Paul Boal ❄️’s Post

Continuing the discussion around the Ticketmaster data breach... SaaS apps like Snowflake, Databricks, and GitHub are being targeted by APTs, and every company needs to carefully review its SaaS security program. As with any SaaS application, customers have a shared responsibility with the provider to make sure the data is safe. There has been a recent announcement by Snowflake that some of their environments were compromised. "They repeated that there is evidence that the threat actor obtained personal credentials to and accessed demo accounts of a former Snowflake employee, but that the accounts are not connected to the company’s production or corporate systems." (June 1, 2024, Helpnet Security) Snowflake is a critical component of many businesses, with the platform at the core of data collaboration, AI, personalization, and customer engagement initiatives. Securing this critical business infrastructure against threats is critical but can also be complex without the requisite expertise. If you are a Snowflake customer looking to address any unauthorized access to your Snowflake environment immediately, check out this blog article by Obsidian Security. https://lnkd.in/exyPMwwW #cybersecurity #ticketmasterbreach #SaasProtection

The modern IR guide looks more and more like this: Step 1: Find out where MFA is not enabled Step 2: Find out why logs were only partially enabled Step 3: Find out if an existing leak on BreachForums is present Step 4: Find out if which user clicked on a fake Google Ad that make them install an infostealer Step 5: Fill in your 8-K Form

Recent events underscore the critical need to focus on security in SaaS environments like #snowflake and #databricks, especially following the unauthorized access incidents affecting some Snowflake customers. Identity lies at the heart of these challenges. Explore our latest blog to discover how to assess and protect your Snowflake environments: https://lnkd.in/eJVfUk-T #saassecurity #cybersecurity #cloudsecurity

“Varonis has extended its industry-leading Data Security Platform to Databricks. Now, Databricks customers can secure their sensitive data at scale with deep visibility, proactive remediation, and active threat detection…” https://lnkd.in/gNS67Mmv

In the past year, there has been a series of breaches affecting prominent SaaS vendors like Microsoft and Okta, with Snowflake also making headlines recently due to attacks on customer-owned systems. With the increasing risks, organizations must act promptly and efficiently to address and minimize potential threats. This guide outlines essential steps for assessing and responding to possible breaches in Snowflake. "A Practical Guide for Handling Unauthorized Access to Snowflake": https://lnkd.in/e7v8xTHN #CyberSecurity #infosec #informationsecurity #cyber #cloud #cloudsecurity #RiskManagement #dfir #incidentresponse

🔒 Do you have a Snowflake deployment? ❄️ Are you using Snowflake as part of your critical business and data processes? 👩💻 Check out our blog below for guidance on how to secure and audit your snowflake deployment after the recent customer data breaches 📰 #CyberSecurity #DataProtection #Snowflake

In this blog post we have summarised all our security best practices taking into account the latest upgrades. The Security Analysis Tool (SAT) is available for Databricks customers to help harden their environments by reviewing current deployments against our security best practices. It uses a checklist that prioritizes observed deviations by severity and provides links to resources that help resolve outstanding issues. Super useful!.

SQLSatSD: Learnings from the latest breaches: building a data security strategy for SQL Server and Azure SQL by Andreas Wolter SQL Server and Azure SQL provide many different functionalities and services that help you to protect your most valuable asset: your data. But features alone do not protect if not carefully thought through and working in siloed manners. Without a properly planned security strategy, it is too easy to miss gaps between security controls and find oneself exposed when a serious attack occurs. In today’s environment of “hacking as a service”, state-funded and orchestrated hacking groups, being properly prepared for all scenarios can become vital to a company’s survival. In this session, Andreas Wolter, a former program manager for SQL security at Microsoft with over 2 decades of experience working with customers, will reflect on the current threat landscape and explain the most common breach patterns as well as how to stop them from occurring. Under an assumed breach mindset we will look at various attack vectors, discuss what ransomware and data exfiltration attacks have in common, and how that helps us to prevent or limit the blast radius. We will look at how to strategically approach a security concept, which starts at the overall system’s architecture and does not end with encryption alone. This session is aimed at security managers and architects who want to learn how to secure their SQL environments and data not just using the latest technologies and features but also how to approach it strategically. https://buff.ly/3SnQEPx #sqlsatsd #sqlsaturday #sqlsat #sandiego #freeevent

TLS for Sentinel Syslog CEF Data connector(Secure Transfer of logs to Sentinel Log analytics workspace) https://lnkd.in/gKVJ44zu #MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR

Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition