AWS SECURITY

What Makes a
Misconfiguration Critical?
AWS Security Tips

HIGHLIGHTS
Signs of a Critical AWS Security Misconfiguration
Ifamiscongurationcouldleadtoanyofthefollowingsituations,thenit’scon
• 73% of companies have critical:
critical AWS security
• Can be leveraged in a direct data breach
miscongurations
• Can be leveraged in a more complex attack
• Enables trivial attacks on an AWS console
• Acriticalmisconguration
• Reduces or eliminates critical visibility (security or compliance)
leads to a risk of a breach
or another cyber attack Notsureifamiscongurationcouldleadtoanyoftheabove?Thinklikeanattac
canenvisionanattackbasedonamisconguration,chancesare,someoneelseca
• Congurationsshouldbe
audited regularly to avoid Spotting a Critical Misconfiguration
lingering mishaps
Thebestprocessforspottingmiscongurationsisrunningregularconguratio
allowingyoutondanyerrorsyoumissedinthesetupprocess.

Mishaps like leaving SSH wide open to the internet can allow an attacker to attempt
In the cloud, where there are remote server access from anywhere, rendering traditional network controls like VPN
no perimeters and limitless andrewallsmoot.Failingtoenforcemulti-factorauthentication(MFA)isanoth
endpoints, there are many ways miscongurationconcern.Oursurveyfoundthat62%ofcompaniesdidnotactively
attackers can get direct access to requireuserstouseMFA,makingbruteforceattacksalltooeasyforadversari
your environment. With 73% of out.AuditingyourcongurationsregularlywillshowyouhowyouholdupagainstC
companies having critical AWS Benchmarks and AWS best practices.
cloudsecuritymiscongurations
like wide open SSH and infrequent
software updates, the risk of a true
How to Continuously Monitor For
breach remains a reality. Misconfigurations
How do you know whether a Thefastestwaytoxamiscongurationistoknowaboutitthemomentithappens
misconfiguration is going to put you at Someonecreatesasecuritygroupthatiswideopento ouneed
theworld?
toknow
Y right
risk? And how do you identify where now.NewIAMusercreatedwithoutMFA?Don’tmissit.
your gaps are?
Itisimportantthatyounotonlyxtheissueathand,butavoidsimilarmiscong
the future with ongoing, not just point in time auditing.

55 Summer Street, Boston, MA 02110 1+ 617.337.4270 threatstack.com

Threat Stack enables growth-e driv n companies to scale securely and meet complex cloud security needs yb identifyng and e v rifyng insider threats, external attacks, and data loss in real time. Purpose-built for
today’s a
infr structure, the Threat Stack Cloud Security Platform ®

manage risk and compliance across their entire a infr structure, includg cloud, hybrid-clou, multi-cloud, and containerized environments. or F more information or to start a free trial, visit threatstack.com

C O P Y R I G H T © 2 0 1 8 T H R ETA SACT K , I N C . / T S - B LO G -W
A S E C U R I -T 2Y 0 1 8 - 4