We just finished pushing our story on Capital One’s data breach as Threatpost published their story on yet another enterprise exposing their data. Honda Motor Company, one of the largest automobile manufacturers in the world, misconfigured an ElasticSearch database containing approximately 134 million documents and amounted to roughly 40GB of data.
Justin Paine, the security researcher who discovered the exposed database:
What makes this data particularly dangerous in the hands of an attacker is that it shows you exactly where the soft spots are. I am specifically not going to name the major endpoint security vendor that protects Honda’s machines, but the data makes it clear which vendor they use and which machines have the endpoint security software enabled and up to date. The data seems to show you which machines do not have endpoint security enabled, which machines are running older operating systems, and if you have a particular vulnerability you could quickly search for machines that have not been patched yet using this data.
Misconfiguring a cloud database, storage container, or search engine can have massive consequences, especially if they contain confidential information. Just ask Capital One whose recent misconfigured firewall led to a former employee of AWS (an insider threat) using web application firewall credentials to obtain privilege escalation. This allowed access to one of their S3 buckets and subsequent exposure of over 100 million users’ data. Facebook, earlier this year, exposed 540 million user records due to a misconfigured AWS S3 bucket from not one, but two different Facebook apps. A publicly accessible MongoDB database with misconfigured settings put Verification.io in the news when they exposed 150 gigabytes of customer data. Elasticsearch misconfigurations, a more recent culprit, left companies including Rubrik, Voipo, Meditab, and Dow Jones with exposed caches of customer information on publicly accessible servers without passwords.
Other Notable Recent Company Breaches:
- Fed Ex
- National Credit Federation
- Australian Broadcasting Corporation
- Dow Jones
“Through 2022, at least 95% of cloud security failures will be the customer’s fault,” Gartner.
This epidemic has already seen the leakage of more than 14 billion data records in the last five years as reported by Breach Level Index. Without a holistic approach to security, companies open themselves up to undue risk mostly caused by:
- Inexperienced users
- A lack of unified visibility across cloud service providers and environments
- Failure to adjust from perimeter-oriented security to configuration-managed security
- An unprecedented rate of change, scale, and scope
How to avoid these misconfigurations?
The DivvyCloud approach enables organizations to change how they deploy and build applications entirely. Not necessarily just a technology shift, but more of a cultural change. Everything an IT department does will need to change: how they deploy applications, what applications they build, how they learn from their customers, etc. All of that has to change because engineering teams have direct access to infrastructure and old processes aren’t going to work. Simple truth: the rate of change and the dynamic nature of software-defined infrastructure has outstripped human capacity. If companies get a list of a thousand problems, even with 100 people tasked with resolving them, problems either disappear, move, or are replaced with even more significant issues. Enterprises need to be able to deal with faults in real-time.
Organizations need a security solution that provides the automation essential to enforce policy, to reduce risk, provide governance, impose compliance, and increase security across large-scale hybrid cloud infrastructure. Automation should take the pain out of making cloud infrastructure secure in a shared responsibility world by providing a framework for what organizations should be doing via a continuous, real-time process. By utilizing security automation, companies can stay agile and innovate, while maintaining the integrity of their technology stack and applying the policy they deem necessary to operate their business.
Core to a company’s solution should be an easy-to-use interface from which clients can manage their existing cloud infrastructure. At scale, policy enforcement cannot and should not be manually performed. Security automation can discover and automatically take action to address policy infringements or security issues (like an exposed ElasticSearch Database). It also allows for simultaneous offense and defense, resulting in increased innovation and a reduction of risk.
Are you Interested in learning more? Speak with a DivvyCloud expert today!
Watch DivvyCloud’s 60-second video to learn how we help customers like GE, 3M, Autodesk, Discovery, and Fannie Mae stay secure and compliant.
DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.