📣️ Analysts Recognize Wiz as the Leading Cloud Security Offering  (Sponsor)

Wiz has been awarded the top current offering in the latest Forrester Wave™ Cloud Workload Security, Q1 2024, which analyzed the top 13 Cloud Workload Security (CWS) providers in the market today.
 
Download your copy of this report to learn: 

• A comprehensive view of the top CWS solutions in the market 
• How the CWS market is rapidly consolidating previously siloed security solutions 
• Which CWS solution best meets your business needs 
  
  

Get the report here

🥗 Appetizer by Chef Christophe from Cybr.com

Hey folks,

I love learning how other individuals and organizations deploy security controls in AWS, so I read through the comments in the “Security groups vs NACLs” reddit post linked to below.

Not so surprisingly, I’m seeing a lot of responses saying “we leave NACLs alone and only use SGs.”

Personally, I’ve been a fan of using NACLs for very broad rules…like if I know that certain traffic should never be allowed to enter a subnet, I’ll add it to my NACLs and to the security groups. But then make the security group rules a lot tighter.

What about you? Do you think this is overkill and ends up just being additional management overhead for not much benefit? Let me know with a reply.

Bon appetit!
Christophe

🍹 Monitor AWS Managed IAM Policies

Managed Policy changed since last week: 6

1. AWSPrivateMarketplaceAdminFullAccess
2. AWSServiceRoleForPrivateMarketplaceAdminPolicy
3. AWSServiceRolePolicyForBackupRestoreTesting
4. AWSXRayDaemonWriteAccess
5. AWSXrayReadOnlyAccess
6. AmazonGuardDutyServiceRolePolicy

Weekly diff

🤖 Powered by MAMIP | 🚩 Sensitive IAM Actions included

🥣 Secret Sauce

Each week, we'll showcase your top AWS insights, focusing on AWS Security tricks and tips. Got a cool command-line hack, a clever console maneuver, or an awesome open-source tool? Send us your best tips for a shot at being featured in our upcoming issues.

Christophe from Cybr.com, a platform to learn AWS Security.

I spent more time than I care to admit last week figuring this out so I wanted to share and save you a few hours in case you ever need it.

Edition #147 shared how CloudShell’s GetFileDownloadUrls was actively being used by threat actors to exfil data from Secrets Manager. I wanted to contribute monitoring & alerting for this event in the ASSK, and I thought it would be as easy as creating an event pattern in EventBridge for cloudshell.amazonaws.com with the eventName: GetFileDownloadUrls. It didn’t work at all.

Turns out the event is a read-only event, which is a newly supported option in EventBridge as of November 2023, and it requires that you enable it with a State:

"ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS”.

This isn’t super clear in the documentation right now, so if you are trying to process an event with EventBridge that’s read-only and your event seems to just be disappearing into the void, that’s probably why.

The end result and the way I ended up implementing it for the ASSK:

📣️ Idle assets on AWS costing you an arm and a leg? (Sponsor)

Welcome to a smarter way to manage your AWS spending with unusd.cloud! We understand that in the fast-paced world of cloud computing, assets can easily be forgotten, left running, and slowly draining your budget. That's where we step in.

Our service dives deep into every corner of your AWS Accounts and Regions, hunting down those costly resources that you might not even remember activating. From EC2 instances left idling to unattached EBS volumes gathering dust, we find them all, delivering a comprehensive report that shines a light on potential savings hiding in plain sight.

But we're more than just a reporting tool. We're your partner in fostering a culture of cost-efficiency and sustainability within your operational teams. By bringing critical cost visibility to the forefront, we empower your teams to make informed decisions, ensuring that every dollar spent on AWS is a dollar well spent.

Get on board and start saving now!