AWS recently launched Claude Platform on AWS, which blends Anthropic’s native Claude Platform with Amazon’s identity and billing fabric. Organizations using both AWS and Anthropic in their tech stack now have a flexible, centralized way to govern identity and access across both cloud and AI. This integration does however introduce ... Read More

Privilege escalation using non-person identities in AWS is nothing new. EC2 instance roles and Lambda execution roles are well understood to be mechanisms for bad actors to elevate their own privileges if not locked down properly. What’s less well understood is the concept of AI-centric identities – how agentic workflows ... Read More

In a company, who owns the cloud? It’s not always clear. Maybe a better question is: who is responsible for the cloud’s cost? That answer is always the head of Operations. This person could be titled as ‘DevOps,’ or running a ‘Platform’ team – the title doesn’t matter. This is ... Read More

Exploring Practical Steps for Cleaning up Identity Sprawl A lot of security tools act like finding the list of unused identities is the hard part. The reality, however, is that running a scan takes 30 seconds to uncover a year’s worth of work. Anyone who’s managed a cloud environment knows ... Read More

As AWS continues to evolve, new services and permissions are frequently introduced to enhance functionality and security. This blog provides a comprehensive recap of new sensitive permissions and services added in August 2024. Our intention in sharing this is to flag the most important releases to keep your eye on ... Read More

The adoption of Cloud Native Application Protection Platforms (CNAPPs) has surged, reflecting a growing recognition of the need for comprehensive security across cloud environments. According to industry reports, the global CNAPP market is projected to grow at a CAGR of over 25% from 2023 to 2028 – and 40% of ... Read More

Reading Time: 5 minutes If you’re not focused on identity and access controls, then you are running blind to today’s threat landscape. Today, identity is what creates a pathway to your sensitive data. Many organizations are still speaking the language of firewalls, antivirus, endpoint protection, and vulnerabilities, yet cloud infrastructure ... Read More

Reading Time: 5 minutes The cloud security solutions market is growing rapidly and there are many types of solutions to support your specific security needs. Figuring out the right solution, let alone the right tool, can be difficult. Adding to this complication. Cloud native applications present new security challenges at ... Read More

Reading Time: 5 minutes We all remember the SolarWinds attack taking up residency in the media headlines back in 2020. If you don’t remember it, in short, the company was targeted by the Nobelium hackers group. This attack was one of the largest of the 21st century and triggered a ... Read More

AWS Security Hub is a cloud security posture management service that performs automated, continuous security best practice checks against your […] The post Monitor Privilege Escalation Risk of Identities from AWS Security Hub, with Integration from Sonrai appeared first on Sonrai Security ... Read More