12. Yes, hackers will find your publicly exposed data...
Scanning and Guessing
Logs
Mining DNS records
DNS requests
Databases of public S3 buckets
Monitoring network traffic
Access to query cloud accounts
Application code
35. for REGION in $(
gcloud compute regions list
--format="value(NAME)")
do
gcloud compute networks subnets update default
--enable-flow-logs --region ${REGION}
done
46. Creating and enforcing zero trust network
1. Strict access for systems with high privileges
2. Precise network requirements for application
3. Required ports and protocols, ingress and egress
4. Prevent non-compliant network deployments
5. Tag instances with policy name
6. Monitor changes for adherence to policy
7. Auto-remediate unwanted changes
49. Better Risk Management
Much more than what we covered today
Understand cybersecurity fundamentals
Ask the right questions; Define your rules
Track compliance, exceptions, and approvals
Generate reports to measure organizational risk
Leverage automation to track and remediate
P.S. This is from my book on Amazon >>>
50. Teri Radichel ~ @teriradichel & @2ndsightlab
CEO, 2nd Sight Lab - Cloud Security Training, Penetration Testing & Assessments
IANS Faculty, AWS Hero, Infragard
Security certifications including GSE and industry awards
Author:
Cybersecurity for Executives in the Age of Cloud
https://medium.com/cloud-security
https://medium.com/cybersecurity-news
People think oh my goodness there are so many things to fix. It’s overwhelming. Start in two places:
The findings that have most chance of causing a data breach.
The easiest to fix quickly with automation and automatically remediate.