/1.%20Visuals/Website/Icons/RegulatoryCompliance_Visuals_Navigation%20(1).png?width=40&height=40&name=RegulatoryCompliance_Visuals_Navigation%20(1).png){kind=icon}
/1.%20Visuals/Website/Icons/Testing_Visuals_IconNavigation%20(1).png?width=40&height=40&name=Testing_Visuals_IconNavigation%20(1).png){kind=icon}
/1.%20Visuals/Website/Icons/CTG%20Academy.png?height=56&name=CTG%20Academy.png){kind=icon}
Global
Austria
Belgium
Denmark
Germany
Italy
Romania
Sweden
The Netherlands
United Kingdom
United States.jpeg?width=56&height=56&name=MicrosoftTeams-image%20(14).jpeg)
Addressing an insecurely configured API
When one of our SOC (Security Operations Center) clients faced an attack on their cloud infrastructure, our SOC promptly detected the breach. Upon analyzing the incident, it became evident that the client had exposed an insecurely configured API. As a result, the attackers managed to gain unauthorized access via the API.
We addressed this breach in three distinct stages:
-
Respond
We effectively isolated the breach to prevent further spread and potential threats to other systems. To achieve this, we ensured that API communications were confined within a secure internal network, eliminating public exposure. Additionally, we implemented Azure Landing Zones (based on the Microsoft Cloud Adoption Framework) for the client: pre-configured cloud environments designed to restrict unauthorized API access and to enforce zero-trust security principles.
-
Remediate
After containing the unauthorized activity within the client’s environment, our SOC team swiftly terminated the threat. We revoked compromised service account tokens and enforced automatic secret rotation, effectively neutralizing persistent threats.
-
Recover
We hardened the client’s cloud environment using our automated compliance framework. This enforces secure configurations and prevents misconfigurations similar to the one that was attacked in our client’s case. We also restricted administrative privileges to essential users, thereby minimizing the attack surface. Furthermore, to mitigate lateral movement in the event of a breach, we isolated workloads and restricted network communication between system components. The client now uses our Resilient Cloud solution because they recognize the benefits of having a single service provider that not only manages the security aspect, but can also harden the underlying infrastructure layer.
Combining proactive and reactive measures
The Resilient Cloud consists of two parts. First, we create a secure cloud environment for our clients through proactive measures for protection. But even with optimal protection, every IT environment will still be attacked, so the second part is continuously monitoring the client’s environment, employing reactive measures to handle incidents.
We are not tied to any specific platform, service, or cloud provider. Our Resilient Cloud framework can be set up either on-premises or on cloud platforms from a variety of vendors.
Let’s examine how both parts function within Microsoft Azure.
Establishing a secure cloud environment
By creating a secure cloud environment, we take proactive measures to protect your cloud applications from various threats and vulnerabilities. Within Microsoft Azure, Defender for Cloud assists in incorporating sound security practices and identifying attacks on your cloud infrastructure.
We create an Azure landing zone for your applications. This is a pre-configured cloud environment that offers baseline security features and health guard services to monitor your infrastructure. These security features are based on the Microsoft Cloud Adoption Framework (CAF) for Azure.
This Azure landing zone implements Microsoft’s best practices for cloud environments, including identity and access management, firewall rules, and encryption policies. We supplement these with additional guardrails for governance, compliance, and security, informed by Cegeka’s industry-specific insights addressing client risks across financial, retail, and other sectors.
For example, when one of your developers launches a container in your secure cloud environment, its configuration will be checked against the required security policy. Should any violation occur, such as an exposed API lacking authentication, this will be automatically reported.
Monitoring your environment with a modern SOC
Even after implementing strong proactive measures to secure your cloud environment, incidents cannot be entirely ruled out. Therefore, the second part of the Resilient Cloud is important as well: reactive measures to respond, remediate and sometimes even recover from incidents.
Our Cegeka Modern SOC, staffed by experienced security professionals, detects and responds to incidents 24/7. Our SOC provides comprehensive support for the full Microsoft stack and is deeply integrated with tools such as Defender for Cloud, Microsoft Sentinel (a Security Information and Event Management solution), and other technologies..
These tools enables our SOC to handle incidents . This incident handling is done by combining automation and orchestration with human expertise. After important incidents, our SOC analysts can identify the root cause and enhance your security to prevent similar incidents in the future.
Building cyber resilience in the cloud
The Resilient Cloud provides a framework for deploying your applications in the cloud in a secure and compliant way. This ensures comprehensive compliance and offers the flexibility to customize the level of control to meet your specific requirements.
By combining proactive and reactive measures, we make sure that your cloud environment can withstand cyber-attacks without needing in-house security knowledge and skills. This way, the Resilient Cloud empowers you to solve any incident quickly while maintaining business continuity at all times.
/1.%20Visuals/Website/Icons/x-twitter.svg){kind=icon}
