In this discussion, Margaret Kelley, a Senior Consultant at Palo Alto Networks’ Unit 42, dives deep into the world of cloud security. She highlights the critical dangers posed by cloud misconfigurations that often lead to breaches. Real-world examples illustrate how attackers exploit these vulnerabilities. Margaret also clarifies the shared responsibility model between organizations and cloud providers. Listeners gain practical strategies to tighten cloud defenses, manage permissions effectively, and stay ahead of emerging threats.
37:54
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
Evolving Cloud Attacks
Early cloud breaches often involved basic misconfigurations like publicly accessible storage.
Modern cloud attacks now exploit cloud-native features, showcasing increased attacker sophistication.
volunteer_activism ADVICE
Basic Cloud Hygiene
Implement firewalls and network segmentation in cloud environments, similar to on-premise setups.
Avoid publicly accessible databases, a surprisingly common and risky misconfiguration.
question_answer ANECDOTE
Compromised VM and Stolen Credentials
A developer left a publicly accessible virtual machine with a known vulnerability, leading to a breach.
The attacker used stolen cloud credentials to create infrastructure for anonymized attacks on other organizations.
Get the Snipd Podcast app to discover more snips from this episode
In this episode of Threat Vector, host David Moulton speaks with Margaret Kelley, a seasoned Digital Forensics and Incident Response Senior Consultant at Palo Alto Networks’ Unit 42. With a deep expertise in cloud security, Margaret shares insights into the evolving landscape of cloud breaches and how organizations can defend against sophisticated attacks. From misconfigurations to control plane vulnerabilities, the discussion covers the most critical aspects of securing cloud environments. Margaret's real-world examples provide listeners with valuable lessons on how attackers exploit cloud vulnerabilities and what defenders can do to stay ahead. Tune in to learn practical strategies for fortifying your cloud defenses and keeping your organization secure.
Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.
The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.
Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.
Palo Alto Networks
Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com
Threat Vector by Palo Alto Networks