Exposed: Amazon EBS and RDS Exposure
Credit to Author: Rich Beckett| Date: Tue, 26 Nov 2019 14:20:33 +0000
You may have heard of exposed S3 buckets leaving PII and other sensitive data records unprotected through misconfigured “public” access. Virtual hard drive snapshots and database services are just as vulnerable and can be the keys to your kingdom.
The keys to your kingdom
While MongoDB and any database running on a virtual network has the potential to have open ports to the public internet, recent attacks have seen popular services such as Amazon Relational Database Service (RDS) and Amazon Elastic Block Store snapshots (EBS) compromised through a “public” mode. Attackers sure know this and have been turning their attention to these services to take advantage.
Whether you upload your customer database in “public” mode to a test platform while you evaluate Amazon RDS, and forget about it until you’re breached, or leave EBS snapshots of your virtual hard drive unencrypted for the world to see, the window is open for an attack.
As organizations look to expand in the cloud to take advantage of a broader range of services, all too often configuration settings are not applied correctly or they are accidentally changed by another user. This leaves them publicly accessible to anyone with the right skills and an internet connection.
How to identify and prevent EBS snapshot and RDS exposure
Cloud Optix policy control allows you detect and be alerted to public and unencrypted EBS snapshots and RDS instances fast – whether configured incorrectly by accident or through a malicious act.
Custom policy controls allow you to set severity levels for alerts, allowing your organization to monitor the resources critical to your operation closely.
Going further to give you granular visibility, Cloud Optix network topology visualizations allow you to identify RDS instances at risk. This enables your security team to monitor traffic flow, be alerted to unusual traffic patterns with AI-powered alerts, and predict how traffic may flow – highlighting public access from the internet that may lead to a breach.
Cloud breaches go beyond S3 buckets, so look for solutions able to wrap security and monitoring controls around all your critical services in the cloud. Protect your valuable data, files, databases and hard drive snapshots with Cloud Optix from Sophos.