It was the early hours of the morning when Tracy Kelpman, the lead engineer at her organization, got the call.
There had been a security incident, and Kelpman was the only one who could fix it.
She quickly logged into the AWS console and began investigating. It quickly became clear that someone had gained unauthorized access to one of her organization's Amazon S3 buckets and had downloaded a large amount of data.
Kelpman knew that she needed to find out how the attacker had gained access to the bucket in the first place. She also needed to determine what data had been accessed and downloaded.
She used ThreatKey to perform a root cause analysis of the incident. ThreatKey is a powerful tool that allows security professionals to quickly and easily identify the root cause of security incidents.
Through ThreatKey, Kelpman was able to determine that the attacker had gained access to the S3 bucket through a misconfigured access control list (ACL). The ACL had been mistakenly set to allow public read access to the bucket, which meant that anyone could have accessed and downloaded the data.
ThreatKey also showed Kelpman that the data that had been accessed and downloaded included sensitive customer information.