How to protect your business from data breaches with Panoptica

In this blog, we’re going to discuss and demonstrate how to use Panoptica to protect your business from data exposure, and even more importantly, data breaches.

To begin with, let us do a brief recap of the forensic analysis of one of the most publicized data breaches from last year: the Pegasus Airlines data breach. This breach occurred on a publicly exposed Amazon Simple Storage Service (S3) bucket that contained over 23 million files of confidential, proprietary, and even Personally Identifiable Information (PII). Everything you needed to fly one of their aircraft was in there, as well as passwords and secret keys to gain further access to sensitive files. Not only that, but 1.6M files of personally identifiable information was breached, including employee photos and signatures.

As shocking as this breach was, it’s even more astonishing to realize that this attack vector is actually a very common one. According to a recent study, approximately 72% of organizations possess at least one Amazon S3 Bucket that has been configured for public read access. As dramatically exemplified by the Pegasus Airlines incident, this vulnerability presents a significant risk to businesses, often serving as a primary factor in various data breaches. Despite the default privacy setting for an S3 bucket being "private," inadvertent misconfigurations and human error may inadvertently expose these to the public.

Additionally, to make matters worse, the same study showed that 33% of organizations have unencrypted sensitive data, including secrets and PII, within their cloud assets. Such a posture significantly exacerbates the damage and expense caused by such data breaches. In fact, according to IBM, the current global average cost of a data breach is now $4.45M.

So how can you protect your business from such data exposure and breaches? Panoptica, the Cisco Cloud Application Security solution, makes this easy. Let’s take a look at how.

If, as an operator, I happen to know the specific attack vector of a given data breach, I can search Panoptica’s powerful graph database for this. For example, I can enter “S3” directly into a Search query box as shown below:

This returns all vulnerabilities relating to Amazon S3 buckets within my cloud infrastructure, including the specific vector we have been discussing, as highlighted below:

Clicking on the highlighted header provides me more details about this vulnerability, as shown below.

These details not only tells me what the exposure is and where I have this exposure in my environment, but also how to remediate it. Remediation details are presented both as a summary of steps to be taken as well as the corresponding command-line interface (CLI) needed to patch it. For example in this case, the manual steps to be taken include:

1. Sign into the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/
2. In the buckets list, choose demo-s3-bucket-public-and-unencrypted-demo-panoptica.
3. Choose Permissions.
4. Choose Edit to change the public access settings for the bucket.
5. Set all to True, and then choose Save.
6. When you're asked for confirmation, enter confirm. Then choose Confirm to save your changes.

However, to expedite remediation, Panoptica also provides me with dynamically-generated and custom-tailored commands to quickly address the vulnerability, which in this case translates to: