Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Press Releases

April 20, 2017 |

Threat Stack Analysis Reveals 73% of Companies Have Critical AWS Cloud Security Misconfigurations

Wide open SSH and infrequent software updates among the top risks identified in the majority of 200+ cloud-based environments

April 18, 2017 09:30 AM Eastern Daylight Time

BOSTON–(BUSINESS WIRE)–Threat Stack, the leader in cloud-native security and compliance management, today announced the findings of an analysis of more than 200 companies using AWS that revealed nearly three-quarters have at least one critical security misconfiguration, such as remote SSH open to the entire Internet. Configuration lapses that enable an attacker to gain access directly to private services or the AWS console, or could be used to mask criminal activity from monitoring technologies are deemed “critical” by Threat Stack.

The analysis found a surprising number of well-documented security misconfigurations. Among the most egregious were AWS Security Groups configured to leave SSH wide open to the internet in 73% of the companies analyzed. This simple configuration error allows an attacker to attempt remote server access from anywhere, rendering traditional network controls like VPN and firewalls moot. In fact, Threat Stack observed SSH traffic from the internet using the root account, which could have severe security repercussions. Additionally, the well-recognized best practice of requiring multi-factor authentication for AWS users was not being followed by 62% of companies analyzed, making brute force attacks that much simpler. Even AWS-native security services, such as CloudTrail, were not being deployed universally (27%) across all regions.

“The most surprising part of these findings is that, for all the money that sophisticated enterprises spend on advanced security, a majority aren’t even taking full advantage of the basic security tools available to them as AWS users,” said Sam Bisbee, CTO, Threat Stack. “Despite years of education from AWS and their technology partners in the industry, not to mention the prevalence of automated security checks, a majority of users are still not configuring their cloud environments securely. Hopefully, this data will serve as a wakeup call.”

While these cloud security best practices are relatively simple to fix, Threat Stack identified a more complex concern. Data collected by Threat Stack going back to September of 2016 showed that fewer than 13% of the companies analyzed were keeping software updates current. In addition, despite the “spin up/down” intrigue of the cloud, the majority of those unpatched systems are kept online indefinitely, some more than three years. When combined with the AWS misconfigurations and weak remote administration, it becomes clear that companies need to focus on fundamental hygiene immediately.

Threat Stack CTO Sam Bisbee will present these findings and more during the AWS San Francisco Summit in a session on AWS security trends, analysis and best practices on Tuesday, April 18, at 12:00 pm PST, in Moscone West, Level 3.

To help identify these types of AWS misconfigurations that can easily be missed, Threat Stack offers a free Threat Stack Audit trial to help score customers’ environments against AWS security best practices and provide steps for improvement.

About Threat Stack
Threat Stack enables growth-driven companies to scale with confidence by identifying and verifying insider threats, external attacks and data loss in real-time. The only fully integrated, cloud-native security platform that gives customers instant visibility and automatically responds to changes in their environment throughout the stages of their cloud security maturity, from auditing their environment, to continuous monitoring and alerting, to investigation and analysis.Threat Stack provides the coverage needed to run secure and compliant, in all environments, without sacrificing speed and efficiency. For more information, or to start a free trial, visit threatstack.com.

Contacts
For Threat Stack
Carissa Ryan
threatstack@scratchmm.com


Editor’s Choice

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

Evolving State AI Regulations: Best Practices for Mitigating Risk

March 14, 2024 | Anurag Lal

While AI technologies can unlock tremendous business value, they also have potential risks.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience