Hi there,
Misconfigurations are the bane of the cloud. In a local intranet, they may go unnoticed. But the cloud is less forgiving.
For example, Salt Labs recently published a report on a search injection attack. Essentially a client manipulates a search query and scrapes all data out of an Elasticsearch service. But what really caught our attention was when they said they found the same mistakes at “almost every organization using the Elastic Stack.”
And that's just scratching the surface. Remember when the "no-fly" and "terror watch lists" were accidentally exposed to the Internet in August? That was due to a misconfiguration that unintentionally exposed an Elasticsearch instance to the world. It also lacked a password.
Search services are an important part of modern applications. But what happens when someone gains access to a search instance via injection attack, misconfiguration, or network breach? Usually, the answer is a disaster. But that need not be the case.
Please join us on November 4th for our webinar on ways to add layered security to your Elasticsearch and OpenSearch clusters using application-layer encryption and encrypted search.
.png?upscale=true&width=1200&upscale=true&name=Copy%20of%20Cloaked%20Search%20Webinar%20(1).png)
