-
RedTalk: Cloud Native Security vs 3rd Party Security
Customers often ask if they should use cloud-native security controls or invest in 3rd party solutions. The answer, of course, is not binary. When probed for the meaning of ‘3rd …
Continue reading “RedTalk: Cloud Native Security vs 3rd Party Security”
Read More -
RedLock and Qualys Integration
Earlier this year, RedLock announced support for host vulnerability insights through a technology partnership and integration with Tenable and AWS Inspector. We are now pleased to announce integration with Qualys, …
Continue reading “RedLock and Qualys Integration”
Read More -
It’s Time to Bring Together Cloud Compliance and Security Analytics
Today we announced our intent to acquire RedLock, a cloud threat defense company whose technology will add comprehensive asset discovery and automated threat detection and remediation to our public cloud …
Continue reading “It’s Time to Bring Together Cloud Compliance and Security Analytics”
Read More -
Mitigating Cloud Threats with Western Asset Management (WAM)
Banking, investment management and FinTech have continually invested in technology upgrades, data analytics and differentiated product offerings in an increasingly competitive and evolving investment landscape. A recent Accenture survey found …
Continue reading “Mitigating Cloud Threats with Western Asset Management (WAM)”
Read More -
Prologis Confidently Migrates to the Public Cloud with RedLock
Prologis is the world’s largest owner and developer of warehouses and distribution centers with over $90 billion in assets under management. Through innovation and sustainability, they are listed as a …
Continue reading “Prologis Confidently Migrates to the Public Cloud with RedLock”
Read More -
Informatica Strengthens Security and DevOps Collaboration with RedLock
For over 25 years, Informatica has helped their customers unleash the disruptive power of data. Once known as the data integration company, their position now as the leader in Enterprise …
Continue reading “Informatica Strengthens Security and DevOps Collaboration with RedLock”
Read More -
RedLock Supports Industry’s First CIS Reporting for Google Cloud
Over the last two years, I have had the opportunity to work with hundreds of customers to understand their key compliance and security requirements in public cloud environments. The consistent …
Continue reading “RedLock Supports Industry’s First CIS Reporting for Google Cloud”
Read More -
RedTalk: 7 Steps to Selecting Your Cloud Security Solution for AWS, Azure and Google Cloud
We recently sat down with RedLock’s VP of Solutions Engineering, Allan Kristensen. Allan’s 15+ years of experience building successful solutions engineering (SE) teams and his customer-first approach to build …
Read More -
AWS Security Tips: Understanding Access Controls in Amazon S3
Managing access control in Amazon S3 continues to be a challenge for many companies. With the constant press surrounding organizations unintentionally exposing their objects in S3, It is important to …
Continue reading “AWS Security Tips: Understanding Access Controls in Amazon S3”
Read More -
Top 10 Election Security Best Practices
At the heart of any democracy is the power of the individual voter. When the trust surrounding that system is called into question, the populace’s faith in that democracy begins …
Continue reading “Top 10 Election Security Best Practices”
Read More -
13 Cloud Security Statistics To Know In 2019 (With 9 Best Practices)
The phrase “in the cloud” has become a household phrase – nearly as common as “browsing the web” and “surfing the net”. Why has cloud technology become so important? Cloud …
Continue reading “13 Cloud Security Statistics To Know In 2019 (With 9 Best Practices)”
Read More -
Healthcare, Privacy & Cloud Security Risks
The threats to healthcare organizations are unique in that the value of what they’re trying to protect is significantly higher than other industries. From a purely monetary perspective, medical records, …
Continue reading “Healthcare, Privacy & Cloud Security Risks”
Read More -
RedTalk: Cloud Security vs On-Premise Security What’s the Difference?
Understanding the differences between on-premise and cloud security matters because research shows public cloud security incidents to date have largely been the customer’s fault. While the debate use to …
Continue reading “RedTalk: Cloud Security vs On-Premise Security What’s the Difference?”
Read More -
8 AWS Security Best Practices to Mitigate Security Risks
There are a lot of benefits that come with having AWS services as your cloud platform, alone or as part of a hybrid or multicloud environment. The agility and flexibility …
Continue reading “8 AWS Security Best Practices to Mitigate Security Risks”
Read More -
Apache Struts Seeking Another 15 Minutes of Fame
Three words that should strike fear into the hearts of anyone is remote code execution (RCE). If an attacker is able to execute an RCE exploit on a vulnerable system, …
Continue reading “Apache Struts Seeking Another 15 Minutes of Fame”
Read More -
RedTalk: Compliance in the Cloud
Compliance in the Cloud Auditors often ask abstract questions such as, “Are you ensuring that data at rest is encrypted in your cloud platforms?” However, what does that mean …
Continue reading “RedTalk: Compliance in the Cloud”
Read More -
What You Must Know About AWS Security
Businesses and institutions are rapidly deploying their networks on the infrastructure of third-party cloud providers. In the first quarter of 2018, the cloud infrastructure services industry grew by 51%. It’s …
Continue reading “What You Must Know About AWS Security”
Read More -
L1 Terminal Fault (L1TF): Foreshadowing Your Next Move to Public Cloud
Customers still running a majority of their compute on-premise were given yet another reason to expedite their migrations to public cloud. On Tuesday Intel announced another wave of CPU flaws …
Continue reading “L1 Terminal Fault (L1TF): Foreshadowing Your Next Move to Public Cloud”
Read More -
How to Effectively Manage Multi-Cloud Security Challenges
“Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products. …
Continue reading “How to Effectively Manage Multi-Cloud Security Challenges”
Read More -
1-1 with RedLock’s Head of Data Science, Alok Tongaonkar
RedLock’s Head of Data Science, Alok Tongaonkar, is passionate about applying machine learning to cyber security analytics and cloud threat defense. Prior to joining RedLock, Alok, was a Data Science …
Continue reading “1-1 with RedLock’s Head of Data Science, Alok Tongaonkar”
Read More -
RedTalk: Network Visualization
Have you ever been asked to find out if any of your databases are exposed to the internet? How do you go about doing this? A great place to …
Continue reading “RedTalk: Network Visualization”
Read More -
RedLock’s Newest Innovations for Google Cloud Platform
Google Cloud Next 2018 kicks-off today and, as a Google Cloud Platform partner, RedLock will be there in full force at booth S1431. We are announcing major enhancements to the RedLock …
Continue reading “RedLock’s Newest Innovations for Google Cloud Platform”
Read More -
RedLock vs. CASB: Know Which Challenges You Are Trying to Solve
Prior to founding RedLock, my co-founder and I spent years at an industry-leading Cloud Access Security Broker (CASB). When we first began thinking about RedLock’s initial product, we focused on …
Continue reading “RedLock vs. CASB: Know Which Challenges You Are Trying to Solve”
Read More -
The Booming Demand for HIPAA Compliance in the Cloud
HIPAA Compliance Management in the cloud is easier than ever across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) environments.
Read More -
The Business Case for Cloud Threat Defense
Way back in October, 2015, Gartner predicted big things for cloud computing security when they boldly opined “Through 2020, 95 percent of cloud security failures will be the customer’s fault”. …
Continue reading “The Business Case for Cloud Threat Defense”
Read More -
RedTalk: Discover, Detect, and Respond to Cloud Security Incidents Using an Extensible Language called RedLock Query Language (RQL)
In order to provide comprehensive security and operational visibility across AWS, Azure, and Google Cloud Platform (GCP) environments and help organizations respond to cloud security incidents, the RedLock Cloud 360 …
Read More -
The Growing Need for a Configuration Management Database (CMDB) for Public Cloud
You can’t secure what you can’t see. Visibility into public cloud environments – the ability to view and manage assets that live in someone else’s physical space – is critical, …
Continue reading “The Growing Need for a Configuration Management Database (CMDB) for Public Cloud”
Read More -
RedTalk: Network ACLs Behave Differently Amongst Public Cloud Providers
The Issue: Network ACLs Behave Differently Amongst Public Cloud Providers Not all firewalls are created equal. Some are generous… some are not…and not all firewall controls amongst the public cloud …
Continue reading “RedTalk: Network ACLs Behave Differently Amongst Public Cloud Providers”
Read More -
GDPR Compliance Reporting in Public Cloud
Even though the European Union’s General Data Protection Regulation (GDPR) is now in effect, discussions with RedLock customers and prospects indicates there are still many unanswered questions regarding who must …
Continue reading “GDPR Compliance Reporting in Public Cloud”
Read More -
RedTalk: Best Practices for Remediating Account Compromise Attacks
Account compromise attacks due to leaked access keys are typically remediated by deleting the compromised access keys. This is not sufficient as the attacker can create a covert channel to …
Continue reading “RedTalk: Best Practices for Remediating Account Compromise Attacks”
Read More -
Cloud Security Best Practices: Top 4 Tips for Preventing Network Intrusions in Public Cloud Computing Environments
Traditional network intrusion detection systems (NIDS) have long been a staple of on-premise security stacks. Deploying, managing and obtaining actionable results from these systems was often a big challenge. Now …
Read More -
Cloud Security Best Practices: Top 4 Tips for Incident Response Teams
Reduced visibility and control. Cryptojacking. Stolen credentials. Pilfered access keys. Lost data. These are just some of the risks your organization may face when migrating to the cloud. While cloud computing …
Continue reading “Cloud Security Best Practices: Top 4 Tips for Incident Response Teams”
Read More -
Instance Metadata API: A Modern Day Trojan Horse
A while back, a researcher had reported that the Instance Metadata feature in public cloud platforms makes them a very effective exploitation target. Essentially, an instance’s metadata can be queried via …
Continue reading “Instance Metadata API: A Modern Day Trojan Horse”
Read More -
RedTalk: Privilege Escalation Through IAM Instance Profile Role
In the first of our new video and blog series, RedTalk, we will discuss an interesting privilege escalation attack that could impact public cloud computing environments. Per wikipedia,
Read More -
Cloud Computing Security Challenges: 5 Tips to Defend Against Account Compromises
Cloud computing account compromises, resulting from stolen access keys and credentials, happen more often than we know. We are all familiar with notable, newsworthy reports of account compromises. But for …
Continue reading “Cloud Computing Security Challenges: 5 Tips to Defend Against Account Compromises”
Read More -
RedLock Increases Network Visibility with Support for Microsoft Azure Network Watcher
In public cloud environments, resources can be created – and then retired – in a matter of minutes. Nothing is static, making the management and security of cloud resources an …
Read More -
RedLock & Barracuda Networks – Joining Forces to Deliver Cloud Threat Defense Based on NIST Cybersecurity Framework (CSF)
Researchers (most notably Chris Vickery) have discovered that a common misconfiguration in Amazon Simple Storage Service (Amazon S3) may expose sensitive enterprise data to unauthorized access. They were actively searching …
Read More -
Tackling Public Cloud Security at RSA Conference
Is securing your AWS, Azure, or Google Cloud environments top of mind? RedLock advises organizations on emerging cloud security issues such as cryptojacking, account compromise detection, compliance assurance, and vulnerability …
Continue reading “Tackling Public Cloud Security at RSA Conference”
Read More -
RedLock Announces Support for New Cloud Security Command Center for Google Cloud Platform
Enterprise adoption of the cloud continues to ramp, with clears signs of acceleration in 2018. At RedLock, we meet daily with executives across different verticals to hear about their migration …
Read More -
Mitigating Cloud Security Risks Starts with Data — Ends with Context
“The problem with data is that it says a lot, but it also says nothing.‘ – Sendhil Mullainathan, Professor of economics, Harvard
Read More -
Cloud Security Trends and Equipping your “PreCrime” Unit to Combat Tomorrow’s Cybercrime
“Minority Report” officers behind the PreCrime police force reduced felonies by 99.8 percent, and by April 2054, Washington, D.C., and Northern Virginia were murder-free for five consecutive years. As far-fetched …
Read More -
Lessons from the Cryptojacking Attack at Tesla
The Cryptojacking Epidemic A few months ago, the RedLock Cloud Security Intelligence (CSI) team found hundreds of Kubernetes administration consoles accessible over the internet without any password protection.
Read More -
RedLock and Tenable.io Enhance AWS Security
One attribute that uniquely sets the RedLock Cloud 360™ platform apart from other solutions is the ability to ingest data from multiple, disparate sources to provide a unified view of …
Continue reading “RedLock and Tenable.io Enhance AWS Security”
Read More -
“Meltdown” and “Spectre”: RedLock has you Protected
The recent disclosures of the Spectre and Meltdown vulnerabilities underscores the need for cloud computing customers to fulfill their role in the cloud shared responsibility model, embraced by AWS Security, Azure and …
Continue reading ““Meltdown” and “Spectre”: RedLock has you Protected”
Read More -
Ensuring CIS, PCI, and HIPAA Compliance with RedLock
This blog was originally published as a guest post in the AWS Startups Blog. In just a few short years, cloud computing has literally changed the entire IT landscape. And …
Continue reading “Ensuring CIS, PCI, and HIPAA Compliance with RedLock”
Read More -
2017 Cloud Threat Defense Lessons Learned
Before founding RedLock, I spent over 10 years in cloud security – both as a practitioner at a leading cloud service provider, and later as a company builder at a …
Continue reading “2017 Cloud Threat Defense Lessons Learned”
Read More -
Protecting the AWS Access Keys to Your Kingdom
Is your organization looking to achieve cloud security and compliance assurance across your Amazon Web Services, Microsoft Azure, and/or Google Cloud environments? If so, access key anomaly detection and contextual …
Continue reading “Protecting the AWS Access Keys to Your Kingdom”
Read More -
RedLock Bolsters Cloud Security with Amazon GuardDuty Integration
With AWS re:Invent 2017 in full swing at Las Vegas, I am thrilled to announce that RedLock is a launch partner for Amazon GuardDuty, a new threat detection service …
Continue reading “RedLock Bolsters Cloud Security with Amazon GuardDuty Integration”
Read More -
Vegas Re:Invented
Are you headed to AWS re:Invent? The RedLock team is hosting several events and you’re invited to join us! Already at the MGM Grand for security sessions? Schedule some time …
Continue reading “Vegas Re:Invented”
Read More -
Cloud Security Trends: Winter is Coming
RedLock CSI Team 10.05.17 6:00 AM If you’re a Game of Thrones fan like us, you can probably recount a favorite battle or two that put you on pins …
Continue reading “Cloud Security Trends: Winter is Coming”
Read More -
Money Doesn’t Grow on Trees, but it’s Growing in the Cloud
The RedLock Cloud Security Intelligence (CSI) team had previously reported (refer to Public Cloud Infrastructure Security Trends May 2017 report) that hundreds of Kubernetes administration consoles are accessible over the …
Continue reading “Money Doesn’t Grow on Trees, but it’s Growing in the Cloud”
Read More -
Security Best Practices for AWS Access Key Deletion
Recent months have seen a number of high profile breaches such as the OneLogin breach that resulted from compromised access keys. In these instances, the affected organizations failed to meet …
Continue reading “Security Best Practices for AWS Access Key Deletion”
Read More -
Google Groups Misconfiguration Security Advisory
The RedLock CSI team discovered hundreds of Google Groups that have publicly exposed messages containing sensitive information. The Impact The Google Groups misconfiguration has led to the exposure of sensitive …
Continue reading “Google Groups Misconfiguration Security Advisory”
Read More -
Docker Hub Security Advisory
The RedLock CSI team found that many organizations have accidentally shared internal Docker images publicly. The Impact The misconfiguration has led to the exposure of source code and other sensitive …
Continue reading “Docker Hub Security Advisory”
Read More -
3 Key Takeaways from AWS Community Day
Last week, the first AWS Community Day was held in San Francisco. Unlike most conferences that are sponsored by vendors, this free event was organized by AWS community leaders and …
Continue reading “3 Key Takeaways from AWS Community Day”
Read More -
Misconfiguration Exposes 198 Million American Voter Records
During the 2016 election, the Republican National Committee (RNC) hired Deep Root Analytics (DRA) to analyze political voting behaviors of Americans. DRA is storing 25 terabytes of sensitive voter information …
Continue reading “Misconfiguration Exposes 198 Million American Voter Records”
Read More -
Lessons from the OneLogin Breach
Research has shown that people with the GG genotype are able to quickly learn from their mistakes. We are starting the “Cybersecurity GG Genotype” blog series where we will analyze breaches …
Continue reading “Lessons from the OneLogin Breach”
Read More -
Cloud Security Trends and Preventing Cyberheists
During one of my favorite scenes in Ocean’s Eleven, Saul Bloom asked Danny Ocean, “You expect us to just walk out the casino with millions of dollars on us?” Who …
Continue reading “Cloud Security Trends and Preventing Cyberheists”
Read More -
AWS RDS / EBS Misconfiguration Advisory
The RedLock security research team discovered a common misconfiguration in Amazon Relational Database Service (RDS) and Amazon Elastic Block Store (EBS) where snapshots have inadvertently been granted “public” access. This …
Continue reading “AWS RDS / EBS Misconfiguration Advisory”
Read More -
Amazon S3 Misconfiguration Advisory
Researchers (most notably Chris Vickery) have discovered that a common misconfiguration in Amazon Simple Storage Service (Amazon S3) may expose sensitive enterprise data to unauthorized access. They were actively searching …
Continue reading “Amazon S3 Misconfiguration Advisory”
Read More -
42 and RedLock
What is the answer to life? 42 What is the answer to cloud security? In September 2015, my co-founder, Varun met at a cafe in San Francisco to answer this …
Continue reading “42 and RedLock”
Read More