• Complain

Morey J. Haber - Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources

Here you can read online Morey J. Haber - Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2022, publisher: Apress, genre: Politics. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Morey J. Haber Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources

Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Cyberattacks continue to increase in volume and sophistication, targeting everything owned, managed, and serviced from the cloud. Today, there is widespread consensusit is not a matter of if, but rather when an organization will be breached. Threat actors typically target the path of least resistance. With the accelerating adoption of cloud technologies and remote work, the path of least resistance is shifting in substantive ways. In recent years, attackers have realigned their efforts, focusing on remaining undetected, monetization after exploitation, and publicly shaming organizations after a breach.

New, innovative, and useful products continue to emerge and offer some cloud protection, but they also have distinct limitations. No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity. The simple fact is that the cloud is based on a companys assets being offered as services. As a result, the best security any organization can achieve is to establish controls and procedures in conjunction with services that are licensed in the cloud.

Cloud Attack Vectors details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and shows how to improve detection of malicious activity.

What Youll Learn

  • Know the key definitions pertaining to cloud technologies, threats, and cybersecurity solutions
  • Understand how entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment
  • Implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments
  • Develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementation

Who This Book Is For

New security professionals, entry-level cloud security engineers, managers embarking on digital transformation, and auditors looking to understand security and compliance risks associated with the cloud

Morey J. Haber: author's other books


Who wrote Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources? Find out the surname, the name of the author of the book and a list of all author's works by series.

Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Contents
Landmarks
Book cover of Cloud Attack Vectors Morey J Haber Brian Chappell and - photo 1
Book cover of Cloud Attack Vectors
Morey J. Haber , Brian Chappell and Christopher Hills
Cloud Attack Vectors
Building Effective Cyber-Defense Strategies to Protect Cloud Resources
The Apress logo Morey J Haber Lake Mary FL USA Brian Chappell - photo 2

The Apress logo.

Morey J. Haber
Lake Mary, FL, USA
Brian Chappell
Basingstoke, Hampshire, UK
Christopher Hills
Gilbert, AZ, USA
ISBN 978-1-4842-8235-9 e-ISBN 978-1-4842-8236-6
https://doi.org/10.1007/978-1-4842-8236-6
Morey J. Haber, Brian Chappell, Christopher Hills 2022
This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.
The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This Apress imprint is published by the registered company APress Media, LLC, part of Springer Nature.

The registered company address is: 1 New York Plaza, New York, NY 10004, U.S.A.

This book is unsecure. It contains unencrypted data at rest and in transmission.

Morey

---

To Ruth, my parents, my friends, and colleagues for all the support and love over the years.

Brian

---

You merely adopted the dark; I was born in it. To my wife Heidi, for all the years it took to pull me to the dark side. Thank you.

Chris

Foreword

(By Darran Rolls)

Collaboration

Ive had the great pleasure of collaborating with Morey Haber for more years than we both probably care to mention. Over those years, our professional paths have crossed and intersected on several fronts. As CTOs at our respective identity management companies, we partnered and collaborated on client engagements, market events, and industry initiatives. Coming from separate legs of the now changing three-legged stool of IAM, we have always shared a brotherhood of IAM orientation and a distinct passion for the delicate intricacies that surround the topics of privilege, access, and security controls. During my time at SailPoint, we counted BeyondTrust as a trusted partner, and I considered Morey a good friend.

Morey and I also shared the unique alignment of transitioning into formal CSO/CISO roles within those same companies. For us both, taking on responsibility for product and corporate security was a logical career progression and something of great value to our companies. We have since shared many stories on the significant challenges and unique opportunities that come from being responsible for security inside a security company.

Every CSO has a tough job, but being inside the security chain itself is a whole different story. As more recent security supply-chain vulnerabilities have shown, being a link in that chain drives a certain focus and concern for yourself and hundreds of others. Under Attack may not have been the rock band Abbas best-known single, but the title pretty much sums up the experience of being a CSO in todays increasingly complex and interdependent security supply chain.

Morey asked me to write the Foreword for this book because of another prior successful and rewarding joint collaboration. As I hope the reader will already know, in 2019, we co-authored the third book in this series, Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution. That book was both interesting to write and intellectually rewarding to work on with Morey. Our conversations during that books writing were always a source of inspiration and motivation.

Ive always found that when technical specialists from opposite corners of the same InfoSec camp come together in the center to warm their hands around the embers of a good IAM campfire, interesting things happen. Our unique perspectives, kept on track through the common thread of privileged access and entitlements, lead to what has been referred to as one of the industrys leading texts on using IAM technologies to enhance the prevention, detection, and mitigation of cyberattacks.

Cloud Attack Vectors

In name or in concept, the cloud may seem like a distant, faraway place, both above and apart. But today, even though most significant cloud providers run separate hordes of servers in isolated server farms, in every sense, the cloud has become endlessly entwined with itself (from one cloud to another) and with the existing on-premise information technology (IT) operations. The cloud and traditional on-premise compute are common bedfellows, as comfortable as Grandpa Joe and Grandma Georgina in Charlie and the Chocolate Factory by Roald Dahl. They are now so interrelated that they can only really be thought of as a single, end-to-end system.

The average enterprise data center is a complex mix of on-premise legacy systems, virtualized servers, and containerized complex web applications all connected to and integrated with shared cloud infrastructure and cloud delivered Software as a Service (SaaS) applications (more on this later). As every IT practitioner knows only too well, todays innovation is tomorrows legacy so that mix of new and old goes on. Just like the books in this series, one builds upon the next until they make a stack. Our legacy systems support a hybrid cloud stack that employs a complex combination of on-premise and public cloud service elements.

All new and old systems contain data, privilege, and access that must be secured and managed throughout their life cycle. Quite literally, the web of complexity now spans cloud and enterprise. Ubiquitously adopted new-school CI/CD pipelines, DevOps, microservices, and an API-first economy have introduced an exponential level of complexity. This new, complex reality is littered with identities, user accounts, passwords, proxy access, keys, secrets, privileges, and fine-grained authentication and authorization access policies.

New cloud infrastructure entitlement models are shockingly complicated to understand and manage. They inevitably have data, access, and privileges bouncing back and forth across what can accurately be described as the IT blood-brain barrier. This security configuration and resulting IAM stuff, spanning cloud and on-premise, must all be accounted for, tracked, and managed, if we have any hope of retaining control.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources»

Look at similar books to Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources»

Discussion, reviews of the book Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.