Suspicious activity

Anomaly detection: Permissive role increased access denied responses by reconnaissance activity

Platform(s)

Description

Unlike in the past, the role started executing API calls for listing and describing assets in the cloud account. Due to the execution of the API calls, a large portion was resulted in access denied. The role was identified by Orca as a permissive role, which in case of compromise can put the cloud account at a higher risk. Therefor those findings might indicate on a malicious usage of the role permissions.
Need help?

Get a free Security Risk Assessment. Start today

Orca Security Demo Demo the Orca Platform-> In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.