{"id":35953,"date":"2020-07-08T13:12:45","date_gmt":"2020-07-08T13:12:45","guid":{"rendered":"https:\/\/blog.trendmicro.com\/?p=543977"},"modified":"2020-07-08T13:12:45","modified_gmt":"2020-07-08T13:12:45","slug":"cloud-security-is-simple-absolutely-simple","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/","title":{"rendered":"Cloud Security Is Simple, Absolutely Simple."},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"169\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple-300x169.jpg\" class=\"attachment-medium size-medium wp-post-image\" alt srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple-300x169.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple-1024x576.jpg 1024w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple-768x432.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple-1536x864.jpg 1536w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple-640x360.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple-900x506.jpg 900w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple-440x248.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple-380x214.jpg 380w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/05\/marknca-cloud-security-is-simple.jpg 1920w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"> <\/p>\n<p>\u201cCloud security is simple, absolutely simple. Stop over complicating it.\u201d<\/p>\n<p>This is how I kicked off a presentation I gave at the CyberRisk Alliance, <a href=\"https:\/\/onlinexperiences.com\/scripts\/Server.nxp?LASCmd=L:0&amp;AI=1&amp;ShowKey=84790&amp;LoginType=0&amp;InitialDisplay=1&amp;ClientBrowser=0&amp;DisplayItem=NULL&amp;LangLocaleID=0&amp;SSO=1&amp;RFR=https:\/\/onlinexperiences.com\/Launch\/Event.htm?ShowKey=84790&amp;RandomValue=1588853372941\">Cloud Security Summit<\/a> on Apr 17 of this year. And I truly believe that cloud security is simple, but that does not mean easy. You need the right strategy.<\/p>\n<p>As I am often asked about strategies for the cloud, and the complexities that come with it, I decided to share my recent talk with you all. Depending on your preference, you can either watch the video below or read the transcript of my talk that\u2019s posted just below the video. I hope you find it useful and will enjoy it. And, as always, I\u2019d love to hear from you, find me @marknca.<\/p>\n<p><iframe loading=\"lazy\" title=\"Cloud Security Is Simple. Here's the Strategy You Need\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/Dh8PvMd__RU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen>[embedded content]<\/iframe><\/p>\n<p><em>For those of you who prefer to read rather than watch a video, here\u2019s the transcript of my talk:<\/em><\/p>\n<p>Cloud security is simple, absolutely simple.&nbsp;Stop over complicating it.<\/p>\n<p>Now, I know you\u2019re probably thinking, \u201cWait a minute, what is this guy talking about? He is just off his rocker.\u201d<\/p>\n<p>Remember, simple doesn\u2019t mean easy.&nbsp;I think we make things way more complicated than they need to be when it comes to securing the cloud, and this makes our lives a lot harder than they need to be.&nbsp;There\u2019s some massive advantages when it comes to security in the cloud. Primarily, I think we can simplify our security approach because of three major reasons.<\/p>\n<p>The first is integrated identity and access management. All three major cloud providers, AWS, Google and Microsoft offer fantastic identity, and access management systems. These are things that security, and [inaudible 00:00:48] professionals have been clamouring for, for decades.<\/p>\n<p>We finally have this ability, we need to take advantage of it.<\/p>\n<p>The second main area is the shared responsibility model. We\u2019ll cover that more in a minute, but it\u2019s an absolutely wonderful tool to understand your mental model, to realize where you need to focus your security efforts, and the third area that simplifies security for us is the universal application of APIs or application programming interfaces.<\/p>\n<p>These give us as security professionals the ability to orchestrate. and automate a huge amount of the grunt work away. These three things add up to, uh, the ability for us to execute a very sophisticated, uh, or very difficult to pull off, uh, security practice, but one that ultimately is actually pretty simple in its approach.<\/p>\n<p>It\u2019s just all the details are hard and we\u2019re going to use these three advantages to make those details simpler. So, let\u2019s take a step back for a second and look at what our goal is.<\/p>\n<p>What is the goal of cybersecurity? That\u2019s not something you hear quite often as a question.<\/p>\n<p>A lot of the time you\u2019ll hear the definition of cybersecurity is, uh, about, uh, securing the confidentiality, integrity, and availability of information or data. The CIA triad, different CIA, but I like to phrase this in a different way. I think the goal is much clearer, and the goal\u2019s much simpler.<\/p>\n<p>It is to make sure that whatever you\u2019re building works as intended and only as intended. Now, you\u2019ll realize you can\u2019t accomplish this goal just as a security team. You need to work with your, uh, developers, you need to work with operations, you need to work with the business units, with the end users of your application as well.<\/p>\n<p>This is a wonderful way of phrasing our goal, and realizing that we\u2019re all in this together to make sure whatever you\u2019re building works as intended, and only as intended.<\/p>\n<p>Now, if we move forward, and we look at who are we up against, who\u2019s preventing our stuff from working, uh, well?<\/p>\n<p>You look at normally, you think of, uh, who\u2019s attacking our systems? Who are the risks? Is it nation states? Is it maybe insider threats? While these are valid threats, they\u2019re really overblown. You\u2019re\u2026 don\u2019t have to worry about nation state attacks.<\/p>\n<p>If you\u2019re a nation state, worry about it. If you\u2019re not a nation state, you don\u2019t have to worry about it because frankly, there\u2019s nothing you can do to stop them. You can slow them down a little bit, but by definition, they\u2019re going to get through your resources.<\/p>\n<p>As far as insider attacks, this is an HR problem. Treat your people well. Um, check in with them, and have a strong information management policy in place, and you\u2019re going to reduce this threat naturally. If you go hunting for people, you\u2019re going to create the very threats that you\u2019re looking at.<\/p>\n<p>So, it brings us to the next set. What about cyber criminals? You know, we do have to worry about cyber criminals.<\/p>\n<p>Cyber criminals are targeting systems simply because these systems are online, these are profit motivated criminals who are organized, and have a good set of tools, so we absolutely need to worry about them, but there\u2019s a more insidious or more commonplace, maybe a simpler threat that we need to worry about, and that\u2019s one of mistakes.<\/p>\n<p>The vast majority of issues that happen around data breaches around security vulnerabilities in the cloud are mistake driven. In fact, to the point where I would not even worry about cyber criminals simply because all the work we\u2019re going to do to focus on, uh, preventing mistakes.<\/p>\n<p>And catching, and rectifying the stakes really, really quickly is going to uh, you a cover all the stuff that we would have done to block out cyber criminals as well, so mistakes are very common because people are using a lot more services in the cloud.<\/p>\n<p>You have a lot more, um, parts and moving, uh, complexity in your deployment, um, and you\u2019re going to make a mistake, which is why you need to put automated systems in place to make sure that those mistakes don\u2019t happen, or if they do happen that they\u2019re caught very, very quickly.<\/p>\n<p>This applies to standard DevOps, the philosophies for building. It also applies to security very, very wonderfully, so this is the main thing we\u2019re going to focus on.<\/p>\n<p>So, if we look at that sum up together, we have our goal of making sure whatever we\u2019re building works as intended, and only as intended, and our major issue here, the biggest risk to this is simple mistakes and misconfigurations.<\/p>\n<p>Okay, so we\u2019re not starting from ground zero here. We can learn from others, and the first place we\u2019re going to learn is the shared responsibility model. The shared responsibility applies to all cloud service providers.<\/p>\n<p>If you look on the left hand side of the slide here, you\u2019ll see the traditional on premise model. We roughly have six areas where something has to be done roughly daily, whether it\u2019s patching, maintenance, uh, just operational visibility, monitoring, that kind of thing, and in a traditional on premise environment, you\u2019re responsible for all of it, whether it\u2019s your team, or a team underneath your organization.<\/p>\n<p>Somewhere within your tree, people are on the hook for doing stuff daily. Here when we move into an infrastructure, so getting a virtual machine from a cloud provider right off the bat, half of the responsibilities are pushed away.<\/p>\n<p>That\u2019s a huge, huge win.<\/p>\n<p>And, as we move further and further to the right to more managed service, or staff level services, we have less and less daily responsibilities.<\/p>\n<p>Now, of course, you always still have to verify that the cloud service provider\u2019s doing what they, uh, say they\u2019re doing, which is why certifications and compliance frameworks come into play, uh, but the bottom line is you\u2019re doing less work, so you can focus on fewer areas.<\/p>\n<p>Um, that is, or I should say not less work, but you\u2019re doing, uh, less broad of a work.<\/p>\n<p>So you can have that deeper focus, and of course, you always have to worry about service configuration. You are given knobs and dials to turn to lock things down. You should use them like things like encrypting, uh, all your data at rest.<\/p>\n<p>Most of the time it\u2019s an easy check box, but it\u2019s up to you to check it \u2018cause it\u2019s your responsibility.<\/p>\n<p>We also have the idea of an adoption framework, and this applies for Azure, for AWS and for Google, uh, and what they do is they help you map out your business processes.<\/p>\n<p>This is important to security, because it gives you the understanding of where your data is, what\u2019s important to the business, where does it lie, who needs to touch it, and access it and process it.<\/p>\n<p>That also gives us the idea, uh, or the ability to identify the stakeholders, so that we know, uh, you know, who\u2019s concerned about this data, who is, has an investment in this data, and finally it helps to, to deliver an action plan.<\/p>\n<p>The output of all of these frameworks is to deliver an action plan to help you migrate into the cloud and help you to continuously evolve. Well, it\u2019s also a phenomenal map for your security efforts.<\/p>\n<p>You want to prioritize security, this is how you do it. You get it through the adoption framework, understanding what\u2019s important to the business, and that lets you identify critical systems and areas for your security.<\/p>\n<p>Again, we want to keep things simple, right? And, the third, uh, the o- other things we want to look at is the CIS foundations. They have them for AWS, Azure and GCP, um, and these provide a prescriptive guidance.<\/p>\n<p>They\u2019re really, um, a strong baseline, and a checklist of tasks that you can accomplish, um, or take on, on your, uh, take on, on your own, excuse me, uh, in order to, um, you know, basically cover off the really basics is encryption at rest on, um, you know, do I make sure that I don\u2019t have, uh, things needlessly exposed to the internet, that type of thing.<\/p>\n<p>Really fantastic reference point and a starting point for your security practice.<\/p>\n<p>Again, with this idea of keeping things as simple as possible, so when it comes to looking at our security policy, we\u2019ve used the frameworks, um, and the baseline to kind of set up a strong, uh, start to understand, uh, where the business is concerned, and to prioritize.<\/p>\n<p>And, the first question we need to ask ourselves as security practitioners, what happened? If we, if something happens, and we ask what happened?<\/p>\n<p>Do we have the ability to answer this question? So, that starts us off with logging and auditing. This needs to be in place before something happened. Let me just say that again, before something happened, you need [laughs] to be able to have this information in place.<\/p>\n<p>Now, uh, this is really, uh, to ask these key questions of what happened in my account, and who, or what made that thing happen?<\/p>\n<p>So, this starts in the cloud with some basic services. Uh, for AWS it\u2019s cloud trail, for Azure, it\u2019s monitor, and for Google Cloud it used to be called Stackdriver, it is now the Google Cloud operations suite, so these need to be enabled on at full volume.<\/p>\n<p>Don\u2019t worry, you can use some lifecycle rules on the data source to keep your costs low.<\/p>\n<p>But, this gives you that layer, that basic auditing and logging layer, so that you can answer that question of what happened?<\/p>\n<p>So, the next question you want to ask yourself or have the ability to answer is who\u2019s there, right? Who\u2019s doing what in my account? And, that comes down to identity.<\/p>\n<p>We\u2019ve already mentioned this is one of the key pillars of keeping security simple, and getting that highly effective security in your cloud.<\/p>\n<p>[00:09:00] So here you\u2019re answering the questions of who are you, and what are you allowed to do? This is where we get a very simple privilege, uh, or principle in security, which is the principle of least privilege.<\/p>\n<p>You want to give an identity, so whether that\u2019s a user, or a role, or a service, uh, only the privileges they, uh, require that are essential to perform the task that, uh, they are intended to do.<\/p>\n<p>Okay?<\/p>\n<p>So, basically if I need to write a file into a storage, um, folder or a bucket, I should only have the ability to write that file. I don\u2019t need to read it, I don\u2019t need to delete it, I just need to write to it, so only give me that ability.<\/p>\n<p>Remember, that comes back to the other pillar of simple security here of, of key cloud security, is integrated identity.<\/p>\n<p>This is where it really takes off, is that we start to assign very granular access permissions, and don\u2019t worry, we\u2019re going to use the APIs to automate all this stuff, so that it\u2019s not a management headache, but the principle of these privilege is absolutely critical here.<\/p>\n<p>The services you\u2019re going to be using, amazingly, all three cloud providers got in line, and named them the same thing. It\u2019s IAM, identity access management, whether that\u2019s AWS, Azure or Google Cloud.<\/p>\n<p>Now, the next question we\u2019re going to a- ask ourselves are the areas where we\u2019re going to be looking at is really where should I be focusing security controls? Where should I be putting stuff in place?<\/p>\n<p>Because up until now we\u2019ve really talked about leveraging what\u2019s available from the cloud service providers, and you absolutely should available, uh, maximize your usage of their, um, native and primitive, uh, structures primitive as far as base concepts, not as, um, refined.<\/p>\n<p>They\u2019re very advanced controls and, but there are times where you\u2019re going to need to put in your own controls, and these are the areas you\u2019re going to focus on, so you\u2019re going to start with networking, right?<\/p>\n<p>So, in your networking, you\u2019re going to maximize the native structures that are available in the cloud that you\u2019re in, so whether that\u2019s a project structure in Google Cloud, whether that\u2019s a service like transit gateway in AWS, um, and all of them have this idea of a VPC or virtual private cloud or virtual network that is a very strong boundary for you to use.<\/p>\n<p>Remember, most of the time you\u2019re not charged for the creation of those. You have limits in your accounts, but accounts are free, and you can keep adding more, uh, virtual networks. You may be saying, wait a minute, I\u2019m trying to simplify things.<\/p>\n<p>Actually, having multiple virtual networks or virtual private clouds ends up being far simpler because each of them has a task. You go, this application runs in this virtual private cloud, not a big shared one in this specific VPC, and that gives you this wonderfully strong security boundaries, and a very simple way of looking at one VPC, one action, very much the Unix philosophy in play.<\/p>\n<p>Key here though is understanding that while all of the security controls in place for your service provider, um, give you, so, you know, whether it\u2019s VPCs, routing tables, um, uh, access control lists, security groups, all the SDN features that they\u2019ve got in place.<\/p>\n<p>These really help you figure out whether service A or system A is allowed to talk to B, but they don\u2019t tell you what they\u2019re saying.<\/p>\n<p>And, that\u2019s where additional controls called an IPS, or intrusion prevention system come into play, and you may want to look at getting a third party control in to do that, because none of the th- big three cloud providers offer an IPS at this point.<\/p>\n<p>[00:12:00] But that gives you the ability to not just say, \u201cHey, you\u2019re allowed to talk to each other.\u201d But, to monitor that conversation, to ensure that there\u2019s not malicious code being passed back and forth between systems that nobody\u2019s trying a denial of service attack.<\/p>\n<p>A whole bunch of extra things on there have, so that\u2019s where IPS comes into play in your network defense. Now, we look at compute, right?<\/p>\n<p>We can have compute in various forms, whether that\u2019s in serverless functions, whether that\u2019s in containers, manage containers, whether that\u2019s in traditional virtual machines, but all the principles are the same.<\/p>\n<p>You want to understand where the shared responsibility line is, how much is on your plate, how much is on the CSPs?<\/p>\n<p>You want to understand that you need to harden the EOS, or the service, or both in some cases, make sure that, that\u2019s locked down, so have administrator passwords. Very, very complicated.<\/p>\n<p>Don\u2019t log into these systems, uh, you know, because you want to be fixing things upstream. You want to be fixing things in the build pipeline, not logging into these systems directly, and that\u2019s a huge thing for, uh, systems people to get over, but it\u2019s absolutely essential for security, and you know what?<\/p>\n<p>It\u2019s going to take a while, but there\u2019s some tricks there you can follow with me. You can see, uh, on the slides, uh, at Mark, that is my social everywhere, uh, happy to walk you through the next steps.<\/p>\n<p>This idea of this presentation\u2019s really just the simple basics to start with, to give you that overview of where to focus your time, and, dispel that myth that cloud security is complicating things.<\/p>\n<p>It is a huge path is simplicity, which is a massive lens, or for security.<\/p>\n<p>So, the last area you want to focus here is in data and storage. Whether this is databases, whether this is big blob storage, or, uh, buckets in AWS, it doesn\u2019t really matter the principles, again, all the same.<\/p>\n<p>You want to encrypt your data at rest using the native cloud provided, uh, cloud service provider, uh, features functionality, because most of the time it\u2019s just give it a key address, and give it a checkbox, and you\u2019re good to go.<\/p>\n<p>It\u2019s never been easier to encrypt things, and there is no excuse for it and none of the providers charge extra for, uh, encryption, which is amazing, and you absolutely want to be taking advantage of that, and you want to be as granular as possible with your IAM, uh, and as reasonable, okay?<\/p>\n<p>So, there\u2019s a line here, and a lot of the data stores that are native to the cloud service providers, you can go right down to the data cell level and say, Mark has access, or Mark doesn\u2019t have access to this cell.<\/p>\n<p>That can be highly effective, and maybe right for your use case. It might be too much as well.<\/p>\n<p>But, the nice thing is that you have that option. It\u2019s integrated, it\u2019s pretty straightforward to implement, and then, uh, when we look here, uh, sorry. and then, finally you want to be looking at lifecycle strategies to keep your costs under control.<\/p>\n<p>Um, data really spins out of control when you don\u2019t have to worry about capacity. All of the cloud service providers have some fantastic automations in place.<\/p>\n<p>Basically, just giving you, uh, very simple rules to say, \u201cOkay, after 90 days, move this over to cheaper storage. After 180 days, you know, get rid of it completely, or put it in cold storage.\u201d<\/p>\n<p>Take advantage of those or your bill\u2019s going to spiral out of control, and, and that relates to availability \u2018cause uh, uh, and reliability, \u2018cause the more you\u2019re spending on that kind of stuff, the less you have to spend on other areas like security and operational efficiency.<\/p>\n<p>So, that brings us to our next big security question. Is this working?<\/p>\n<p>[00:15:00] How do you know if any of this stuff is working? Well, you want to talk about the concept of traceability. Traceability is a, you know, somewhat formal definition, but for me it really comes down to where did this come from, who can access it, and when did they access it?<\/p>\n<p>That ties very closely with the concept of observability. Basically, the ability to look at, uh, closed systems and to infer what\u2019s going on inside based on what\u2019s coming into that system, and what\u2019s leaving that system, really what\u2019s going on.<\/p>\n<p>There\u2019s some great tools here from the service providers. Again, you want to look at, uh, Amazon CloudWatch, uh, Azure Monitor and the Google Cloud operations, uh, suite. Um, and here this leads us to the key, okay?<\/p>\n<p>This is the key to simplifying everything, and I know we\u2019ve covered a ton in this presentation, but I really want you to take a good look at this slide, and again, hit me up, uh, @marknca, happy to answer any questions with, questions afterwards as well here, um, that this will really, really make this simple, and this will really take your security practice to the next level.<\/p>\n<p>If the idea of something happened in your, cloud system, right? In your deployment, there\u2019s a trigger, and then, it either is generating an event or a log.<\/p>\n<p>If you go the bottom row here, you\u2019ve got a log, which you can then react to in a function to deliver some sort of result. That\u2019s the slow-lane on the bottom.<\/p>\n<p>We\u2019re talking minutes here. You also have the top lane where your trigger fires off an event, and then, you react to that with a function, and then, you get a result in the fast lane.<\/p>\n<p>These things happen in seconds, sub-second time. You start to build out your security practice based on this model.<\/p>\n<p>You start automating more and more in these functions, whether it\u2019s, uh, Lambda, whether it\u2019s Cloud Functions, whether it\u2019s Azure Functions, it doesn\u2019t matter.<\/p>\n<p>The CSPs all offer the same core functionality here. This is the critical, critical success metric, is that when you start reacting in the fast lane automatically to things, so if you see that a security event is triggered from like your malware, uh, on your, uh, virtual machine, you can lock that off, and have a new one spin up automatically.<\/p>\n<p>Um, if you\u2019re looking for compliance stuff, the slow lane is the place to go, because it takes minutes.<\/p>\n<p>Reactions happen up top, more, um, stately or more sedate things, so somebody logging into a system is both up top and down low, so up top, if you logged into a VPC or into, um, an instance, or a virtual machine, you\u2019d have a trigger fire off and maybe ask me immediately, \u201cMark, did you log into the system? Uh, \u2018cause you\u2019re, you know, you\u2019re not supposed to be.\u201d<\/p>\n<p>But then I\u2019d respond and say, \u201cYeah, I, I did log in.\u201d So, immediately you don\u2019t have to respond. It\u2019s not an incident response scenario, but on the bottom track, maybe you\u2019re tracking how many times I\u2019ve logged in.<\/p>\n<p>And after the three or fourth time maybe someone comes by, and has a chat with me, and says, \u201cHey, do you keep logging into these systems? Can\u2019t you fix it upstream in the deployment, uh, and build a pipeline \u2018cause that\u2019s where we need to be moving?\u201d<\/p>\n<p>So, you\u2019ll find this balance, and this concept, I just wanted to get into your heads right now of automating your security practice. If you have a checklist, it should be sitting in a model like this, because it\u2019ll help you, uh, reduce your workload, right?<\/p>\n<p>The idea is to get as much automated possible, and keep things in very clear, and simple boundaries, and what\u2019s more simple than having every security action listed as an automated function, uh, sitting in a code repository somewhere?<\/p>\n<p>[00:18:00] Fantastic approach to modern security practice in the cloud. Very simple, very clear. Yes, difficult to implement. It can be, but it\u2019s an awesome, simple mental model to keep in your head that everything gets automated as a function based on a trigger somewhere.<\/p>\n<p>So, what are the keys to success? What are the keys to keeping this cloud security thing simple? And, hopefully you\u2019ve realized the difference between a simple mental model, and the challenges, uh, in, uh, implementation.<\/p>\n<p>It can be difficult. It\u2019s not easy to implement, but the mental model needs to be kept simple, right? Keep things in their own VPCs, and their own accounts, automate everything. Very, very simple approach. Everything fits into this s- into this structure, so the keys here are remembering the goal.<\/p>\n<p>Make sure that cybersecurity, uh, is making sure that whatever you build works as intended and only as intended. It\u2019s understanding the shared responsibility model, and it\u2019s really looking at, uh, having a plan through cloud adoption frameworks, how to build well, which is a, uh, a concept called the Well-Architected Framework.<\/p>\n<p>It\u2019s specific to AWS, but it\u2019s generic, um, its principles, it can be applied everywhere. We didn\u2019t cover it here, but I\u2019ll put the links, um, in the materials for you, uh, as well as remembering systems over people, right?<\/p>\n<p>Adding the right controls at the right time, uh, and then, finally observing and react. Be vigilant, practice. You\u2019re not going to get this right out of the gates, uh, perfect.<\/p>\n<p>You\u2019re going to have to refine, iterate, and then it\u2019s extremely cloud friendly. That is the cloud model is, get it out there, iterate quickly, but putting the structures in place, you\u2019re not going to make sure that you\u2019re not doing that in an insecure manner.<\/p>\n<p>Thank you very much, uh, here\u2019s a couple of links that\u2019ll help you out before we take some Q&amp;A here, um, <a href=\"http:\/\/trendmicro.com\/cloud\">trendmicro.com\/cloud<\/a> will get you to the products to learn more. We\u2019re also doing this really cool streaming.<\/p>\n<p>Uh, I host a show called Let\u2019s Talk Cloud. Um, we uh, interview experts, uh, and have a great conversation around, um, what they\u2019re talking about, uh, in the cloud, what they\u2019re working on, and not just around security, but just in building in general.<\/p>\n<p>You can hit that up at trendtalks.fyi. Um, and again, hit me up on social @marknca.<\/p>\n<p>So, we have a couple of questions to kick this off, and you can put more questions in the webinar here, and they will send them along, or answer them in kind if they can.<\/p>\n<p>Um, and that\u2019s really what these are about, is the interaction is getting that, um, to and from. So, the first question that I wanted to tackle is an interesting one, and it\u2019s really that systems over people.<\/p>\n<p>Um, you heard me mention it in the, uh, in the end and the question is really what does that mean systems over people? Isn\u2019t security really about people\u2019s expertise?<\/p>\n<p>And, yes and no, so if you are a SOC analyst, if you are working in a security, uh, role right now, I am really confident saying that 80%, 90% of what you do right now could be delegated out to a system.<\/p>\n<p>So, if you were looking at log lines, and stuff that should be done by systems and bubble up, just the goal for you to investigate to do what people are good at in systems are bad at, so systems mean, uh, you know, putting in, uh, to build pipeline, putting in container scanning in the build pipeline, so that you have to manually scan stuff, right to get rid of the basics. Is that a pen test? 100% no.<\/p>\n<p>Um, but it gets rid of that, hey, you didn\u2019t upgrade to, um, you know, this version of this library.<\/p>\n<p>[00:21:00] That\u2019s all automated, and those, the more systems you get in place, the more you as a security professional, or your security team will be able to focus on where they can really deliver value and frankly, where it\u2019s more interesting work, so that\u2019s what systems over people mean, is basically automate as much as you can to get people doing what people are really good at, and to make sure that the systems catch what we make as mistakes all the time.<\/p>\n<p>If you accidentally try to push an old build out, you know that systems should stop that, if you push a build that hasn\u2019t been checked by that container scanning or by, um, you know, it doesn\u2019t have the appropriate security policy in place.<\/p>\n<p>Systems should catch all that humans shouldn\u2019t have to worry about it at all. That\u2019s systems over processing. You saw that on the, uh, keys to success slide here. I\u2019ll just pull it up. Um, you know, is that, that\u2019s absolutely key.<\/p>\n<p>Another question that we had, uh, was what we didn\u2019t get into here, which was around the Well-Architected Framework. Now, this is a document that was published by AWS, uh, a number of years back, and they\u2019ve kept it going.<\/p>\n<p>They\u2019ve evolved it and essentially it has five pillars. Um, performance, efficiency, uh, op- reliability, security, cost optimization, and operational excellence. Hey, I\u2019ve got all five.<\/p>\n<p>Um, and really [laughs] what that is, is it\u2019s about how to take advantage of these cloud tools.<\/p>\n<p>Now, AWS publishes it, but honestly it applies to Azure, it applies to Google Cloud as well. It\u2019s not service specific. It teaches you how to build in the cloud, and obviously security is one of those big pillars, but it\u2019s\u2026 so talking about teaching you how to make those trade offs, how to build an innovation flywheel, so that you have an idea, test it, uh, get the feedback from it, and move forward.<\/p>\n<p>Um, and that\u2019s really, really key. Again, now you should be reading that even if you are an Azure, or GCP customer or, uh, that\u2019s where you\u2019re putting your most of your stuff, because it\u2019s really about the principles, and everything we do, and encourage people to build well, it means that there\u2019s less security issues, right?<\/p>\n<p>Especially we know that the number one problem is mistakes.<\/p>\n<p>That leads to the last question we have here, which is about that, how can I say that cyber criminals, you don\u2019t need to worry about them.<\/p>\n<p>You need to worry about mistakes? That\u2019s a good question. It\u2019s valid, and, um, Trend Micro does a huge amount of research around cyber criminals. I do a whole huge amount of research around cyber criminals.<\/p>\n<p>Uh, my training, by training, and by professional experience. I\u2019m a forensic investigator. This is what I do is take down cyber crimes. Um, but I think mistakes are the number one thing that we deal with in the cloud simply because of the underlying complexity.<\/p>\n<p>I know it\u2019s ironic, and to talk about simplicity, to talk about complexity, but the idea is, um, is that you look at all the major breaches, especially around s3 buckets, those are all m- based on mistake.<\/p>\n<p>There\u2019ve been billions, and billions, and billions of records, and, uh, millions of dollars of damage exposed because of simple mistakes, and that is far more common, uh, than cyber criminals.<\/p>\n<p>And yes, cyber crimes you have [inaudible 00:23:32] worry. You have to worry about them, but everything you\u2019re going to do to fix mistakes, and to put systems in place to stop those mistakes from happening is also going to be for your pr- uh, protection up against cyber criminals, and honestly, if you\u2019re the guy who runs around your organization\u2019s screaming about cyber criminals all the time, you\u2019re far less credible than if you\u2019re saying, \u201cHey, I want to make sure that we build really, really well, and don\u2019t make mistakes.\u201d<\/p>\n<p>Thank you for taking the time. My name\u2019s Mark Nunnikhoven. I\u2019m the vice president of cloud research at Trend Micro. I\u2019m also an AWS community hero, and I love this stuff. Hit me up on social @marknca. Happy to chat more.<!-- AddThis Advanced Settings above via filter on the_content --><!-- AddThis Advanced Settings below via filter on the_content --><!-- AddThis Button BEGIN --><\/p>\n<p> Read More <a href=\"https:\/\/blog.trendmicro.com\/cloud-security-is-simple\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Cloud security is simple, absolutely simple. Stop over complicating it.&#8221; This is how I kicked off a presentation I gave at the CyberRisk Alliance, Cloud Security Summit on Apr 17 of this year. And I truly believe that cloud security is simple, but that does not mean easy. You need the right strategy. As I&#8230;<br \/>\nThe post Cloud Security Is Simple, Absolutely Simple. appeared first on . Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":35954,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[127,1089,1253,536,600],"class_list":["post-35953","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-aws","tag-azure","tag-cloud-computing","tag-cloud-security","tag-google-cloud"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cloud Security Is Simple, Absolutely Simple. 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cloud Security Is Simple, Absolutely Simple. 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-08T13:12:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/cloud-security-is-simple-absolutely-simple.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"169\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"27 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Cloud Security Is Simple, Absolutely Simple.\",\"datePublished\":\"2020-07-08T13:12:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/\"},\"wordCount\":5498,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/cloud-security-is-simple-absolutely-simple.jpg\",\"keywords\":[\"AWS\",\"Azure\",\"cloud computing\",\"Cloud Security\",\"google cloud\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/\",\"name\":\"Cloud Security Is Simple, Absolutely Simple. 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/cloud-security-is-simple-absolutely-simple.jpg\",\"datePublished\":\"2020-07-08T13:12:45+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/cloud-security-is-simple-absolutely-simple.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/cloud-security-is-simple-absolutely-simple.jpg\",\"width\":300,\"height\":169},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cloud-security-is-simple-absolutely-simple\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/aws\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cloud Security Is Simple, Absolutely Simple.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cloud Security Is Simple, Absolutely Simple. 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/","og_locale":"en_US","og_type":"article","og_title":"Cloud Security Is Simple, Absolutely Simple. 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-07-08T13:12:45+00:00","og_image":[{"width":300,"height":169,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/cloud-security-is-simple-absolutely-simple.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"27 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Cloud Security Is Simple, Absolutely Simple.","datePublished":"2020-07-08T13:12:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/"},"wordCount":5498,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/cloud-security-is-simple-absolutely-simple.jpg","keywords":["AWS","Azure","cloud computing","Cloud Security","google cloud"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/","url":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/","name":"Cloud Security Is Simple, Absolutely Simple. 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/cloud-security-is-simple-absolutely-simple.jpg","datePublished":"2020-07-08T13:12:45+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/cloud-security-is-simple-absolutely-simple.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/cloud-security-is-simple-absolutely-simple.jpg","width":300,"height":169},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/cloud-security-is-simple-absolutely-simple\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"AWS","item":"https:\/\/www.threatshub.org\/blog\/tag\/aws\/"},{"@type":"ListItem","position":3,"name":"Cloud Security Is Simple, Absolutely Simple."}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35953"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35953\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/35954"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}