Splunk Cloud Certified

How to Discover Your S3 Bucket Exposures

ryan thomas / 09.13.18

For many, enterprises Amazon S3 buckets have been revolutionary, especially for those storing and distributing massive amounts of videos and photos. S3, or Simple Storage Service, is public cloud storage within Amazon Web Services (AWS).

In a nutshell, they provide a simple web service interface enabling you to store and retrieve any amount of data, at any time, from anywhere on the web. Better still, they are highly scalable and flexible. A favorite of IT teams and developers for a number of reasons. Using this service can translate into cost savings and enable resource and performance optimization, as putting objects in S3 buckets can take a load off your enterprise website. So, what’s the downside?

To date, the abundance of attacks on S3 buckets has been a challenge for many users. Though, by default, all S3 buckets are private and can only be accessed by users to whom you have explicitly given access.

With adoption of S3 so high, even small organizations may have thousands of S3 buckets – and in many cases, some of the buckets created for internal use are are unnecessarily and unknowingly exposed to the entire internet. This may cause data breaches so costly that they can ruin a company.

Contrary to popular belief, attacks on S3 buckets have been mostly due to misconfigurations and not to sophisticated hacking techniques. In many cases, S3 data breaches are as simple as scanning for and discovering exposed buckets, then connecting and downloading the data.

Unfortunately, in addition to being exposed to the Internet, the data in many S3 buckets is improperly stored unencrypted, leaving the data open to a simple download. In any case, securing your S3 buckets is critical to protecting your public cloud from attacks, which is a top priority for pretty much every AWS customer.

In fact, 62% of cybersecurity professionals see Infrastructure as a Service (IaaS) misconfigurations as the biggest threat to their public clouds environments.

The good news: You can avert these types of attacks by applying best practices for securing your cloud service and by using a security solution that offers the best security visibility coverage for AWS.

5 Steps for Identifying and Eliminating S3 Bucket Exposures

Not all S3 buckets can serve their purpose without being exposed to at least some internet IP addresses. Because in order to make the most out of your S3 Buckets, you may need to make them accessible to your business partners and other entities outside of your company.

Which means that in order to detect the real violations, analysts need to be able to:

  1. Continuously inventory potentially 1000s of S3 buckets in use across many AWS accounts
  2. Automatically identify buckets exposed to the internet
  3. Tune out buckets that have specific exceptions due to business partnerships
  4. Provide instructions for S3 buckets owners to remediate unnecessarily exposed buckets.
  5. Confirm when bucket exposures are remediated.

Halo Driving Customer Success Stories

Since the launch of Halo Cloud Secure, we’ve heard from several of you who have already put this workflow into successful use.

As we’ve learned from the numerous data breaches of the past year, it only takes the compromise of one S3 bucket with sensitive information to cause an absolute firestorm. So it’s not surprising that in several cases many of you have specifically asked for a solution that would enable you to detect and remediate S3 buckets that were open to the Internet.

We’re happy to report that some of your security teams are already eliminating high potential for attacks by using Halo Cloud Secure to automatically detect public S3 buckets, and to tune for buckets with special exceptions.

Your success stories are great examples of how improving your public cloud security is freeing you up to focus on true mission-critical tasks and risks. Affirming that helping you find these security landmines, before they blow up, is really at the core of what you need from a cloud security solution.

Because this is such a common and important use case for anyone using AWS today, or planning to do so in the future, I wanted to pass this along to all of you.

Still wondering how Halo Cloud Secure can help your company?

See the benefits other companies, from financial services to insurance providers and software developers, are already experiencing by putting this workflow to work for you.

Sign up for a free trial today.