Some of the world’s largest companies have exposed large amounts of sensitive information from the cloud, researchers said – thanks to misconfigured Kafdrop services.
Kafdrop is the management interface for Apache Kafka, an open-source, cloud-native platform for managing data streams. Kafka has several common use cases; for instance, in the finance sector it’s often used for real-time data processing in order to catch and block fraudulent transactions as they occur. It the internet of things world, it can support “just-in-time” resource allocation for smart-grid applications and the like. Other uses include tracking application activity (user clicks, registrations, time spent on certain pages or features, orders, etc.); and event logging or real-time monitoring.
Source: https://threatpost.com/apache-kafka-cloud-clusters-expose-data/176778/
Trevor Morgan, Product Manager, comforte AG shared the following thoughts:
“One way to help avoid Kafdrop-related messaging and traffic issues is through data-centric security. Outmoded data protection methods that rely on securing perimeters and environments around sensitive data really don’t address these types of problems we’re seeing with Kafdrop when data is in motion. A much better way to ensure data security is to apply protections directly to the data itself, in essence to make that information unreadable as soon as it enters your enterprise data ecosystem. Most people are familiar with one technique, which is classic encryption, although encryption comes with sometimes-complicated key management and does not necessarily preserve data format. That latter point can lead to lengthy and expensive integration with other business applications to account for encrypted fields.
Methods such as tokenization and format-preserving encryption can be much easier to implement within existing business application workflows due to native data format preservation. The goal with tokenization is to obfuscate sensitive enterprise data by replacing readable data elements with innocuous tokens, so even if threat actors get their hands on the data, it is incomprehensible and therefore cannot be leveraged for gain. The main point to remember is that some sort of data-centric protection is necessary when dealing with sensitive data and information in your business environment, especially to guard against potential vulnerabilities introduced by add-on technologies like Kafdrop.”