ImmuniWeb launches a free cloud security test

Provided as a part of the ImmuniWeb Community Edition, the online test rapidly detects unprotected cloud storage in AWS, Azure, GCP and 16 other public cloud service providers.

The ImmuniWeb Community Edition is a set of free online tools to verify application security, privacy and compliance, detect phishing, domain squatting and Dark Web exposure. The new free cloud security test enables cybersecurity and IT professionals to identify their organizations unprotected cloud storage in a simple and swift manner to prevent data leaks and security incidents.

Unprotected cloud storage disaster

Under a narrow set of circumstances, cloud storage, for example, AWS S3 buckets, may require public access to provide external users with public data such as images or videos. In reality, misconfigured and unprotected cloud storage is one of the most widespread causes of disastrous data leaks and breaches in a cloud environment.

The situation is exacerbated by the swift proliferation of small cloud providers that offer their own cloud storage services that have insecure settings by default. Given that countless organizations are migrating into a cloud without investing inadequate security training of their technical teams, they are sitting on a powder keg ready to explode.

Modern cloud storage services share similar weaknesses stemming from incorrect usage of access policies, excessive IAM permissions or even completely missing authorization mechanisms. Shadow cloud accounts or unknown cloud assets make the situation even more complex in a multi-cloud environment. Eventually, petabytes of confidential data are regularly found by security researchers and Black Hats in the wild, keeping CISOs and DPOs awake at night. Unsurprisingly, the IDC cloud security survey of 2021 reveals that 98% of companies experienced a cloud data breach within the past 18 months.

The new online test by ImmuniWeb aims to solve these challenges by providing cybersecurity and DevOps teams with a simple way to detect unprotected cloud storage, detect IAM misconfigurations, discover shadow cloud accounts and prevent cloud-related data leaks and breaches. To launch a test, just enter a URL of the main website of your company.

The free test shows you cloud storage that belongs or is attributable to your company. It also sheds light on other misconfigurations, such as missing SSL/TLS encryption.

The free test detects cloud storage from 19 cloud service providers, including AWS, Azure and GCP. You can see in the results the region or country where cloud data is stored for the purpose of compliance with GDPR or other national privacy laws and regulations.

The technology behind the test leverages OSINT, big data and smart prediction technology based on Machine Learning to discover unprotected cloud buckets belonging to your company. To prevent using its new tool for potentially malicious purposes, free registration and account validation are required to gather the URLs of your exposed cloud buckets. The tool is also equipped with a free API available after registration for DevOps and cybersecurity teams.

With ImmuniWeb’s cloud security test you don’t need to enter your cloud credentials, contrasted to most open-sourced or commercial cloud monitoring tools that require IAM credentials to enumerate your cloud assets and instances. Another feature is coverage of medium-sized cloud service providers, such as Oracle Cloud or IBM Cloud. Moreover, many regional players like SberCloud from Russia or Chinese Alibaba Cloud are also on the radar, helping organizations to detect regional cloud presence or shadow cloud accounts.

Ilia Kolochenko, Chief Architect & CEO at ImmuniWeb said: “Cloud providers, such as AWS, have a full spectrum of powerful tools and services that can instantly detect and automatically remediate misconfigurations in their cloud environments. Unfortunately, many organizations of all sizes struggle to properly implement Cloud Security Posture Management (CSPM) due to complexity or lack of technical skills.

Most of the existing commercial solutions and open-source tools also require a cloud IAM account to enumerate and then assess security of your cloud assets. Our flagship ImmuniWeb Discovery does not require your cloud credentials and leverages our proprietary discovery techniques to enumerate your cloud attack surface.

Today, to provide small businesses, universities and colleges, and municipal governments with a possibility to quickly detect their unprotected cloud storage, we are excited to enhance our free Community Edition with the new cloud security test. We will soon implement such features as free continuous monitoring and API to further simplify its usage and integration into existing CSPM and incident response processes. More exciting announcements are coming soon, please stay tuned.”

In order to get a comprehensive snapshot of your multi-cloud attack surface enhanced with a history of previous security incidents discoverable on the Dark Web, you may try ImmuniWeb Discovery that detects the full spectrum of publicly accessible cloud instances, APIs and services in over 50 public cloud environments.

Cloud security challenges surge in 2021

The Verizon Data Breach Investigations Report (DBIR) 2021 says that the number of cloud security breaches has surpassed the number of data breaches involving on-premise assets for the first time in Internet history.

In the meanwhile, organizations of all sizes rapidly migrate to a cloud environment. Gartner’s most recent cloud forecast says that public cloud services will grow 26.2% in 2021. Gartner also predicts that in 2025, over 99% of cloud breaches will be attributable to preventable misconfigurations or other mistakes made by cloud users, such as excessive permissions, weak API authentication, or publicly exposed cloud instances, storage or other resources with sensitive data.

Forrester likewise predicts growing challenges for compliance in a cloud environment, citing a critical vulnerability in Microsoft Azure’s Cosmos DB disclosed in August 2021 that is, however, not attributable to users’ negligence or misconfiguration.

 

To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio

Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

IDIS

IDIS launches Edge AI Plus Camera Range

IDIS’s new Edge AI Plus Camera range gives users more flexible, affordable options to upgrade their video systems with advanced AI…
OneLink

Product Spotlight – Gallagher’s OneLink

Gallagher Security presents, OneLink – the product that is elevating remote security through the power of the cloud 
Pinaccle systems

Pinnacle Systems further supports Installers and System Integrators

Pinnacle Systems has launched the Pinnacle Partner Programme, a new initiative designed to provide enhanced support for installers…
Stephen Tickle

Comelit-PAC Appoints Stephen Tickle as Regional Sales Manager

Comelit-PAC has appointed Stephen Tickle as its new Regional Sales Manager.  Stephen will focus on supporting PAC’s access control…
Intersec Saudi

Intersec Saudi Arabia returns with record exhibition space

Intersec Saudi Arabia, the premier industry platform for security, safety and fire protection, will return to the Riyadh…
Abloy UK

Abloy Academy breaks attendance records

Abloy UK has achieved record breaking attendance at its Academy, with more professionals than ever attending its…
Hikvision

Hikvision Introduces X-ray Baggage Inspection System

Hikvision India has recently introduced X-ray Baggage Inspection System with AI- enabled Intelligent Recognition Capabilities…
GBV

IFPO Column: The Quiet Signals of Danger

Yoyo Hamblen of IFPO and Gary Simpson, Nonverbal and Behavioural specialist discuss the important topic of Gender-Based Violence..
Doorbird Carousel

Product Spotlight – Door Communication for the “Neue Wallufer”

 A customised solution case study for a residential complex is presented by DoorBird and CompuNet Systems GmbH 
suprema

Suprema Achieves EN 60839 Certification

Suprema, a global provider of AI-powered access control and security solutions, has achieved EN 60839-11-1:2013 Grade 3 certification
Scroll to Top