AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Filter by Custom Post Type
Posts

Lessons from 2021: Painful Misconfigurations

by

Tsippi Dach explores some notable breaches caused by misconfigurations and how organizations can avoid becoming the next big headline 

 

In the past year, we witnessed anything from security breaches to complete cutoff of the most used social applications due to preventable misconfigurations. Before going into the details of these incidents, let’s see why such misconfigurations occur. 

When organizations push out new applications and application updates at top speed, it’s no surprise that the security teams struggle. One small unforeseen error could cause downtime or reveal a vulnerability that could easily be exploited.  

Configuring a network can be a hugely complicated task and issues often arise due to poor judgement or simply from not being able to see what’s happening across the entire infrastructure. In the best-case scenario, you find these issues before they lead to a serious crisis. But in the worst-case scenario, you might end up having to deal with a crippling security breach and reputational damage. We’ve seen dozens of examples over the last 12 months alone, here are some highlights: 

Large scale data breach for streaming platform Twitch 

The live-streaming platform Twitch confirmed that it was the victim of a large-scale data breach. The breach exposed its source code as well as other confidential data. In the aftermath, Twitch attributed the cause of the breach to on an error in a server configuration change. They said that the error was “subsequently accessed by a malicious third party.”  

Fastly configuration error turns off internet 

In June 2021, large areas of the internet went down with the 503: Service Unavailable error message after Fastly, a US-based content distribution network (CDN), suffered a configuration issue. Downed for almost an hour long, sites like Amazon and eBay became inaccessible, costing these companies millions of dollars’ worth of revenue.  

Facebook disappears from the internet 

Facebook, WhatsApp, Instagram, and any services using Facebook services were unavailable for six hours in October due to a configuration change that disconnected the applications from the internet. As the story developed, it became apparent that the incident was caused by a configuration issue within Facebook’s BGP (Border Gateway Protocol), one of the systems that the internet uses to get your traffic where it needs to go as quickly as possible. You can read more about our analysis of the outage here. 

How can configuration errors be mitigated? 

In large organizations, the number of applications and cloud accounts could be in their thousands. This is quite a challenge for IT teams that are responsible for the ongoing security of the network. With such a complex hybrid network environment, managing network security can not only become a tedious task but also risky, one that could be difficult to execute unless automated. 

Enterprise-wide automation of application connectivity flows and security policies is proven to enhance business agility without introducing any element of risk, vulnerability, or compliance caused by manual, ad-hoc processes.  

You can find out more about it in this blog. We’re here to help you secure your applications and the network. Get your personal demo to learn more. 

Subscribe to Blog

Receive notifications of new posts by email.