How secure is your public cloud? Quick wins & best practices

What is cross-tenant risk? How do you spot vulnerabilities? And how can the famous PEACH framework help?

0 minutes read

In the summer of 2021 members of Wiz’s cloud security research team discovered vulnerabilities which enabled them to gain unauthorized access to the widely used Microsoft Azure database service.  

 The team reported accessing thousands of customer environments, or tenants, including those of numerous Fortune 500 companies. Luckily they found the security weaknesses and were able to report them to Microsoft before they could be exploited by hackers.  

The team has since designed the following two-step approach to protect against cross-tenant attacks.  

Get the full story now by listening to the CloudSec 360 session.

Learn more: www.peach.wiz.io/ 

Tags:
EVEN MORE TO DISCOVERReady to see for yourself?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
Chipotle Logo
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Blackstone Logo
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Mars Logo
Greg PoniatowskiHead of Threat and Vulnerability Management

Continue reading

How to put your organization’s cloud security strategy into action

CISOs of Paramount, Aon and Wiz reveal their secrets for creating a future-proof approach to cloud security.

Deloitte and Wiz Announce a Strategic Alliance to Help their Mutual Clients Accelerate Digital Transformation with a Modern Cloud Security Strategy

New alliance to enable organizations to proactively identify, prioritize, remediate, and prevent risks in their cloud.

#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services

A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack