Identify Unsanctioned Cloud Usage in Attack Surface Management
Many organizations have a list of sanctioned cloud service providers (CSPs) that development, operations, or marketing teams use to run their business systems.
Infrastructure in unsanctioned clouds introduce risk into an organization’s external attack surface because they are often unknown to IT and security teams and are not managed.
In Censys Attack Surface Management, you can identify unsanctioned cloud usage:
-
Cloud connectors: Use cloud connectors to distinguish between managed and unmanaged cloud assets.
-
A manually curated list: Assemble a list of sanctioned cloud names in use across an organization to distinguish between managed and unmanaged assets.
This article walks through how to identify hosts in unsanctioned clouds using the methods above.
First, set up a cloud connector to import external asset identifiers from each sanctioned cloud your organization uses into the Attack Surface Management platform.
Next, filter the cloud assets on the hosts and domains lists to assets not present in one of the cloud accounts you connected to the platform.
-
On the Dashboard page, click the Cloud card.
-
Scroll to the Known and Unknown Hosts area.
-
Click the portion of the pie chart with your unknown hosts to open a filtered view of the Host List page.
-
Review each of the hosts in the list:
-
Determine what it is.
-
Find out who is responsible for it.
-
Make a plan. Should it:
-
Migrate to a known account?
-
Be removed?
-
Stay where it is with a new IT/security policy?
-
-
Comments
0 comments
Please sign in to leave a comment.