Cloud Threat Report: I AM the first line of defense
The ongoing transition to cloud platforms has meant that more sensitive data is stored in the cloud, making it more tempting for adversaries to exploit. When it comes to securing the cloud, identity is the first line of defense. Proper identity and access management (IAM) policies are the foundation of comprehensive cloud security principles. To understand how IAM policies affect organizations’ cloud security posture, Unit 42 researchers analyzed 680,000+ identities across 18,000 cloud accounts from 200 different organizations. The results of our research were shocking – nearly all organizations we analyzed lack the proper IAM management policy controls to remain secure.
Misconfigured IAM policies open the door for cloud threat actors. We define a cloud threat actor as “”an individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services or embedded metadata.”” Cloud threat actors merit a separate definition as they employ a fundamentally different set of tactics, techniques and procedures (TTPs) that are unique to the cloud – such as taking advantage of the ability to perform both lateral movement and privilege escalation operations simultaneously.
Join us to find out about the latest research in overprivileged IAM identities in real-world cloud environments and how cloud threat actors are zeroing in on these excessive permissions to expand their control of cloud environments. Detection and mitigation of these risks are possible, we let you know how!