Cloud access credentials for AWS cloud accounts hardcoded and placed within containers make it all too easy for hackers to gain entry. We’ve all seen it in the news - businesses are falling victim to their AWS cloud assets being used to mine crypto currency. The benefit of cloud is agility, however, sometimes at the expense of human error.
Cloud data security is a real issue – in a recent survey* of 450 global IT professionals, it was found that 90 percent of information security professionals classify more than half of their cloud data as sensitive. Furthermore, 97 percent have defined cloud-approval policies but 82 percent noted they are concerned about employees following these policies.
Every CIO managing cloud assets and infrastructure has the same concern - How do I protect cloud compute resources and sensitive data in the cloud? Well, deception technology is a good place to start – and as of today, Fidelis Deception™ (formerly TopSpin) is available for AWS cloud environments.
Fidelis Deception, part of the Fidelis Elevate™ platform, can protect AWS cloud assets by deploying and managing deception defenses in cloud environments. By creating and deploying active decoys that mimic an organization’s critical cloud assets and luring attackers to them through breadcrumbs and fake access credentials placed on real assets, organizations can ensure a strong post-breach defense - both on-premises and in the cloud.
“As we have seen with exposed confidential information of cloud data and mining crypto currency with compromised cloud compute resources – attackers are targeting these assets,” said Tim Roddy, VP of Cybersecurity Product Strategy for Fidelis. “Our latest release gives customers the ability to protect their cloud assets through a deception defense with automated discovery, decoy creation, deployment and adaptation as an organization’s assets or network changes.”
What’s new with latest Deception Release (version 2.6)?
- Fidelis has expanded the deception deployment coverage to the cloud. Customers can now deploy our deception decoys in the AWS cloud. Like regular Decoy machines, each machine in AWS can configure decoys on several IPS and NICs.
- Manager machine in AWS cloud – the Fidelis Decoy Manager machine can also be deployed in the AWS cloud. Each manager machine can manage several decoy machines and traffic analysis machines.
Fidelis provides a unique, patented contextual perspective with visibility across your networks, endpoints and cloud in one platform. This enables you to detect threats and data leakage attempts faster and more effectively with automated investigation and response. Combining contextual perspective with machine learning, sandboxing, threat intelligence and active deception defenses ensures more effective threat detection across your entire enterprise. Fidelis automates threat response using incident response workflows and playbooks, integrated Fidelis products, and the ability to terminate an attack in progress.
* KPMG, O. a. (2018). Oracle and KPMG Cloud Threat Report 2018.