Category Archives: Cloud Computing

Four Reasons Your Cloud Security Is Keeping You Up At Night

We are excited to introduce guest posts from our newest Trenders from Cloud Conformity, now Trend Micro Cloud One – Conformity. More insights will be shared from this talented team to help you be confident and in control of the security of your cloud environments!

Why your cloud security is keeping you up at night

We are all moving to the cloud for speed, agility, scalability, and cost-efficiency and have realized that it demands equally powerful security management. As the cloud keeps on attracting more businesses, security teams are spending sleepless nights securing the infrastructure.

Somewhere, a cyber con artist has a target set on you and is patiently waiting to infiltrate your security. Managing your security posture is as critical as wearing sunscreen even if the sun is hiding behind a cloud. You may not feel the heat instantly, but it definitely leaves a rash for you to discover later.

Analyzing the volume of issues across the global Trend Micro Cloud One – Conformity customer base clearly shows that ‘Security’ is the most challenging area within AWS infrastructure.

According to an internal study in June 2019, more than 50% of issues belonged to the ‘Security’ category.

We can definitely reduce the number of security issues affecting cloud infrastructure, but first need to conquer the possible reasons for security vulnerabilities.

 1. Not scanning your accounts regularly enough

If you deploy services and resources multiple times a day, you must continuously scan all your environments and instances at regular intervals. Tools like Conformity Bot scans your accounts against 530 rules across five pillars of the Well-Architected Framework to help you identify potential security risks and prioritize them. You can even set up the frequency of scans or run them manually as required.

2. Not investing in preventative measures

Seemingly harmless misconfigurations can cause enormous damage that can rapidly scale up and result in a security breach. You can prevent potential security risks from entering live environments by investing some time in scanning your staging or test accounts before launching any resources or services. You can use a Template Scanner to scan your account settings against CloudFormation Template and identify any security and compliance issues before deployment.

3. Not monitoring real-time activity

Catastrophes don’t wait! It may take a few minutes before someone barges into your cloud infrastructure while you are away on the weekend. You need to watch activity in real-time to act on threats without delay. A tool such as Real-Time Monitoring Add-on tracks your account’s activity in real time and triggers alerts for suspicious activity based on set configurations. For example, you can set up alerts to monitor account activity from a specific country or region.

4. Not communicating risks in a timely manner

The information trickling from your monitoring controls is fruitless until you get the right people to act quickly. One of the best practices to maintain smooth security operations is to merge the flow of security activity and events into information channels. Conformity allows you to integrate your AWS accounts with communication channels, for example Jira, email, SMS, Slack, PagerDuty, Zendesk, ServiceNow ITSM, and Amazon SNS. Moreover, configuring communication triggers sends notifications and alerts to set teams through the selected channels.

AWS provides you with the services and resources to host your apps and infrastructure, but remember – Security is a shared responsibility in which you must take an active role.

See how Trend Micro can support your part of the shared responsibility model for cloud security: https://www.trendmicro.com/cloudconformity.

Stay Safe!

The post Four Reasons Your Cloud Security Is Keeping You Up At Night appeared first on .

Researchers develop new optical stealth encryption technology

The first all optical stealth encryption technology that will be significantly more secure and private for highly sensitive cloud-computing and data center network transmission, has been introduced by BGN Technologies. Time is running out on security and privacy “Today, information is still encrypted using digital techniques, although most data is transmitted over distance using light spectrum on fiber optic networks,” says Prof. Dan Sadot, Director of the Optical Communications Research Laboratory, who heads the team … More

The post Researchers develop new optical stealth encryption technology appeared first on Help Net Security.

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any

Organizational culture defines a successful cloud strategy

61% of organizations in the U.S. and Canada are committed to moving enterprise applications to the cloud as quickly as possible, but many struggle with challenges related to company culture on the way to a successful cloud strategy, NTT DATA Services reveals. The report found that despite the importance of next-generation cloud adoption, cultural change management is a major obstacle for many businesses, with nearly two-thirds of respondents reporting technical challenges as easier to overcome … More

The post Organizational culture defines a successful cloud strategy appeared first on Help Net Security.

52% of companies use cloud services that have experienced a breach

Seventy-nine percent of companies store sensitive data in the public cloud, according to a McAfee survey. Anonymized cloud event data showing percentage of files in the cloud with sensitive data While these companies approve an average of 41 cloud services each, up 33 percent from last year, thousands of other services are used ad-hoc without vetting. In addition, 52 percent of companies use cloud services that have had user data stolen in a breach. By … More

The post 52% of companies use cloud services that have experienced a breach appeared first on Help Net Security.

CIOs using AI to bridge gap between IT resources and cloud complexity

There’s a widening gap between IT resources and the demands of managing the increasing scale and complexity of enterprise cloud ecosystems, a Dynatrace survey of 800 CIOs reveals. IT leaders around the world are concerned about their ability to support the business effectively, as traditional monitoring solutions and custom-built approaches drown their teams in data and alerts that offer more questions than answers. CIO responses in the research indicate that, on average, IT and cloud … More

The post CIOs using AI to bridge gap between IT resources and cloud complexity appeared first on Help Net Security.

Six trends attracting the attention of enterprise technology leaders

Organizations around the world will accelerate enterprise technology investment in 2020, leveraging digital improvements to make them more competitive, improve connections with consumers, and keep up with the increasing demands of privacy regulation and security needs. Hyland has identified six technology trends that will drive these improvements and demand the attention of CIOs CTOs in the coming year and beyond. Prioritize cloud control Organizations will opt for managed cloud services to increase security and efficiency. … More

The post Six trends attracting the attention of enterprise technology leaders appeared first on Help Net Security.

Budgetary, policy, workforce issues influencing DOD and intelligence community IT priorities

Information Technology spending by Department of Defense (DOD) and Intelligence Community (IC) agencies will continue to grow as they work to keep pace with the evolution of both the threat landscape and technology development, according to Deltek. Intelligence community The increasing sophistication of adversaries, expanding threat landscape, rapid pace of technology advancement and data proliferation continue to fuel the IC’s demand for tools and resources to meet mission objectives. IT solutions such as cloud computing, … More

The post Budgetary, policy, workforce issues influencing DOD and intelligence community IT priorities appeared first on Help Net Security.

The Summit of Cybersecurity Sits Among the Clouds

Trend Micro Apex One™ as a Service

You have heard it before, but it needs to be said again—threats are constantly evolving and getting sneakier, more malicious, and harder to find than ever before.

It’s a hard job to stay one step ahead of the latest threats and scams organizations come across, but it’s something Trend Micro has done for a long time, and something we do very well! At the heart of Trend Micro security is the understanding that we have to adapt and evolve faster than hackers and their malicious threats. When we released Trend Micro™ OfficeScan™ 11.0, we were facing browser exploits, the start of advanced ransomware and many more new and dangerous threats. That’s why we launched our connected threat defense approach—allowing all Trend Micro solutions to share threat information and research, keeping our customers one step ahead of threats.

 

With the launch of Trend Micro™ OfficeScan™ XG, we released a set of new capabilities like anti-exploit prevention, ransomware enhancements, and pre-execution and runtime machine learning, protecting customers from a wider range of fileless and file-based threats. Fast forward to last year, we saw a huge shift in not only the threats we saw in the security landscape, but also in how we architected and deployed our endpoint security. This lead to Trend Micro Apex One™, our newly redesigned endpoint protection solution, available as a single agent. Trend Micro Apex One brought to the market enhanced fileless attack detection, advanced behavioral analysis, and combined our powerful endpoint threat detection capabilities with our sophisticated endpoint detection and response (EDR) investigative capabilities.

 

We all know that threats evolve, but, as user protection product manager Kris Anderson says, with Trend Micro, your endpoint protection evolves as well. While we have signatures and behavioral patterns that are constantly being updated through our Smart Protection Network, attackers are discovering new tactics that threaten your company. At Trend Micro, we constantly develop and fine-tune our detection engines to combat these threats, real-time, with the least performance hit to the endpoint. This is why we urge customers to stay updated with the latest version of endpoint security—Apex One.”

Trend Micro Apex One has the broadest set of threat detection capabilities in the industry today, and staying updated with the latest version allows you to benefit from this cross-layered approach to security.

 

One easy way to ensure you are always protected with the latest version of Trend Micro Apex One is to migrate to Trend Micro Apex One™ as a Service. By deploying a SaaS model of Trend Micro Apex One, you can benefit from automatic updates of the latest Trend Micro Apex One security features without having to go through the upgrade process yourself. Trend Micro Apex One as a Service deployments will automatically get updated as new capabilities are introduced and existing capabilities are enhanced, meaning you will always have the most recent and effective endpoint security protecting your endpoints and users.

 

Trend Micro takes cloud security seriously, and endpoint security is no different. You can get the same gold standard endpoint protection of Trend Micro Apex One, but delivered as a service, allowing you to benefit from easy management and ongoing maintenance.

The post The Summit of Cybersecurity Sits Among the Clouds appeared first on .