Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3

Press Releases

April 20, 2017 |

Threat Stack Analysis Reveals 73% of Companies Have Critical AWS Cloud Security Misconfigurations

Wide open SSH and infrequent software updates among the top risks identified in the majority of 200+ cloud-based environments

April 18, 2017 09:30 AM Eastern Daylight Time

BOSTON–(BUSINESS WIRE)–Threat Stack, the leader in cloud-native security and compliance management, today announced the findings of an analysis of more than 200 companies using AWS that revealed nearly three-quarters have at least one critical security misconfiguration, such as remote SSH open to the entire Internet. Configuration lapses that enable an attacker to gain access directly to private services or the AWS console, or could be used to mask criminal activity from monitoring technologies are deemed “critical” by Threat Stack.

The analysis found a surprising number of well-documented security misconfigurations. Among the most egregious were AWS Security Groups configured to leave SSH wide open to the internet in 73% of the companies analyzed. This simple configuration error allows an attacker to attempt remote server access from anywhere, rendering traditional network controls like VPN and firewalls moot. In fact, Threat Stack observed SSH traffic from the internet using the root account, which could have severe security repercussions. Additionally, the well-recognized best practice of requiring multi-factor authentication for AWS users was not being followed by 62% of companies analyzed, making brute force attacks that much simpler. Even AWS-native security services, such as CloudTrail, were not being deployed universally (27%) across all regions.

“The most surprising part of these findings is that, for all the money that sophisticated enterprises spend on advanced security, a majority aren’t even taking full advantage of the basic security tools available to them as AWS users,” said Sam Bisbee, CTO, Threat Stack. “Despite years of education from AWS and their technology partners in the industry, not to mention the prevalence of automated security checks, a majority of users are still not configuring their cloud environments securely. Hopefully, this data will serve as a wakeup call.”

While these cloud security best practices are relatively simple to fix, Threat Stack identified a more complex concern. Data collected by Threat Stack going back to September of 2016 showed that fewer than 13% of the companies analyzed were keeping software updates current. In addition, despite the “spin up/down” intrigue of the cloud, the majority of those unpatched systems are kept online indefinitely, some more than three years. When combined with the AWS misconfigurations and weak remote administration, it becomes clear that companies need to focus on fundamental hygiene immediately.

Threat Stack CTO Sam Bisbee will present these findings and more during the AWS San Francisco Summit in a session on AWS security trends, analysis and best practices on Tuesday, April 18, at 12:00 pm PST, in Moscone West, Level 3.

To help identify these types of AWS misconfigurations that can easily be missed, Threat Stack offers a free Threat Stack Audit trial to help score customers’ environments against AWS security best practices and provide steps for improvement.

About Threat Stack
Threat Stack enables growth-driven companies to scale with confidence by identifying and verifying insider threats, external attacks and data loss in real-time. The only fully integrated, cloud-native security platform that gives customers instant visibility and automatically responds to changes in their environment throughout the stages of their cloud security maturity, from auditing their environment, to continuous monitoring and alerting, to investigation and analysis.Threat Stack provides the coverage needed to run secure and compliant, in all environments, without sacrificing speed and efficiency. For more information, or to start a free trial, visit

For Threat Stack
Carissa Ryan

Editor’s Choice

ChannelPro LIVE: Baltimore Builds MSP Relationships, AI Wows Them

May 17, 2024 |

The day-and-a-half event at the DoubleTree by Hilton in Pikesville, MD, featured business-enhancing educational sessions, networking opportunities, and a detailed look at cutting edge technology from leading vendors.

Deepfakes + Generative AI = Major Problems for Business

May 14, 2024 |

Deepfakes that can’t be distinguished from reality threaten to shatter the fundamental hierarchy of human trust and impact businesses.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience