- 28 September 2021 23:17
ImmuniWeb Launches a Free Cloud Security Test
The ImmuniWeb® Community Edition is a set of free online tools to verify your application security, privacy, and compliance, detect phishing, domain squatting, and Dark Web exposure, running over 100,000 daily tests. The new free cloud security test enables cybersecurity and IT professionals to identify unprotected cloud storage of their organizations in a simple and swift manner to prevent data leaks and security incidents.
The Verizon Data Breach Investigations Report (DBIR) 2021 says that the number of cloud security breaches has surpassed the number of data breaches involving on-premise assets for the first time in Internet history.
In the meanwhile, organizations of all sizes rapidly migrate to a cloud environment. Gartner’s most recent cloud forecast says that public cloud services will grow 25.9% in 2021. Gartner also predicts that in 2025, over 99% of cloud breaches will be attributable to preventable misconfigurations or other mistakes made by cloud users, such as excessive permissions, weak API authentication, or publicly exposed cloud instances, storage, or other resources with sensitive data.
Forrester likewise predicts growing challenges for compliance in a cloud environment, citing a critical vulnerability in Microsoft Azure’s Cosmos DB disclosed in August 2021 that is, however, not attributable to users’ negligence or misconfiguration.
Under a narrow set of circumstances, cloud storage, for example, AWS S3 buckets, may require to be publicly accessible to provide external users with public data such as images or videos. In reality, a misconfigured and unprotected cloud storage is one of the most widespread causes of disastrous data leaks and breaches in a cloud environment.
The situation is exacerbated by the swift proliferation of small cloud providers that offer their own cloud storage services that have insecure settings by default. Given that countless organizations migrate into a cloud without investing in adequate security training of their technical teams, they are sitting on a powder keg ready to explode.
Modern cloud storage services share similar weaknesses stemming from incorrect usage of access policies, excessive IAM permissions, or even completely missing authorization mechanisms. Shadow cloud accounts or unknown cloud assets make the situation even more complex in a multi-cloud environment. Eventually, petabytes of confidential data are regularly found by security researchers and Black Hats in the wild, keeping CISOs and DPOs awake at night. Unsurprisingly, the IDC cloud security survey of 2021 reveals that 98% of companies experienced a cloud data breach within the past 18 months.
The new online test by ImmuniWeb aims to provide cybersecurity and DevOps teams with a simple way to detect unprotected cloud storage operated by their organizations. To launch a test, just enter a URL of the main website of your company:
The new test may take up to 15 minutes and goes through externally accessible cloud storage of the following public cloud services providers:
Amazon AWS Microsoft Azure Google Cloud Platform IBM Cloud Alibaba Cloud Oracle Cloud Linode Vultr Dreamobjects Digital Ocean Rackspace Cloud Wasabi Backblaze Mail.ru Cloud Yandex.Cloud Tencent Storj Selectel SberCloud
The free test shows your public cloud storage that belongs or is attributable to your company. For the purpose of GDPR or LGPD compliance requirements, the test shows a country where your data is physically stored. It also sheds light on cloud storage misconfigurations, such as missing SSL/TLS encryption.
Ilia Kolochenko, Chief Architect & CEO at ImmuniWeb says: “The leading cloud providers, such as AWS, have a full spectrum of powerful tools and services that can instantly detect and automatically remediate misconfigurations in their cloud environments. Unfortunately, many organizations of all sizes struggle to properly implement Cloud Security Posture Management (CSPM) due to complexity or lack of technical skills.
Most of the existing commercial solutions and open-source tools also require a cloud IAM account to enumerate and then assess the security of your cloud assets. Our flagship ImmuniWeb® Discovery does not require your cloud credentials and leverages our proprietary OSINT and Big Data technologies to rapidly enumerate your on-premises and cloud attack surface in the most comprehensive and detailed manner.
Today, in order to provide SMEs, universities, and municipal governments with a simple way to detect their unprotected cloud storage and prevent data breaches, we are excited to enhance our free Community Edition with the new cloud security test. We will soon implement such features as free continuous monitoring and API to further simplify its usage and integration into existing CSPM and incident response processes. More exciting announcements are coming soon, please stay tuned.”
In order to get a comprehensive snapshot of your multi-cloud attack surface enhanced with a history of previous security incidents discoverable on the Dark Web, you may try ImmuniWeb® Discovery that detects the full spectrum of publicly accessible cloud instances, APIs, and services in over 50 public cloud environments.