T0124 - Unencrypted data at rest
Encryption at rest is a critical security control in cloud computing that involves encrypting data when it is stored on different cloud storage entities.
This type of encryption is designed to protect data from unauthorized access.
In cloud environments, encryption at rest is typically implemented using encryption keys that are managed by the cloud provider or by the customer.
The cloud provider may provide encryption services as part of their cloud offering, or customers may choose to use their own encryption tools or services to encrypt their data before storing it in the cloud.
The risks of not having encryption at rest in a cloud environment can lead to data theft, data loss, regulatory non-compliance, reputation damage, and legal liability.
It is important for organizations to implement encryption at rest to protect their sensitive data and comply with regulatory requirements.
ID: T0124
Type:
Technique
Tactic:
Collection
Summary:
Unencrypted data at rest
State:
draft
Mitigations
id
type
summary
description
M1240
Mitigation
Enable data encryption at rest
Encryption at rest is essential for preventing data breaches, complying with data privacy regulations, and protecting sensitive data.
Organizations must identify which data needs encryption, select appropriate encryption algorithms and key management strategies, and regularly audit and assess their encryption at rest implementation.
Check your cloud provider documentation for more details on how to enable data encryption at rest.
M1241
Mitigation
Use strong encryption algorithms
Implementing strong encryption algorithms with appropriate key lengths and security parameters can significantly increase the resilience of encryption at rest mechanisms.
Organizations should use industry-standard encryption algorithms that are widely recognized and reviewed by the security community.
For example, AES, ECC, RSA.
Detections
id
type
summary
description
D1260
Detection
Implement regular security audit and review
Conduct regular security audits and vulnerability assessments of your systems and storages configurations to identify and address any potential misconfigurations or vulnerabilities that could lead to exposed storage.
This includes reviewing access controls, encryption settings, and other security configurations to ensure they are aligned with best practices and organizational security policies.
D1261
Detection
Implement penetration testing
Penetration testing, also known as ethical hacking or vulnerability assessment, is a proactive approach to mitigating cybersecurity risks.
It involves simulating real-world cyber attacks on a system, network, or application in a controlled and authorized manner to identify vulnerabilities and weaknesses that could be exploited by malicious actors.
D1262
Detection
Implement vulnerability assesment
Vulnerability assessment is a proactive approach to mitigating cybersecurity risks by systematically identifying, evaluating, and prioritizing vulnerabilities in a system, network, or application.
It involves conducting regular assessments to identify potential weaknesses that could be exploited by attackers, and taking appropriate actions to remediate or mitigate those vulnerabilities.
D1510
Detection
Implement Intrusion Detection System and anti-malware
An intrusion detection system (IDS) is a security tool designed to detect and alert on unauthorized access to a computer system or network.
Implementing intrusion detection systems (IDS) and anti-malware software can help to identify and block malicious activity.
IDS is a critical security tool that helps organizations to detect and respond to security incidents in a timely manner.
By providing real-time monitoring and analysis of network traffic, IDS can help organizations to stay ahead of potential threats and reduce the risk of a security breach.