Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF
New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF
Building Custom Scenarios with CNAPPgoat
You can now construct and import your own vulnerability scenarios into CNAPPgoat, enhancing your cloud security skills
The MGM Breach and the Role of IdP in Modern Cyber Attacks
A deep dive into the recent MGM breach and our insights into the actor behind the attack and possible mitigations.
What’s New with CNAPPgoat?
Read about the newest, expanded features in the Ermetic [now Tenable Cloud Security] open source vulnerable-by-design tool for enhancing your security skills
Stronger Together: Writing a New Chapter in Cloud Security
We’re excited to share that Tenable has announced intent to acquire Ermetic.
The Benefits of Cloud Entitlement Management
Cloud identities and entitlements pose grave challenges - learn about the benefits of CIEM solutions and KPIs for measuring them
CNAPPgoat: The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources
All about CNAPPgoat, our open-source project designed to modularly provision vulnerable-by-design components in cloud environments.
Do I Need CNAPP If We’re Only Starting to Deploy to the Cloud?
It’s a leading question because no matter how new you are to the cloud you need CNAPP – find out why
Secure Your Cloud – Know the Difference between CSPM and KSPM
Conventional CSPM tools don’t sufficiently cover K8s clusters – dedicated tools are a must to address Kubernetes’s unique challenges
Shared Responsibility Model in the Cloud
CSPs have embraced a “shared responsibility model” to define the security responsibilities for different components of the architecture
Mastering the Art of Kubernetes Security
With Kubernetes’ explosive adoption by the development community comes an urgent need to secure K8s clusters and ensure their compliance effectively
Cloud Workload Protection (CWP) Best Practice – Focus on Impact, Not Volume
How to do CWP right to prepare your organization and protect it from the next widespread vulnerability
Federating Kubernetes Workloads with Cloud Identities
Your K8s workloads legitimately need access to sensitive cloud resources – federated identities let you grant it easily and securely
Navigating Cloud Security: Why Segregating Environments from Dev to Production is so Important
Segregation in cloud environments is important for security - this post explores why and offers best practice tips for acting on it.
Managing Cloud Compliance and Security Posture with Cloud Compliance Tools
Why compliance and access security in the public cloud are so challenging – and how carefully chosen CSPM tools can help
A Letter from the CEO
Introducing our Cloud-Native Application Protection Platform
Perceived Cloud Security vs. Reality: Test Yourself
Shun complacency -- your cloud security probably needs to be better than you, or your organization, perceive it to be
How to Implement CIEM – A Checklist
What differentiates a CIEM solution from other cloud security platforms, and how should a CIEM be used in an organization? Read on to find out.
Fauda: When Hollywood and Cybersecurity Meet
The newest season of Fauda, now streaming on Netflix, is a real Hollywood meets Cybersecurity moment. Find out how realistic - or not - it is.
Why JIT Access is an Essential Part of Cloud Security
Automating JIT in the cloud is win-win for improving security and business productivity -- and cracks a nut that PAM can’t
Your Guide to IAM – and IAM Security in the Cloud
A look at how IAM works and how CIEM enhances IAM security in the cloud.
Usable Cloud Security – The Antidote to Cloud Complexity
Cloud security risk is ubiquitous yet manageable if you accept cloud complexity and seek solutions focused on usability and insights you can act on.
Sealing Off Your Cloud’s Blast Radius
Understand the challenges of securing your cloud and key best practices for minimizing your cloud’s blast radius
6 Cloud Security Tips For 3rd-Party Risk
It's critical to understand the security risk that third parties pose to your cloud infrastructure and how managing 3rd-party access using secure practices can help.
How to Improve Your Incident Response in the Cloud
A look at the security best practices and mindset to adopt to better detect and recover from malicious activity in your cloud infrastructure
What You Should Know about the New OpenSSL Vulnerability
How to detect which OpenSSL version you’re running and if your organization is exposed to the critical OpenSSL vulnerabilities - CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) - and what to do about it.
IBM Cost of a Data Breach 2022 – Highlights for Cloud Security Professionals
Learn from the 2022 IBM report about the true cost of ransomware, compromised credentials and other breaches.
Verizon’s 2022 Data Breach Report – Insights for Cloud Security Professionals
Wondering which cyber attack trends are putting your organization at risk? Learn about the leading threat vectors – and how cloud security solutions can help.
Five Lessons Every Cybersecurity Team Can Learn from the Uber Incident
Upon hearing of a cyber security incident, alleged or factual, the most productive thing to do is learn what you can from its main lessons
IDSA Introduces CIEM Best Practices
The Identity Defined Security Alliance recently announced their list of Best Practices for Cloud Infrastructure Entitlement Management.
96% Could Have Prevented Their Identity Breach – IDSA
Identity-related breaches are on the rise but security and IAM pros are not idle. Learn from this survey how they are staving off the next attack.
DevSecOps: An Organizational Fix for Improving Cloud Security – Friction-free
By implementing the DevSecOps culture, tools and training, you’ll be on your way to more shift left security and less organizational friction. Here’s how.
Facing the Shift-Left Security Conundrum. A True Story
Shift left security is hot – until it's not. Dynamic business requirements and cloud complexity pose major least privilege challenges.
3 Types of Cyber Attackers: Which Organizations Do They Target?
Is an attacker interested in your organization? Probably. Deconstructing the PoV of cyber attackers is key to defending your turf.
Cloud Native and the Hype of Security
Through proper understanding and support, your organization can ensure it is secure while operating in the cloud and start taking advantage of the many possibilities present.
What are CSPM solutions?
What are CSPM solutions and how can they help organizations stay compliant and avoid the security risks of misconfigurations? Answers (and more) inside.
Cloud and Data Security for Financial Services
Financial service organizations are adopting the cloud at a rapid pace. A robust solution for compliance and cloud security will ensure they enjoy all the benefits.
AWS, Azure and GCP: The Ultimate IAM Comparison
AWS vs. Azure vs. GCP - how do these cloud providers compare when it comes to IAM? Read on to find out.
Securing Your Cloud with Zero Trust and Least Privilege
Zero trust could be the solution for your modern security perils. Read on to discover what zero trust and least privilege are – and how to get started.
Verizon’s Data Breach Report – Insights for Cloud Security Professionals
Select highlights from Verizon’s recent Data Breach Investigations Report (DBIR) that may interest cloud security professionals – and suggested actions
How to Operationalize a Cloud Security Solution
How to successfully operationalize your cloud security solution in 4 easy steps – and why fast and effective operationalization matters
Lessons Learned in Cloud Security from Lapsus$ Surfacing
Cloud security practitioners can learn about the best practices that reduce the threat of cyber attacks from groups like Lapsus$.
7 Cloud Security Trends That May Impact Your Cloud Security Planning
From leading CSPs to growing interest in multicloud, here’s what’s trending in measurable search traffic around cloud security - and what it means for security and IT teams.
3 Cloud IAM Security Questions You Must Be Able to Answer
It doesn’t matter if it’s AWS, GCP or Azure IAM, cloud deployment is redefining the work of IAM professionals
Cloud Identities and the Not So Long and Slightly Winding Road to Governance
A look at Forrester’s roadmap for the deployment and use of CIG to decrease the cloud threat surface and the costs of cloud data protection.
How CSPM and CIEM may Solve your Cloud Compliance Challenges
With compliance essential to your organization, what strategy to take? Can you rely on a standard cloud security posture management tool – or do you need more?
How a Healthcare Provider Secures Its Cloud Infrastructure
Insights from a healthcare security executive on how automating risk mitigation and compliance boosted their cloud infrastructure security.
Cloud Native Application Protection Platform (CNAPP): An Evolving Approach to Cloud Security
A closer look at the newest Cloud Security category as defined by Gartner: Cloud Native Application Protection Platform (CNAPP).
Top 7 Questions to Ask During a POC with a Cloud Security Vendor
A useful set of questions to help you get the most out of your upcoming POC -- and ensure that the solution will meet your cloud security needs.
Top 6 Questions You Should Ask a Cloud Security Vendor
Choosing a cloud security platform and tools is not for the weak of heart – so much at stake! This framework can help you decide which vendor is right for you.
Reaching for the Clouds with Our $70M Series B Financing
Ermetic is proud to have closed our Series B financing, enabling us to continue building the best cloud security platform that focuses on what matters.
How to Start Up Your Cloud Security
Startups may think they can postpone implementing a cloud security program but should in fact take early action - here’s why, and easy steps for doing so.
Useful Tips for Choosing a Cloud Security Vendor
A guide for what to take into account when starting to evaluate cloud security solutions. What to consider, how to determine value and how to navigate between capabilities and your needs.
The Top 24 Cloud Security Threats for Cyber Security Professionals
The complete checklist of threats and security gaps out to get your cloud
CISO’s First 100 Days: A Guide to Getting Started
Everything you need to know about securing your cloud as a CISO.
Why Managing Security Posture and Entitlements from One Place Makes Sense
How a unified CSPM/CIEM platform can provide solutions to highly prioritized security risks, with minimal overhead.
The Importance of Identity and Access Management (IAM) in Cloud Infrastructure
How to manage human and service identities, and their entitlements, to secure your cloud infrastructure.
Repokid and Beyond: AWS Least Privilege, Gift-Wrapped
Travis McPeak explains why least privilege is so hard to achieve and how the automated approach works.
State of Cloud Security 2021: More Aware Yet Very Exposed
Dan Yachin digs into our State of Cloud Security 2021 Report and shares his insight.
Why Privileged Access Management (PAM) Fails Cloud Infrastructure…and What to do About it
PAM, its challenges for AWS, GCP and Azure environments - and CIEM as a solution.
TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements
Examining the news that TeamTNT is targeting 16 more applications, including Google Cloud.
Best Practices for Securing Public Cloud Infrastructure
Bruce's suggestions for securing public cloud infrastructure, across industries.
Cloud Security: What’s Good for Fintech Is Good for… All Our Clients
Mohara shares how Ermetic keeps things secure and management-sane inside their cloud software development shop.
Introducing the Ermetic Advisory Board: Gerhard Eschelbeck, Former CISO of Google
We recently announced the formation of the Ermetic Advisory Board which includes a who’s who of CISOs and cloud security experts from the technology, media and communications sectors. So who *are* these experts? In recent posts, we met Travis McPeak of Netflix, Adrian Ludwig of Atlassian and Elie AbenMoha of Publicis Groupe. Next up is Gerhard Eschelbeck, the former […]
Cloud infrastructure is not immune from the SolarWinds Orion breach
Organizations exposed to the SolarWinds breach must identify exposed credentials and rotate them asap.
Introducing the Ermetic Advisory Board: Elie AbenMoha of Publicis Groupe
Thoughts on cloud security from advisory board member Elie AbenMoha of Publicis Groupe
Introducing the Ermetic Advisory Board: Adrian Ludwig of Atlassian
Adrian Ludwig of Atlassian shares his predictions and insights on public cloud security.
The Three Ways of DevOps
Applying least privilege to cloud instances without adding bulk and delays to your pipeline.
Protect Applications and Data with Cloud Infrastructure Entitlements Management (CIEM)
Breaking down the hype around Cloud Infrastructure Entitlements Management (CIEM).
The Challenges of Securing Data Access in the Cloud, Part 4 (of 4)
Part 4 (of 4) - Sharing and Chaining Roles
The Challenges of Securing Data Access in the Cloud, Part 3 (of 4)
Part 3 - Looking beyond AWS IAM roles
The Challenges of Securing Data Access in the Cloud, Part 2 (of 4)
Part 2 (of 4): A closer look at IAM policies
The Challenges of Securing Data Access in the Cloud, Part 1 (of 4)
Part 1: Why is it so complicated to manage identities and entitlements in the cloud?
Why Information Security Must be as Adaptable as the Environment it Protects
Why information security must be more deeply integrated into everyday processes through intelligent automation.