I'm working on a SaaS that will detect publicly shared AWS resources. Not by evaluating policies but by actually testing the availability. Some examples: can a KMS key be used from a 3rd party AWS account, are there any object in an S3 truly exposed publicly, and similar. The motivation is to find truly critical issues in AWS account setup by addressing the first priority items - public exposure.
Another project that is currently only happening in my head - I am thinking about security operations teams that I think often do the same things in different companies. Namely there is a lot of tinkering with detections and alerting, often for the same services. I think this could be cost optimized by being offered as a SaaS.
Yes - pretty much every our engineer with “lead” in title was persietently attacked by them. They were so persistent that we needed to implement a company-wide block on their email domain. After that calls to personal numbers began. It went so far at one point we needed to make threats with legal action.
At one point we were on a market for solutin like theirs and we talked with their engineering (we temporarily lifted the block) and I have to say the product is solid (though not suitable for our needs, due to some specifics). We still use Vector. Soon after we needed to enable the block again.
Actually, PSD2 SCA (Strong Customer Authentication) talks about requiring 2 different elements (out of knowledge, possession, inference) for authentication, while also requiring that information on which one was wrong when authentication failed, to not be disclosed. This directive needs to be implemented by all payment processors in EU (I am not an expert on this).
We have implemented such a system at a company I worked at, where we also took into account the credential stuffing aspect as you talk about it. It is quite challenging to ensure no information leaks (in content and in other request parameters, including response times) when users transition from the partially (un)authenticated state (username + password) towards 2FA. I have to say that security aspect is noticeable in a significant drop in credential stuffing attacks volume, but usability wise I see why this is not a popular approach :). I personally hate it, especially when 2FA that is used is TOTP.
Another project that is currently only happening in my head - I am thinking about security operations teams that I think often do the same things in different companies. Namely there is a lot of tinkering with detections and alerting, often for the same services. I think this could be cost optimized by being offered as a SaaS.
reply