Misconfiguration of serverless workloads is a significant security risk in cloud environments.
Excessive permissions granted to serverless functions, lack of security controls around functions, and misconfigured third-party services are common misconfigurations that can lead to data breaches and other security incidents.
One of the most common misconfigurations in serverless workloads is excessive permissions granted to functions.
Serverless functions typically require specific permissions to access resources in the cloud environment, such as databases or object storage.
If these permissions are misconfigured or overly permissive, an attacker can gain access to sensitive data or even take control of the entire environment.
ID:T0177
Type:Technique
Tactic:Impact
Summary:Misconfiguration of serverless workloads
State:Draft
Mitigations
ID
TYPE
SUMMARY
DESCRIPTION
M1550
Mitigation
Mitigation Implement strict access control for clouds Limit access to cloud resources to only authorized users and ensure that proper authentication and authorization mechanisms are in place.
Mitigation Implement strict access control for clouds Limit access to cloud resources to only authorized users and ensure that proper authentication and authorization mechanisms are in place.
M1720
Mitigation
Mitigation Implement regular patches and updates Regular patches and updates are necessary to improve the security, performance, and reliability of software and systems.
They include bug fixes, security updates, and performance improvements. Regular patches and updates also ensure compatibility with new technologies and can help maintain compliance with regulatory standards. Failure to install patches and updates can leave systems vulnerable to security threats, cause system failures or crashes, and limit the functionality of software and systems.
M1770
Mitigation
Mitigation Implement least privilege principle for serverless workloads Serverless functions should be granted only the permissions they require to perform their specific task, and no more.
By implementing the principle of least privilege, organizations can reduce the risk of an attacker gaining access to sensitive resources.
M1771
Mitigation
Mitigation Regularly review and update permissions Organizations should review and update the permissions granted to serverless functions on a regular basis.
This can help to identify and remediate any misconfigurations or overly permissive permissions.
Detections
ID
TYPE
SUMMARY
DESCRIPTION
D1260
Detection
Detection Implement regular security audit and review Conduct regular security audits and vulnerability assessments of your systems and storages configurations to identify and address any potential misconfigurations or vulnerabilities that could lead to exposed storage.
This includes reviewing access controls, encryption settings, and other security configurations to ensure they are aligned with best practices and organizational security policies.
D1261
Detection
Detection Implement penetration testing Penetration testing, also known as ethical hacking or vulnerability assessment, is a proactive approach to mitigating cybersecurity risks.
It involves simulating real-world cyber attacks on a system, network, or application in a controlled and authorized manner to identify vulnerabilities and weaknesses that could be exploited by malicious actors.
D1262
Detection
Detection Implement vulnerability assesment Vulnerability assessment is a proactive approach to mitigating cybersecurity risks by systematically identifying, evaluating, and prioritizing vulnerabilities in a system, network, or application.
It involves conducting regular assessments to identify potential weaknesses that could be exploited by attackers, and taking appropriate actions to remediate or mitigate those vulnerabilities.
D1500
Detection
Detection Configure monitoring of used artifacts and open-source libraries Implement regular scanning of used artifacts and open-source libraries for known vulnerabilities.
Set up monitoring of reported issues based on regular scanning results.
D1510
Detection
Detection Implement Intrusion Detection System and anti-malware An intrusion detection system (IDS) is a security tool designed to detect and alert on unauthorized access to a computer system or network.
Implementing intrusion detection systems (IDS) and anti-malware software can help to identify and block malicious activity. IDS is a critical security tool that helps organizations to detect and respond to security incidents in a timely manner. By providing real-time monitoring and analysis of network traffic, IDS can help organizations to stay ahead of potential threats and reduce the risk of a security breach.
AppSec teams are overwhelmed by useless alerts, managing numerous applications with vulnerabilities across various kill-chain stages, making them increasingly susceptible to successful attacks.
