Książki

Cyberattacks continue to increase in volume and sophistication, targeting everything owned, managed, and serviced from the cloud. Today, there is widespread consensus-it is not a matter of if, but rather when an organization will be breached. Threat actors typically target the path of least resistance. With the accelerating adoption of cloud technologies and remote work, the path of least resistance is shifting in substantive ways. In recent years, attackers have realigned their efforts, focusing on remaining undetected, monetization after exploitation, and publicly shaming organizations after a breach.

New, innovative, and useful products continue to emerge and offer some cloud protection, but they also have distinct limitations. No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity. The simple fact is that the cloud is based on a company's assets being offered as services. As a result, the best security any organization can achieve is to establish controls and procedures in conjunction with services that are licensed in the cloud.

Cloud Attack Vectors details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and shows how to improve detection of malicious activity.

What You'll Learn

• Know the key definitions pertaining to cloud technologies, threats, and cybersecurity solutions
• Understand how entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment
• Implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments
• Develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementation

 Who This Book Is For

Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources

Introduction

Chapter 1. Cloud Computing

Software as a Service

Platform as a Service

Infrastructure as a Service

Function as a Service

Desktop as a Service

Data Center as a Service

Backend as a Service

Chapter 2. Cloud Providers

Microsoft Azure

Google Cloud Platform

Oracle Cloud

Alibaba

Other Services

Chapter 3. Cloud Definitions

Identities

Accounts

Entitlements

Privileges

Rights

Permissions

Containers

Microsegmentation

Instances

Chapter 4. Asset Management

Discovery

Chapter 5. Attack Vectors

Vulnerabilities

Hardening

Configurations

Credentials

S3 Buckets

Identities

Entitlements

API

Authentication

Certificates

Remote Access

Supply Chain - 3rd Party MSP/MSSP

Chapter 6. Mitigations

Hardening

Patch Management

PAM

CIEM

CIAM

CWPP

Chapter 7. Regulatory Compliance

Security Questionnaires

SOC

Type I

Type II

Type III

Cloud Security Alliance

CAIQ

CIS Controls

PCI DSS

ISO

NIST

FedRamp

Chapter 8. Architectures

Zero Trust

Cloud-Native

Ephemeral Implementations

Accounts

Instances

Privileges

Chapter 9. Imposter Syndrome

Chapter 10. Recommendations

Chapter 11. Conclusion