DarkNet.org.uk reported earlier this week that information on 4 million Time Warner Cable customers had been exposed in an apparent misconfiguration of an Amazon S3 bucket. You may recall in July it was widely reported that 14 million Verizon customers and 3 million WWE fans had been similarly exposed by a misconfigured S3 instances. Forbes also reported that month that Dow Jones has suffered a similar misconfiguration issue, exposing data on 2 million customers. In each of these cases, the data leak could easily have been prevented through proper configuration of the S3 buckets. In these cases, simple human error created the security gaps that allowed the leak of sensitive data. In each case the error was found by a third party who observed the issue and reported it to the company.
While preventing human error is impossible, the sheer number of stories about misconfigured S3 buckets and databases exposing sensitive data to the open internet this year alone shows that having security monitoring and scanning is no longer optional for organizations, but a requirement. Regular, frequent vulnerability scans will identify many known misconfigurations or software vulnerabilities that will inform your organization’s threat model and guide the path towards mitigating risks. Because erroneous changes to a configuration could occur at any time, it is important to scan frequently, not simply once or twice a year to fulfill an audit requirement.
However, scans alone are not enough to detect and prevent misconfigurations. Many misconfigurations fall into a grey area that depends on other aspects of the environment and will not be flagged by a vulnerability scan. In these cases, continuous monitoring of all IT infrastructure and alerting for anomalous activity, such as large exports of sensitive data from a storage server to unfamiliar IPs, is a crucial step to prevent data theft. By rapidly identifying and responding to a potential breach, the impact can often be reduced substantially.
For organizations who struggle with 24x7 security monitoring, ongoing vulnerability management, or patch management due to lack of time, resources or staff, EiQ Networks can help. Through our SOCVue security as a service platform, we provide the people, process and technology needed for resource-constrained organizations to get an enterprise-class security at an affordable cost.