ThreatNG Security

View Original

Cloud Asset Discovery

Cloud asset discovery is the systematic process of identifying, cataloging, and managing all IT resources within an organization's cloud environment. It includes a wide range of assets, such as:

  • Compute resources: Virtual machines, containers, serverless functions

  • Storage: Cloud storage buckets, databases

  • Networking: Firewalls, load balancers, virtual networks

  • Identities and access: User accounts, roles, permissions

  • Software applications: Web applications, microservices, CRM systems, CMS systems, internal APIs, serverless functions

Importance of Knowing Your Exposed Assets:

Cloud asset discovery is crucial for cybersecurity because it illuminates what your organization has exposed externally. This visibility helps you understand and manage the potential attack surface that malicious actors could target.

Why External Awareness Matters:

  • Exposed Open Buckets: Cloud storage buckets can be misconfigured and left publicly accessible, exposing sensitive data like customer information (such as names, addresses, and payment details), intellectual property (such as proprietary software code or product designs), or internal documents (such as financial reports or employee records).

  • Presence on Code-Sharing and Data-Sharing Platforms: Sharing code or data on public platforms like GitHub or file-sharing services without proper access controls can lead to unauthorized access or leaks. This could result in the exposure of sensitive information, the compromise of proprietary software, or the violation of data privacy regulations.

  • SaaS Services: Many organizations use various cloud-based Software-as-a-Service (SaaS) applications. Understanding which SaaS services are in use and their security configurations is critical, as vulnerabilities within these services can also be exploited to access data.

By being aware of these potential risks, organizations can take steps to:

  • Secure Open Buckets: Implement access controls and encryption for cloud storage to ensure only authorized users can access sensitive data.

  • Manage Code and Data Sharing: Establish clear policies for sharing code and data on external platforms, including access restrictions and version control.

  • Secure SaaS Usage: Evaluate the security posture of your SaaS services, implement robust authentication methods, and monitor access logs for suspicious activity.

Cloud asset discovery empowers organizations to gain control over their entire cloud environment, proactively address security vulnerabilities, and minimize the risk of data breaches and cyberattacks.

How ThreatNG Can Uniquely Help With Cloud Asset Discovery

ThreatNG's External Attack Surface Management (EASM), Digital Risk Protection (DRP), and security ratings solution offer a unique and innovative approach to cloud asset discovery, setting it apart from traditional methods. Here's how it can assist your organization:

External Discovery and Assessment (Cloud and SaaS Exposure Investigation Module):

  • Without Internal Access: ThreatNG doesn't require internal access, such as connectors, APIs, or authentication to cloud and SaaS environments. It eliminates the need for complex setup and allows for faster discovery.

  • Identifying Sanctioned, Unsanctioned, and Exposed Assets: It discovers not only sanctioned cloud resources and SaaS applications your organization intentionally uses but also unapproved "Shadow IT" and misconfigured exposed buckets. Thus, it provides a more comprehensive picture of your cloud footprint.

Uncovering External Exposures (Code Secret Exposure and Online Sharing Exposure Investigation Modules):

  • Code and Data Leaks: ThreatNG searches public code repositories (like Github) and data-sharing platforms for leaks containing your organization's sensitive information. It helps identify potential breaches or accidental disclosures that traditional asset discovery might miss.

SaaS Service Utilization (Recognizing Pre-Configured Integrations):

  • Pre-built Knowledge of SaaS Applications: ThreatNG comes pre-configured to recognize a wide range of popular SaaS services, including project management tools like Asana and Monday.com, collaboration platforms like Slack and Sharepoint, customer relationship management systems like Salesforce, and HR management tools like BambooHR. This comprehensive recognition capability allows for more effective cloud asset discovery.

  • Identifying Shadow SaaS: This allows ThreatNG to discover sanctioned SaaS subscriptions and potential "Shadow SaaS" applications used by employees without knowledge of the IT department.

Complementary Solutions and Handoff:

ThreatNG integrates well with existing security solutions. Here's how the handoff might work:

  • Security Information and Event Management (SIEM): ThreatNG can discover exposed assets and potential leaks. This information can be fed into a SIEM for further analysis and potential incident response actions.

  • Vulnerability Management Tools: ThreatNG can identify cloud resources and SaaS applications. Vulnerability management tools can then scan these discovered assets for known vulnerabilities.

Example:

An organization might believe they only use AWS S3 buckets for cloud storage. ThreatNG's external discovery might reveal the following:

  • Several publicly accessible S3 buckets expose sensitive data like customer PII.

  • The presence of an unauthorized Microsoft Azure subscription being used by a department.

  • Leaked API keys for a SaaS application (e.g., Salesforce) on a public code repository.

This information would be invaluable for the organization to secure its cloud environment. They can:

  • Secure the exposed S3 buckets and implement access controls.

  • Investigate the unauthorized Azure subscription and determine if it's legitimate Shadow IT.

  • Address the leaked API keys and investigate potential compromise of the SaaS application.

By combining external discovery with code and data leak detection, ThreatNG offers a comprehensive view of an organization's cloud footprint, empowering it to manage its attack surface and minimize security risks proactively.