The Cloud Native Security map builds on top of the Cloud Native Security Whitepaper by TAG-Security, by providing an additional practitioner's perspective as well as an interactive mode of consumption, to facilitate the exploration of Cloud Native Security concepts and how they are used.

Not all 24x7 SOCs are created equal. In this post, the Expel team outlines four possible security operations centers and an estimate of their cost.

How to authenticate data center applications to AWS using automated SPIFFE credentials.

How your faith in "ReadOnly" access will betray you and leave you with trust issues.

Post focusing on some inconsistencies in the Trust Policy access model, which in consequence can be used for privilege escalation.

A report outlining a detailed threat analysis for the Kubernetes control plane. No severe vulnerabilities were discovered, but this blog post highlights a few important insights to consider. You can also refer to the companion repo.

An interesting way of abusing the AWS KMS for data exfiltration in restricted VPCs.

How to obtain sensitive information as an user with the Reader role, and how to identify/abuse API Connection hijack scenarios as a Contributor in Azure Logic Apps.

Researchers were able to gain complete unrestricted access to the accounts and databases of several thousand Microsoft Azure customers. Also refer to the companion blog post to learn how to protect your environment from ChaosDB.

Best and worst practices for using HashiCorp Vault's AppRole authentication method.

A site dedicated to explain AWS offerings in the observability space and provide you with hands-on recipes on how to use them.

End-to-end modular samples for Terraform on GCP.

Making botocore.exceptions.ClientError easier to deal with.

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

Gatekeeper v3.6.0 has been released.

AWS Security Analytics Bootstrap enables to perform security investigations on AWS service logs by providing an Amazon Athena analysis environment that's quick to deploy, ready to use, and easy to maintain.

Top five things that AWS customers can do to help protect and recover their resources from ransomware: Set up the ability to recover your apps and data, Encrypt your data, Apply critical patches, Follow a security standard, Make sure you're monitoring and automating responses.

AWS is introducing additional context in the access denied error messages, by adding information about the IAM policy type that's responsible for the denied access.

AWS CloudFormation users can now choose to preserve the state of successfully deployed resources in the event of CloudFormation stack operation errors. Using this feature, you can retry the operation using an updated CloudFormation template and quickly iterate through feedback loops, shortening development cycles.

How to use AWS Systems Manager Change Manager to control access to EC2 instance interactive shell sessions, to enforce separation of duties.

AWS Firewall Manager now enables security administrators to specify which web requests to log and which requests to exclude from logs when using AWS WAF to inspect web traffic.

It is now possible to analyze traffic flowing from one subnet to another inside your VPC, also known as east-west traffic.

Google Cloud CISO Phil Venables shares his thoughts on JCDC, Whitehouse Cybersecurity Summit, and other cloud security developments.

Announcing new features to further extend the security already provided by App Engine: Egress Controls for Serverless VPC Access and User-managed service accounts.

Google Cloud's new SRE website, a one-stop shop with customer stories, videos, products and a white paper showcasing how Google Cloud can help your team along the SRE journey.

The Cloud Foundation Toolkit allows you to get up and running in Google Cloud fast with best practice Infrastructure as Code (IaC) templates.

Microsoft announced the private preview of DoD Cloud Infrastructure as Code (IaC) for Azure - a set of preauthorized baselines that build standard environments in Azure Government to accelerate DoD adoption of cloud services.

This ingestion cost spike alert logic app is based on the principle of anomaly detection and as such utilizes the built-in KQL function series_decompose_anomalies(). It compares the baseline/expected level of ingestion over a period of time and then uses that historical pattern to determine whether to alert on a sudden increase of billable data into the workspace.

Post introducing a series covering the Notebooks feature of Azure Sentinel.