Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches
1. Dec 2020

Más contenido relacionado

Presentaciones para ti(20)

Similar a Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches(20)


Más de


Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Data Breaches

  1. Confidential Hotels, Hookups and Video Conferencing A Top 10 Countdown to 2020's Worst Data Breaches “We Dig Your Cloud”
  2. Meet the Speakers Eric Kedrosky Director of Cloud Security Research & CISO Sonrai Security Mitch Ashley CEO & Managing Analyst Accelerated Strategies Group
  3. 2020 Data Breaches
  4. Misconfigurations
  5. 10: Prestige Software
  6. Lessons From Misconfigurations • Need comprehensive controls, applied to each domain • One technique doesn’t mean safety  • Block permissions with policies and constant monitoring for mistakes
  7. Third-Party
  8. 9. Keepnet
  9. Lessons From Third Party Breaches • Need comprehensive controls across all providers • Checks and audits are required • Vendors are targets too • Continuously maintain least privilege
  10. Weak Authentication for Data Storage
  11. 8. Spotify
  12. Lessons for Weak Authentication • Be careful trusting old school network protection • Protect EVERYTHING with authentication • Use proper network zoning for multi-tier application stacks
  13. No Authentication for Data Storage
  14. 7. BlueKai
  15. Lessons for No Passwords • Use passwords
  16. Human Error
  17. 6. Vertafore
  18. Lessons for Human Error • Continuously monitor access • Get to and maintain least privilege • Prevent overprivege
  19. Key and Secret Management
  20. 5. WildWorks
  21. Lessons Key and Secret Management • Multi-factor authentication is powerful • Use keys wisely • Looks for keys and secrets in code repos and open storage • Look for sloppy key exposure
  22. Overprivilege
  23. 4. Cisco
  24. Lessons from Overprivilege • Define adequate privilege for each account and workload • Compare permissions to usage and triage to get to least privileged • Establish protections for highly privileged accounts • Watch out for bad habits in creating overprivileged accounts
  25. Insider Threats
  26. 3. Shopify
  27. Lessons and Tactics for Insider Attacks • Highly privileged and “break glass” accounts must be supported, but such accounts must be used carefully • Separation of duties for dangerous activities is vital • Some security architectures make separation of duties tricky; root accounts are required for some functions
  28. Admin Credentials
  29. 2. MobiFriends
  30. Lessons and Tactics for Admin Credentials • Creating accounts and roles separate duties • Remove dormant admin accounts • Get to least privilege • Administrative credentials are only used for administrative tasks • Administrator privileges are appropriately logged and continuously monitored
  31. Trial By Fire
  32. 1. Zoom
  33. Lessons and Tactics for Security Teams • Continuous auditing and reporting • Integrate teams to shift left effectively • Prevent and remediate issues • Remove blind spots and gaps from Individual tools
  34. Sonrai can help Identity and Data Protection for AWS, Azure, GCP, and Kubernetes Identity & data access complexity is a ticking time bomb in your cloud. Tens of thousands of pieces of compute, thousands of roles, and a dizzying array of interdependencies and inheritances. First-generation security tools miss this as evidenced by so many breaches. Sonrai Dig, our enterprise identity and data governance platform, de-risks your cloud by finding these holes, helping you fix them, and preventing those problems from occurring in the first place.
  35. Confidential Q & A
  36. Confidential Thank You! “We Dig Your Cloud”