Cloud Security Features Don't Replace the Need for Personnel Security Capabilities

Published: 2020-05-05
Last Updated: 2020-05-05 02:44:12 UTC
by Russ McRee (Version: 1)
0 comment(s)

We received excellent comments and a question regarding cloud security features from an ISC reader today that we thought was important to share broadly. We'd certainly like to open this up to reader comments, insights, and feedback. 

"With Azure adding to their security offerings, is the trend for more companies to start offloading their security needs to Microsoft?  With Microsoft security & compliance, companies would rely more on Microsoft recommendations and alerting. Why even go through security learning when Microsoft would be handling the entire stack?"

My response to this follows, please note that I work at Microsoft, and that our replies are not exclusive to the Azure cloud:

"The continued growth of security features in Azure are intended to be of increased benefit to customers and their protection, but not supplant or replace their ongoing need to understand and apply security practices and learning. Organizations utilizing Azure are able to leverage these tools to greater affect but can't do so in the absence of understanding the same security principles that apply to on-premises computing. Yes, the technology and landscape are evolving but the core tenets of asset management, vulnerability management, secure configuration, security assessment, monitoring, analysis, and incident response all remain valid and true. Just because the likes of Microsoft Defender Advanced Threat Protection or Azure Sentinel exist for Azure resources and Microsoft customers doesn't mean you don't have to know how to utilize them effectively. Different tech, different landscape, same principles."

Another handler replied as well:

"My organisation does a lot of work within the various Microsoft stacks and unfortunately the assumption is often that Microsoft is taking care of it all, which unfortunately is not the case.  The tools that people are being provided with are improving. What is available at your particular license level is different to what it was a few years ago, even a few months ago. However the same security principles people were applying previously still apply. If you had an on-prem SIEM that nobody looked at, having Sentinel and nobody looking at it will have the same end result. The tools are available, but they can still be implemented insecurely."

Key Takeaways

  1. Yes, cloud security features are constantly being added and improved.
  2. No, they do not replace your need for understanding and continued learning of security best practices, configuration, implementation, and analysis.
  3. Yes, these insights apply to all cloud providers with security features offered as part of their platforms.
  4. No, you should not assume that your cloud provider is "taking care of it for you."

Again, cloud security features <>!=≠ personnel security capabilities, those are still up to you and your teams.

Cheers…until next time.

Russ McRee | @holisticinfosec

 

 

0 comment(s)
ISC Stormcast For Tuesday, May 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6982

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives