Basic roles in GCP allow data-level actions, even though at first glance it might seem like they don’t. Avoid using basic roles, and if you must use them, make a special effort to protect any sensitive data you store in your GCP projects.
The post The …
Author: Lior Zatlavi
Europe, Global Security News, North America
Introduction to IAM in Google Cloud Platform (GCP)
by Lior Zatlavi •
An introduction for anyone getting started with GCP or even for experienced professionals who are looking for a structured overview.
The post Introduction to IAM in Google Cloud Platform (GCP) appeared first on Ermetic.
The post Introduction to IAM in …
Europe, Global Security News, North America
Hidden Risk in the Default Roles of Google-Managed Service Accounts
by Lior Zatlavi •
Some Google-managed service accounts are binded by default to a role granting access to storage.objects.read. This hidden risk is (yet another) great reason to use customer-managed KMS keys to encrypt your sensitive data stored in buckets.
The post Hid…
Europe, Global Security News, North America
Keep Your S3 Safe from CloudTrail Auditors
by Lior Zatlavi •
AWSCloudTrailReadOnlyAccess currently allows s3:GetObject for “*” and s3:ListAllMyBuckets – and reading CloudTrail logs may also give access to bucket object keys. BE CAREFUL!
The post Keep Your S3 Safe from CloudTrail Auditors appeared first on Ermeti…
Europe, Global Security News, North America
Tracking Adversaries in AWS using Anomaly Detection, Part 2
by Lior Zatlavi •
Going through the cyber “kill chain” with Pacu and using automated analysis to detect anomalous behavior
The post Tracking Adversaries in AWS using Anomaly Detection, Part 2 appeared first on Ermetic.
The post Tracking Adversaries in AWS using Anomaly …
Europe, Global Security News, North America
Protect Your AWS Environment Beyond Patching Log4j
by Lior Zatlavi •
The crucial strategic lessons overlooked by enterprises dealing with the recently reported Log4j vulnerability.
The post Protect Your AWS Environment Beyond Patching Log4j appeared first on Ermetic.
The post Protect Your AWS Environment Beyond Patching…
Europe, Global Security News, North America
Don’t Hide Your Secrets in Plain Sight
by Lior Zatlavi •
The not-so-sensitive locations that may tempt you when storing sensitive information — why to avoid them and how
The post Don’t Hide Your Secrets in Plain Sight appeared first on Ermetic.
The post Don’t Hide Your Secrets in Plain Sight appeared first …