New tools protect your AWS infrastructure

Rhino Security and Amazon offer tools to improve visibility into your AWS cloud environments, making it easier to find configuration errors and vulnerabilities.

security threats and vulnerabilities

Properly testing your virtual infrastructure has been an issue almost since there were virtual machines (VMs) and Amazon’s Web Services (AWS). Lately, the tool sets have gotten better.

Part of the problem is that to adequately test your AWS installation, you need to know a lot about how it is constructed. You have to draw on typical vulnerabilities and attack methods, as well as understand the relationships among your various VMs and network components. That is a lot of knowledge, and if your developers are busy building stuff, they don’t want to devote much time to explaining how all the components are put together.  

Another part of the problem is that most penetration tests focus on on-premise applications, where the environments are more carefully defined and stable. An AWS configuration is more ephemeral, where CPUs can come and go, and storage blocks are created and destroyed in the blink of an eye. And “no one wants to test new attack techniques against their own professional environment,” as this post from Rhino Security starts out.

Last year, Skyhigh Networks found that 7 percent of all AWS S3 buckets were exposed to the overall Internet. Worse, a third of these public buckets were unencrypted, making it almost child’s play to review the data contained in them. 

Many of these are configuration errors that go undiscovered for months until an analyst or reporter tries to contact the firm involved, such as this summer’s leak of users of Honda’s Connect in-car control systems that came from a third party in India, or a huge list of voting records from an unsecured S3 bucket at Deep Root Analytics.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.