Defending Against AWS Account Takeover Using ESP

Released last week, the fifth-annual Imperva “Web Application Attack Report” found one-fifth of all Web application attacks detected by their WAF product in the 12 months ending in August originated from servers on Amazon Web Services (AWS).

About 20 percent of all known attacks came from AWS IP address space, as did 10% of all SQL injection attacks. According to this data set, SQL injection attacks and RFI attacks are both up 10% and 24% respectively, compared to the same period a year ago.

They went on to say the attackers appear to frequently be caused by attackers who have taken over the company’s AWS account and have tampered with the server through the administrative interface – due in large part to compromised AWS account credentials. This is a solvable problem.

The Evident Security Platform (ESP) shortens the time to detection and time to remediation of potentially exploitable vulnerabilities that fall under the client responsibility half of the AWS shared responsibility model.  The platform enables clients to enforce compliance of security best practices in a way that works well in continuous deployment environments.

ESP provides rapid results and saves time around analysis and remediation of AWS security vulnerabilities in a DevOps world. All with a simple 5-minute online setup process wherein you do not install software, but provision secure, read-only third party access to your AWS accounts.

By continuously performing analysis to identify compliance with over 100 AWS security best practices, clients can achieve continuous cloud security at the speed of DevOps across a wide variety of AWS services, and across all AWS regions globally.

ESP helps clients protect their AWS accounts against potential takeover and abuse, even in bleeding-edge CI environments performing dozens of deployments daily — all with a simple, modern and intuitive UI.

For example, by applying IAM instance profiles into a business application’s AWS architecture, and eliminating static keys on disk, one of the most commonly exploited attack vectors leading to AWS account compromise can be mitigated entirely with an effective compensating control.

Analyzing IAM instance profile usage is only one of the over 100 security best practices that ESP identifies during its vigilant monitoring of client infrastructure. Another example checks for multi-factor authentication on IAM accounts. Enabling MFA for these accounts helps protect against credential theft due to malware on administrative devices.

Amazon recommends that customers apply the best practices described in their security white papers, but few customers have the time or resources to effectively implement and maintain those controls across all of their AWS accounts and regions. ESP makes this painless for customers, helping them effectively utilize the superior security benefits that AWS offers.

Sign up for a free 14 day trial of ESP and send us your feedback.