It’s a new beginning! Ermetic is now Tenable Cloud Security.

BlackHat USA 2022: IAM The One Who Knocks

At BlackHat USA, the Ermetic Research Team presented the hidden risks of managing identities and access in a multicloud environment.

Tenable Cloud Security By Tenable Cloud Security

The Ermetic research team recently presented at BlackHat USA. At their session, they took a deep dive into the hidden risks of managing identities and access in a multi-cloud environment. They exposed access flaws and misconfigurations that attackers can easily abuse to gain access to confidential and sensitive information. They went on to explain the inner workings of each cloud provider's Identity and Access Management (IAM) layers and highlight the differences between each cloud service. They also demonstrated how inconsistent entitlements across cloud resources and services can lead to unintended access and how accountability confusion in the shared responsibility model can enable privilege escalation.

Full abstract and presentation materials can be found here.

Presented by Igal Gofman & Noam Dahan of the Ermetic Research Team

  • Most popular posts

  • Start a free trial

    See how Tenable Cloud Security can help secure your data.

    Start Now

    • Related Articles

    Least Privilege Policy: Automated Analysis Trumps Native AWS Tools

    AWS methods for granting & controlling access, plus native tools for detecting & repairing excessive permissions.

    Lior Zatlavi
    By Lior Zatlavi May 18, 2021

    State of Cloud Security 2021: More Aware Yet Very Exposed

    Dan Yachin digs into our State of Cloud Security 2021 Report and shares his insight.

    Dan Yachin
    By Dan Yachin Jul 01, 2021

    Auditing IAM PassRole: A Problematic Privilege Escalation Permission

    How to determine which identities need iam:PassRole to help enforce “use it or lose it” least-privilege.

    Noam Dahan
    By Noam Dahan Jan 13, 2021
    Skip to content