Sonrai Security Releases Industry-First Risk Insights Engine 👉
Learn More
  • Solutions
      • Cloud Security Platform
      • Workload / CWPP
      • Platform / CSPM
      • Identity / CIEM
      • Data / Cloud DLP
      • Workflow & Automation
      • Sonrai Identity Graph
      • Use Cases
      • Least Privilege
      • Least Access
      • Cloud Misconfiguration
      • Vulnerability Management
      • Executive Reporting
      • Compliance
      • Cloud Environments
      • AWS
      • Microsoft Azure
      • Google Cloud
      • Oracle Cloud
      • User Roles
      • Cloud Teams
      • DevSecOps
      • Security Teams
  • Partners
      • Partner Alliances
      • Ecosystem Partners & Integrations
      • Global System Integrators (GSI)
      • Solution Providers (VARS, MSP, MSSP, CSP)
      • Cloud Alliances
      • Microsoft Azure
      • AWS
      • Google Cloud
      • Oracle Cloud
      • Register A Deal
  • Resources
    • Resource Library
    • Blog
    • Customer Stories
    • Events
    • Webinars
  • Company
    • Our Story & Leadership
    • Work With Us
    • Newsroom
    • Awards & Recognition
    • Contact Us
  • Login
  • Request Demo
  • Solutions
      • Cloud Security Platform
      • Workload / CWPP
      • Platform / CSPM
      • Identity / CIEM
      • Data / Cloud DLP
      • Workflow & Automation
      • Sonrai Identity Graph
      • Use Cases
      • Least Privilege
      • Least Access
      • Cloud Misconfiguration
      • Vulnerability Management
      • Executive Reporting
      • Compliance
      • Cloud Environments
      • AWS
      • Microsoft Azure
      • Google Cloud
      • Oracle Cloud
      • User Roles
      • Cloud Teams
      • DevSecOps
      • Security Teams
  • Partners
      • Partner Alliances
      • Ecosystem Partners & Integrations
      • Global System Integrators (GSI)
      • Solution Providers (VARS, MSP, MSSP, CSP)
      • Cloud Alliances
      • Microsoft Azure
      • AWS
      • Google Cloud
      • Oracle Cloud
      • Register A Deal
  • Resources
    • Resource Library
    • Blog
    • Customer Stories
    • Events
    • Webinars
  • Company
    • Our Story & Leadership
    • Work With Us
    • Newsroom
    • Awards & Recognition
    • Contact Us
  • Login
  • Request Demo
Back to Events & Webinars
Webinar

Unauthorized data access in AWS: Showcasing internal threat paths and Least Access Solutions

Webinar Details
Date & Time: 11.12.2021
Type: On Demand
Presenter(s): Jeff Moncrief, Director of Solutions, Sonrai Security
Dave Shackleford, Sr Instructor at SANS
Watch Now

External threats are easy to comprehend for people outside of the security team, and therefore over-represented in business literature: a ‘hacker’ (portrayed as a dark silhouette behind a computer with a hoodie on, for some reason) bangs on the keyboard, probing your defenses until they find some sensitive info that was left public via misconfiguration. There are sometimes sensitive data in that public bucket, but usually that’s just a starting point to abuse an internal access policy failure. In the public cloud, there are many external threats, but internal threats account for the majority of successful data exposures – and the most costly attacks.

It’s time we switched perception to match reality. The concept of on-premise internal threats weren’t portable to the cloud, as the concept of an “identity” improperly accessing sensitive data has changed entirely. An ‘identity’ is no longer a user or an IT service account, but a set of permissions that can be accessed by many entities several different ways – thanks to permission chaining, development oversights, or privilege escalation capabilities. This can start with a bucket mistakenly left public, but the real damage is done when internal access controls aren’t defending against the abuse of these capabilities.

This requires a different approach to internal access – namely, a Least Access policy becomes paramount for data protection. In this session, we’ll demonstrate typical internal threats in AWS and how they abuse poor identity policies to expose sensitive data. We’ll also cover:

  • The volume and diversity of internal threats to sensitive data access
  • How some typical paths for an internal threat that will pass typical auditing and data classification policies
  • How these threats bypass IAM and other explicit permission monitoring
  • Why a Least Access policy is the most important guard against internal threat, and how to implement one
Watch Now
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Linkedin
Sonrai logo FC icon
Request a Demo Login
  • Twitter
  • Linkedin
  • Solutions
  • Cloud Security Platform
    • Workload / CWPP
    • Platform / CSPM
    • Identity / CIEM
    • Data / Cloud DLP
    • Workflow & Automation
    • Sonrai Identity Graph
  • By Use Case
    • Least Privilege
    • Least Access
    • Cloud Misconfiguration
    • Vulnerability Management
    • Executive Reporting
    • Compliance
  • Cloud Environments
    • AWS
    • Microsoft Azure
    • Google Cloud
  • User Roles
    • Cloud Teams
    • DevSecOps
    • Security Teams
  • Partners
    • Partner Alliances
      • Ecosystem Partners & Integrations
      • Global System Integrators (GSI)
      • Solution Providers (VARS, MSP, MSSP, CSP)
    • Cloud Alliances
      • Microsoft Azure
      • AWS
      • Google Cloud
      • Oracle Cloud
  • Resources
    • Resource Library
    • Blog
    • Events
    • Webinar
  • Company
    • Our Story & Leadership
    • Careers
    • News
    • Awards & Recognition
    • Contact Us
  • Twitter
  • Linkedin

© 2022 Sonrai Security. All rights reserved

Sitemap   |   Privacy Policy

Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307 and 11,134,085, together with other domestic and international patents pending. All rights reserved.

Scroll to top