46 minutes | Mar 10, 2021

How Common Identity Misconfigurations Can Undermine Cloud Security

Welcome to a brand new cloud security podcast, Cloud Security Today. Instead of focusing on the latest news, we’re exploring a different take on cloud security where we dig deeper into its eclectic “how-to” side. On Cloud Security Today, we are going to talk with experts from all over the community so you can do cloud security better. Today’s experts are Nathaniel Quist (Q) and Jay Chen, and they will be talking about Unit 42’s latest cloud threat research. First up Q and J, as we call them, introduce listeners to their professional histories before telling us how they choose their research projects. We then talk to Q and Jay about findings from their latest report on identity and access management. Together, they explain some of the common vulnerabilities that come with identity and access management, like misconfigured roles. Toward the end of the episode, we talk to Q about cryptojacking, as he explains the nuances to mining coins maliciously, the various teams behind the act, and how they use code against each other.  Key Points From This Episode:●      How to become a threat researcher. Q and Jay share a little bit about their background.●      Watch your roles and look out for wildcards in configurations!●      APIs don’t always behave as expected – test them!Tweetables:“My biggest surprise is that even in a multi-million-dollar enterprise environment with thousands of workloads, thousands of EC2 instances and databases, they still make very fundamental mistakes.” — Jay Chen [0:09:55]“The cloud has the potential to be so much more granularly controlled than just a normal on-prem environment. From the outside looking in, it's very complex. Complexity can bring some obscurity within the cloud environment.” — Nathaniel Quist [0:17:00]Links Mentioned in Today’s Episode: Matt Chiodi on LinkedInMatt Chiodi on TwitterUnit 42 Cloud Threat ReportNathaniel Quist on LinkedInJay Chen on LinkedInIAMFinder tool on GitHubComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Play Next