Automatic AWS cloud security analysis
Foreseeti, Klarna, and KTH have been awarded funding from Vinnova, Sweden’s Innovation Agency, for the project “Proactive risk and threat simulations in the cloud.”
The increasing introduction of cloud-based environments and the acquisition of IT as a service in organizations around the world has created new opportunities but also risks. The enormous flexibility and scalability that a cloud-based architecture offers makes it difficult to manually map out environments, potential vulnerabilities, and potential threats to critical assets. A clear understanding of the threat picture is a prerequisite for effective defense. Software-based vulnerability scanning and misconfiguration tools facilitate security work in cloud environments by finding and reporting technical errors but provides no overview of the overall risk or how different investments and priorities in security work can affect the overall risk. Today's threat modeling and simulation tools are not created to handle the huge pace of change that cloud environments allow and risk analyses are becoming very out of date.
The project will design, implement, and test a tool for proactive risk and threat simulations in the cloud. The prototype exposes cloud environments to simulated attacks and provides important knowledge about how to secure the cloud from threats and prioritize technical and structural vulnerabilities as well as future investments in security.
Article by: Robert Lagerström, Associate Professor in Software Systems Architecture & Security, KTH & foreseeti
For more information (in Swedish)