Cyber Defense Magazine Special Annual Edition for RSA Conference 2021
Cyber Defense Magazine Special Annual Edition for RSA Conference 2021 - the INFOSEC community's largest, most popular cybersecurity event in the world. Hosted every year in beautiful and sunny San Francisco, California, USA. This year, post COVID-19, virtually with #RESILIENCE! In addition, we're in our 9th year of the prestigious Global InfoSec Awards. This is a must read source for all things infosec.
Cyber Defense Magazine Special Annual Edition for RSA Conference 2021 - the INFOSEC community's largest, most popular cybersecurity event in the world. Hosted every year in beautiful and sunny San Francisco, California, USA. This year, post COVID-19, virtually with #RESILIENCE! In addition, we're in our 9th year of the prestigious Global InfoSec Awards. This is a must read source for all things infosec.
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CIEM? Looks a lot like SIEM.<br />
CIEM may look like and even sound like SIEM (security in<strong>for</strong>mation and event management), but the two<br />
security solutions are not the same. While there may be some overlapping capabilities <strong>for</strong> cloud-first and<br />
hybrid environments with cloud-native SIEM vendors, none of them have the ability to extend their<br />
plat<strong>for</strong>m to manage and en<strong>for</strong>ce entitlements and permissions <strong>for</strong> the multi-cloud and hybrid cloud<br />
enterprises. This management and en<strong>for</strong>cement of entitlements and permissions is a core competency<br />
of a comprehensive CIEM plat<strong>for</strong>m, and it enables organizations to design and implement Zero Trust<br />
architectures in multi-cloud and hybrid cloud environments. As multi-cloud adoption continues to increase<br />
across the industry, the movement of workloads to such environments requires in-depth visibility and<br />
analysis of cloud infrastructure accounts, permissions, entitlements and activity, and granular controls.<br />
Why is CIEM vital <strong>for</strong> organizations? The Cloud Permissions Gap.<br />
A new attack surface has emerged in response to mass digital trans<strong>for</strong>mation: the Cloud Permissions<br />
Gap. CloudKnox threat research has uncovered that more than 90% of privileged identities within<br />
organizations’ cloud infrastructures (both human and machine) are using less than 5% of their<br />
permissions granted. This delta is known as the Cloud Permissions Gap, and it is a contributing factor to<br />
the rise of both accidental and malicious insider threats impacting enterprises of all sizes, as attackers<br />
are able to exploit an identity with misconfigured permissions and access across the organization’s critical<br />
cloud infrastructure.<br />
Specific risks and challenges associated with the Cloud Permissions Gap<br />
include:<br />
●<br />
●<br />
●<br />
●<br />
Inactive identities and super identities. Every company has at least few inactive identities—<br />
<strong>for</strong>mer employees, testing, POCs, etc.—just hanging out there. Even more dire, there are other<br />
identities known as “break-glass accounts” or super identities that are floating around with<br />
unlimited permissions and unrestricted access to all cloud resources offered across the<br />
organization.<br />
Over-permissioned active identities. Continuously tracking and monitoring the proliferation of<br />
new services, roles and permissions in the cloud is almost impossible to do manually.<br />
Cross-account access. Organizations leverage cross-account roles to allow identities to access<br />
different environments—development, test, production, etc.—and allow third-party entities to<br />
access their accounts. This is both convenient and a potential vulnerability <strong>for</strong> the organization.<br />
The inherent danger is when an identity access management (IAM) role in these instances is<br />
over-provisioned. Since these roles grant permissions to an entire account, the misconfigured<br />
permissions tied to the role can cause significant—and costly—ripple effects.<br />
Anomalous behavior among machine identities. Machine or non-human identities consist of<br />
scrips, bots, access keys and others, and they typically per<strong>for</strong>m the same repetitive actions. If a<br />
53