a chance to come together and share knowledge. Several Rapid7 presenters will be speaking at BSidesLV, including:

  • Ron Bowes, Lead Security Researcher, who will talk about the surprising overlap between spotting cybersecurity vulnerabilities and writing capture-the-flag (CTF) challenges in his presentation "From Vulnerability to CTF."
  • Jen Ellis, Vice President of Community and Public Affairs, who will cover the ways in which ransomware and major vulnerabilities have impacted the thinking and decisions of government policymakers in her talk "Hot Topics From Policy and the DoJ."

Black Hat

The heart of the week's activities, Black Hat, features the highest concentration of presentations out of the three conferences. Our Research team will be leading the charge for Rapid7's sessions, with appearances from:

  • Curt Barnard, Principal Security Researcher, who will talk about a new way to search for default credentials more easily in his session, "Defaultinator: An Open Source Search Tool for Default Credentials."
  • Spencer McIntyre, Lead Security Researcher, who'll be covering the latest in modern attack emulation in his presentation, "The Metasploit Framework."
  • Jake Baines, Lead Security Researcher, who'll be giving not one but two talks at Black Hat.
    • He'll cover newly discovered vulnerabilities affecting the Cisco ASA and ASA-X firewalls in "Do Not Trust the ASA, Trojans!"
    • Then, he'll discuss how the Rapid7 Emergent Threat Response team manages an ever-changing vulnerability landscape in "Learning From and Anticipating Emergent Threats."
  • Tod Beardsley, Director of Research, who'll be beamed in virtually to tell us how we can improve the coordinated, global vulnerability disclosure (CVD) process in his on-demand presentation, "The Future of Vulnerability Disclosure Processes."

We'll also be hosting a Community Celebration to welcome our friends and colleagues back to Hacker Summer Camp. Come hang out with us, play games, collect badges, and grab a super-exclusive Rapid7 Hacker Summer Camp t-shirt. Head to our Black Hat event page to preregister today!

DEF CON

Rounding out the week, DEF CON offers lots of opportunities for learning and listening as well as hands-on immersion in its series of "Villages." Rapid7 experts will be helping run two of these Villages:

  • The IoT Village, where Principal Security Researcher for IoT Deral Heiland will take attendees through a multistep process for hardware hacking.
  • The Car Hacking Village, where Patrick Kiley, Principal Security Consultant/Research Lead, will teach you about hacking actual vehicles in a safe, controlled environment.

We'll also have no shortage of in-depth talks from our team members, including:

  • Harley Geiger, Public Policy Senior Director, who'll cover how legislative changes impact the way security research is carried out worldwide in his talk, "Hacking Law Is for Hackers: How Recent Changes to CFAA, DMCA, and Other Laws Affect Security Research."
  • Jen Ellis, who'll give two talks at DEF CON:
    • "Moving Regulation Upstream: An Increasing Focus on the Role of Digital Service Providers," where she'll discuss the challenges of drafting effective regulations in an environment where attackers often target smaller organizations that exist below the cybersecurity poverty line.
    • "International Government Action Against Ransomware," a deep dive into policy actions taken by global governments in response to the recent rise in ransomware attacks.
  • Jakes Baines, who'll be giving his talk "Do Not Trust the ASA, Trojans!" on Saturday, August 13, in case you weren't able to catch it earlier in the week at Black Hat.

Whew, that's a lot — time to get your itinerary sorted. Get the full details of what we're up to at Hacker Summer Camp, and sign up for our Community Celebration on Wednesday, August 10, at our Black Hat 2022 event page.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


Collaboration Drives Secure Cloud Innovation: Insights From AWS re:Inforce

This year's AWS re:Inforce conference brought together a wide range of organizations that are shaping the future of the cloud. Last week in Boston, cloud service providers (CSPs), security vendors, and other leading organizations gathered to discuss how we can go about building cloud environments that are both safe and scalable, driving innovation without sacrificing security.

This array of attendees looks a lot like the cloud landscape itself. Multicloud architectures are now the norm, and organizations have begun to search for ways to bring their lengthening lists of vendors together, so they can gain a more cohesive picture of what's going on in their environment. It's a challenge, to be sure — but also an opportunity.

These themes came to the forefront in one of Rapid7's on-demand booth presentations at AWS re:Inforce, "Speeding Up Your Adoption of CSP Innovation." In this talk, Chris DeRamus, VP of Technology - Cloud Security at Rapid7, sat down with Merritt Baer — Principal, Office of the CISO at AWS — and Nick Bialek — Lead Cloud Security Engineer at Northwestern Mutual — to discuss how organizations can create processes and partnerships that help them quickly and securely utilize new services that CSPs roll out. Here's a closer look at what they had to say.

Building a framework

The first step in any security program is drawing a line for what is and isn't acceptable — and for many organizations, compliance frameworks are a key part of setting that baseline. This holds true for cloud environments, especially in highly regulated industries like finance and healthcare. But as Merritt pointed out, what that framework looks like varies based on the organization.

"It depends on the shop in terms of what they embrace and how that works for them," she said. Benchmarks like CIS and NIST can be a helpful starting point in moving toward "continuous compliance," she noted, as you make decisions about your cloud architecture, but the journey doesn't end there.

For example, Nick said he and his team at Northwestern Mutual use popular compliance benchmarks as a foundation, leveraging curated packs within InsightCloudSec to give them fast access to the most common compliance controls. But from there, they use multiple frameworks to craft their own rigorous internal standards, giving them the best of all worlds.

The key is to be able to leverage detective controls that can find noncompliant resources across your environment so you can take automated actions to remediate — and to be able to do all this from a single vantage point. For Nick's team, that is InsightCloudSec, which provides them a "single engine to determine compliance with a single set of security controls, which is very powerful," he said.

Evaluating new services

Consolidating your view of the cloud environment is critical — but when you want to bring on a new service and quickly evaluate it for risk, Merritt and Nick agreed on the importance of embracing collaboration and multiplicity. When it's working well, a multicloud approach can allow this evaluation process to happen much more quickly and efficiently than a single organization working on their own.

“We see success when customers are embracing this deliberate multi-account architecture," Merritt said of her experience working with AWS users.

At Northwest Mutual, Nick and his team use a group evaluation approach when onboarding a new cloud service. They'll start the process with the provider, such as AWS, then ask Rapid7 to evaluate the service for risks. Finally, the Northwest Mutual team will do an assessment that pays close attention to the factors that matter most to them, like disaster recovery and identity and access management.

This model helps Nick and his team realize the benefits of the cloud. They want to be able to consume new services quickly so they can innovate at scale, but their team alone can't keep up the work needed to fully vet each new resource for risks. They need a partner that can help them keep pace with the speed and elasticity of the cloud.

“You need someone who can move fast with you," Nick said.

Automating at scale

Another key component of operating quickly and at scale is automation. "Reducing toil and manual work," as Nick put it, is essential in the context of fast-moving and complex cloud environments.

“The only way to do anything at scale is to leverage automation," Merritt insisted. Shifting security left means weaving it into all decisions about IT architecture and application development — and that means innovation and security are no longer separate ideas, but simultaneous parts of the same process. When security needs to keep pace with development, being able to detect configuration drift and remediate it with automated actions can be the difference between success and stalling out.

Plus, who actually likes repetitive, manual tasks anyway?

“You can really put a lot of emphasis on narrowing that gray area of human decision-making down to decisions that are truly novel or high-stakes," Merritt said.

This leveling-up of decision-making is the real opportunity for security in the age of cloud, Merritt believes. Security teams get to be freed from their former role as "the shop of no" and instead work as innovators to creatively solve next-generation problems. Instead of putting up barriers, security in the age of cloud means laying down new roads — and it's collaboration across internal teams and with external vendors that makes this new model possible.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


[VIDEO] An Inside Look at AWS re:Inforce 2022 From the Rapid7 Team

The summer of conferences rolls on for the cybersecurity and tech community — and for us, the excitement of being able to gather in person after two-plus years still hasn't worn off. RSA was the perfect kick-off to a renewed season of security together, and we couldn't have been happier that our second big stop on the journey, AWS re:Inforce, took place right in our own backyard in Boston, Massachusetts — home not only to the Rapid7 headquarters but also a strong and vibrant community of cloud, security, and other technology pros.

We asked three of our team members who attended the event — Peter Scott, VP Strategic Enablement - Cloud Security; Ryan Blanchard, Product Marketing Manager - InsightCloudSec; and Megan Connolly, Senior Security Solutions Engineer — to answer a few questions and give us their experience from AWS re:Inforce 2022. Here's what they had to say.

What was your most memorable moment from AWS re:Inforce this year?

[VIDEO] An Inside Look at AWS re:Inforce 2022 From the Rapid7 Team

What was your biggest takeaway from the conference? How will it shape the way you think about cloud and cloud security practices in the months to come?

[VIDEO] An Inside Look at AWS re:Inforce 2022 From the Rapid7 Team

Thanks to everyone who came to say hello and talk cloud with us at AWS re:Inforce. We hope to see the rest of you in just under two weeks at Black Hat 2022 in Las Vegas!

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.