Tag Archives: London

How to beat cloud misconfiguration: Trend Micro @ Cloud Expo Europe

By Bharat Mistry

Cloud adoption is moving pretty fast. So fast, in fact, that sometimes organisations roll-out infrastructure without being able to fully support their end of the shared responsibility model. The bad news is that the vast majority of incidents still go unnoticed. That’s a compliance timebomb waiting to go off.

Fortunately, we have an answer. At Cloud Expo Europe this month, Trend Micro’s Cloud Security Architect, Ian Heritage, will be taking to the stage to explain all.

Clouds are everywhere
There was a time not so many years ago when the public cloud was only for the early adopters. It’s safe to say we’re well beyond that point now. In fact, Gartner predicts that the public cloud services market will grow 17% in 2020 to top$266 billion, and continue on to reach nearly $355 billion by 2022. 

However, as more firms build out hybrid cloud environments from multiple vendors, complexity rises. And as it does so, in-house teams find it increasing difficult to stay on top of the multiple competing protocols, policies and platforms they must manage. Sometimes they’ll have brought in different security vendors, which can create further complexity and allows coverage gaps to appear. 

Complexity means mistakes
The end result is inevitable: mistakes get made that can leave cloud data stores unprotected. You don’t have to go far to find an example. Whether it’s an online Elasticsearch database a MongoDB instance or an AWS S3 bucket, configuration incidents have impacted defence contractors like Boeing, big-name brands like Honda, and a whole host of companies and service providers in between.

The worrying news for CISOs is that, whereas over the past few years such leaks have usually been found and responsibly disclosed by security researchers, cyber-criminals are now starting to take notice. A growing number of cases have seen hackers probe for unsecured cloud databases, steal the data and hold it to ransom. One report even suggested that Magecart hackers are getting in on the act by trying to seed malicious digital skimming code in misconfigured buckets.

A cloud misconfiguration was also technically to blame for the mega-breach at Capital One which exposed data on 100 million customers and applicants.

Trend Micro at Cloud Expo
The cost to organisations could be massive. One vendor claims that over 33 billion records were exposed in leaks due to cloud misconfigurations in 2018 and 2019.

Fortunately, Trend Micro’s Cloud Conformity offers a solution: a cloud security posture management (CSPM) platform providing continuous monitoring, alerts and remediation of AWS and Azure environments. It will flag when configuration errors have been made and offer simple steps to get you back on track, all from a single pane of glass.

Join our Cloud Security Architect, Ian Heritage, at Cloud Expo Europe this month to hear how you can tackle the challenge of cloud misconfiguration, and in so doing drive DevOps and business growth. 

What: Cloud Misconfiguration Causes Breaches—How to Avoid it: Ian Heritage, Cloud Security Architect, Trend Micro. At Cloud Expo Europe.
Where: ExCel London, Keynote Theatre
When: Thursday, 12 March, 2020. 11.10-11.30 

IoT Exposed: New Trend Micro Research Reveals Major Systemic Weaknesses

by Bharat Mistry

The Internet of Things is a hugely complex ecosystem of devices, messaging protocols, cloud systems, networks and more. With so many moving parts it’s inevitable that there are security gaps for attackers to exploit. The fact that attacks thus far have been relatively isolated should be no cause for complacency. With IoT increasingly embedded into the operations of hospitals, factories, energy plants, offices and more, we should be looking closer at where these gaps lie.

That’s why Trend Micro released a major new piece of research today. It reveals serious design flaws and vulnerabilities in two of the most popular machine-to-machine protocols in use today. Over 219 million messages were exposed globally by these systems in just the four months of the research period. Continue reading

By Design and by Default: Why Firms Must Include Security Teams in IoT Projects

by Bharat Mistry

As organisations build out their Internet of Things (IoT) infrastructure, cyber-risk must be properly managed. Unfortunately, the latest research from Trend Micro has found that security teams are still not being consulted in the majority of global enterprise projects. It’s a major mistake and one which could come back to bite firms if their IoT systems are not secured “by design and default” as required by the GDPR.

If there’s one thing attendees took away from the ever-popular Trend Micro CLOUDSEC conference this week, it’s that online threats are only going to continue escalating. Continue reading

Attackers Go Undercover as CLOUDSEC 2018 Approaches

by Bharat Mistry

One of the biggest factors in Trend Micro’s success over the past three decades has been our commitment to research and development. A global team of over 1,200 TrendLabs threat researchers and a cloud-based Smart Protection Network which analyses 100TB+ of data each day give us a major advantage in offering the best protection possible to our customers and ensuring we’re always anticipating the next evolution of the threat landscape. That’s why we were able to block over 20 billion threats in the first half of 2018. Continue reading