Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources
- Length: 504 pages
- Edition: 1
- Language: English
- Publisher: Apress
- Publication Date: 2022-09-09
- ISBN-10: 1484282353
- ISBN-13: 9781484282359
- Sales Rank: #4263310 (See Top 100 Books)
Cyberattacks continue to increase in volume and sophistication, targeting everything owned, managed, and serviced from the cloud. Today, there is widespread consensus–it is not a matter of if, but rather when an organization will be breached. Threat actors typically target the path of least resistance. With the accelerating adoption of cloud technologies and remote work, the path of least resistance is shifting in substantive ways. In recent years, attackers have realigned their efforts, focusing on remaining undetected, monetization after exploitation, and publicly shaming organizations after a breach.
New, innovative, and useful products continue to emerge and offer some cloud protection, but they also have distinct limitations. No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity. The simple fact is that the cloud is based on a company’s assets being offered as services. As a result, the best security any organization can achieve is to establish controls and procedures in conjunction with services that are licensed in the cloud.
Cloud Attack Vectors details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and shows how to improve detection of malicious activity.
What You’ll Learn
Know the key definitions pertaining to cloud technologies, threats, and cybersecurity solutions
Understand how entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment
Implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments
Develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementation
Who This Book Is For
New security professionals, entry-level cloud security engineers, managers embarking on digital transformation, and auditors looking to understand security and compliance risks associated with the cloud
Table of Contents
About the Authors
About the Technical Reviewer
Acknowledgments
Foreword
Collaboration
Cloud Attack Vectors
DevOps and DevSecOps (SecDevOps)
Perpetual Truths
Visibility Is a Quintessential Control
Doors and Corners
Complexity: The Sworn Enemy of Security
Trade-offs
Chapter 1: Introduction
Chapter 2: Cloud Computing
Software As a Service
Platform As a Service
Infrastructure As a Service
Function As a Service
X As a Service
Database As a Service
Desktop As a Service
Data Center As a Service
Managed Software As a Service
Backend As a Service
Chapter 3: Cloud Service Providers
Amazon Web Services
Microsoft Azure
Google Cloud Platform
Alibaba Cloud
Oracle Cloud
IBM
Other Services
Chapter 4: Cloud Definitions
Availability
Identity
Accounts
Principals
Secrets
Secrets Management
Virtual Private Cloud (VPC)
Entitlements
Privileges
Rights
Roles
Certificates
Resources
Certificate Authorities
Permissions
Containers
Segmentation
Microsegmentation
Instances
Single Tenant
Multitenant
Edge Computing
Breach
Recovery Point Objective and Recovery Time Objective
Others
S3 Bucket
EC2
E5
Kubernetes
Docker
SCIM
Service Fabric
Directory Bridging
DevOps Security (SecDevOps)
Least Privilege
Separation of Privilege
Cloud Washing
Content Delivery Network (CDN)
Elasticity
CloudTrail
Open Source
Service-Level Agreement (SLA)
Virtual Machine
Vertical Cloud
Virtual Desktop Infrastructure
SAML
OpenID
Identity Proofing
OAuth
FIDO
Chapter 5: Asset Management
Chapter 6: Attack Vectors
MITRE ATT&CKTM Framework
Entitlements
Vulnerabilities
Hardening
Web Services
OWASP Top 10
A01:2021 – Broken Access Control
A02:2021 – Cryptographic Failures
A03:2021 – Injection
A04:2021 – Insecure Design
A05:2021 – Security Misconfiguration
A06:2021 – Vulnerable and Outdated Components
A07:2021 – Identification and Authentication Failures
A08:2021 – Software and Data Integrity Failures
A09:2021 – Security Logging and Monitoring Failures
A10:2021 – Server-Side Request Forgery
Configurations
PKI (Public Key Infrastructure)
Credentials
Keys
S3 Buckets
Identities
Entitlements
API
Denial of Service
Authentication
Certificates
BGP/DNS
Ransomware
Crypto Mining
Phishing
Lateral Movement
Remote Access (RDP)
Remote Access (SSH)
Remote Access (Others)
Social Engineering
Supply-Chain Attacks
Other Cloud Attack Vectors
Chapter 7: Mitigation Strategies
Privileged Access Workstations
Access Control Lists
Hardening
Vulnerability Management
Penetration Testing
Patch Management
IPv6 vs. IPv4
Privileged Access Management (PAM)
Vendor Privileged Access Management (VPAM)
Multi-factor Authentication (MFA)
Single Sign On (SSO)
Identity As a Service (IDaaS)
Cloud Infrastructure Entitlement Management (CIEM)
Customer Identity and Access Management (CIAM)
Cloud Security Posture Management (CSPM)
Cloud Workload Protection Platform (CWPP)
Cloud-Native Application Protection Platform (CNAPP)
Cloud Access Security Broker (CASB)
Artificial Intelligence (AI)
Single Tenant vs. Multitenant
Cyber Insurance
Monitoring Technology
Chapter 8: Regulatory Compliance
Security Assessment Questionnaires (SAQ)
System and Organization Controls (SOC)
Cloud Security Alliance (CSA)
Cloud Security Alliance Cloud Controls Matrix (CMM)
Cloud Security Alliance Consensus Assessment Initiative Questionnaire (CAIQ)
Center for Internet Security (CIS) Controls
CIS Controls
CIS Controls Methodology and Contributors
CIS Implementation Groups
Defining Implementation Groups
CIS Controls, Version 7
Basic
Foundational
Organizational
CIS Controls, Version 8
CIS Controls, Version 7 and 8 Compared
PCI DSS
PCI Compliance Levels
PCI Assessment
PCI Security Standards
PCI DSS Summary
ISO
Understanding ISO 27001
Understanding ISO 27002
Comparing ISO 27001 vs. ISO 27002
ISO 27017
ISO 27018
Comparing ISO 27017 and ISO 27018
NIST
NIST 800-53: Security and Privacy Controls for Information Systems and Organizations
NIST 800-61: Computer Security Incident Handling Guide
NIST 800-207: Zero-Trust Architecture
FedRAMP
Chapter 9: Architectures
Zero Trust
Cloud-Native
Hybrid
Ephemeral Implementations
Secrets
Accounts
Instances
Privileges
Chapter 10: Swarm Intelligence
Chapter 11: Chaos Engineering
Chapter 12: Imposter Syndrome
Chapter 13: Selecting a Cloud Service Provider
Chapter 14: Security Recommendations for Your Cloud Environment
Appendix A: Sample Security Assessment Questionnaire (SAQ)
Appendix B: Cloud Service Provider Questionnaire
IndexDonate to keep this site alive
How to download source code?
1. Go to: https://github.com/Apress
2. In the Find a repository… box, search the book title: Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.
