Release Date: 10/10/2021 | Issue: 108
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
Sponsor

How to use Defender for Endpoint to investigate ransomware attacks
Defender for Endpoint is one of the best EDR tools on the market. But do you know all of the ways you can optimize it? Find out how Expel's analysts use Defender for Endpoint to quickly identify a compromise and provide detailed remediation recommendations.
Get the webcast on-demand here.

This week's articles


Falco Hands-on Labs   #explain, #falco, #kubernetes
Learn and practice with Falco in your Browser.


Serverless Policy Enforcement: Connecting OPA and AWS Lambda   #aws, #build, #opa
Recent updates to the project aim to better integrate OPA with serverless architectures and other infrastructure with intermittent compute.


Protect Your GitHub Actions with Semgrep   #ci/cd, #defend
What can happen (secrets stolen, repo backdoored), and how to protect yourself with open source Semgrep rules.


Org Policies by default   #build, #defend, #gcp
An opinionated list of common organization policies you should use in Google Cloud.


Azure Security Roadmap   #azure, #defend
What do you do when you're handed a pile of new-to-you Azure accounts to secure?


Scaling Kubernetes Tenant Management with Hierarchical Namespaces Controller   #build, #gcp, #gke
Post explaining details of Mercari's multitenant Kubernetes architecture, and the issues they faced while migrating from on-premise deployments to containers on GCP by using Google Kubernetes Engine (GKE).


Azure Service Authentication and Authorization table   #azure, #explain, #iam
A table for reviewing service authentication and authorization security in Azure, especially cross-service security.


Encryption with Transit Data Keys   #build, #vault
How to use an external, high-entropy data key generated with the HashiCorp Vault Transit secrets engine.


How to Setup Role Based Access (RBAC) to Kubernetes Cluster   #iam, #kubernetes
How to setup role-based access control in Kubernetes, so to restricts access to valuable resources based on the role the user holds.

Tools


rbac-tool
Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query.


damon
A terminal UI (TUI) for HashiCorp Nomad.


cfn-diagram
CLI tool to visualise CloudFormation/SAM/CDK stacks as visjs networks or draw.io diagrams.


cartographer
Cartographer is a Kubernetes native Choreographer. It allows users to configure K8s resources into re-usable Supply Chains that can be used to define all of the stages that an Application Workload must go through to get to an environment.

CloudSecDocs


Inherited AWS Account
A summary of So You Inherited an AWS Account: Many engineers have found themselves in the unenviable position of being handed the keys to an AWS environment with absolutely no explanation of its contents, documentation, or training.


From the cloud providers


AWS Icon  Security features of Bottlerocket, an open source Linux-based operating system
Bottlerocket is an open source Linux-based operating system from Amazon that was purpose built for running containers with a strong emphasis on security. The result is an operating system that comes with a variety of built-in controls for creating a secure environment for running containerized workloads.


AWS Icon  AWS Backup Audit Manager adds compliance reports
AWS Backup Audit Manager now allows you to generate reports to track the compliance of your defined data protection policies in AWS Backup.


AWS Icon  AWS Firewall Manager now supports centralized logging of AWS Network Firewall logs
AWS Firewall Manager now enables you to configure logging for your AWS Network Firewalls provisioned using a Firewall Manager policy.


AWS Icon  Introducing the Ransomware Risk Management on AWS Whitepaper
AWS recently released the Ransomware Risk Management on AWS Using the NIST Cyber Security Framework (CSF) whitepaper. This whitepaper aligns the National Institute of Standards and Technology (NIST) recommendations for security controls that are related to ransomware risk management, for workloads built on AWS.


AWS Icon  How to set up a two-way integration between AWS Security Hub and Jira Service Management
If you use both AWS Security Hub and Jira Service Management, you can use the new AWS Service Management Connector for Jira Service Management to create an automated, bidirectional integration between these two products that keeps your Security Hub findings and Jira issues in sync.


GCP Icon  Built-in transparency, automation, and interoperability for Cloud KMS
New features bring increased transparency, improved interoperability, and greater automation to Google Cloud KMS.


GCP Icon  Protect your apps from bots with Cloud Armor and reCAPTCHA Enterprise
Google announced the public preview of Cloud Armor bot management with reCAPTCHA Enterprise. This new set of capabilities is centered around a new deep integration between reCAPTCHA Enterprise and Cloud Armor.


GCP Icon  Better Kubernetes application monitoring with GKE workload metrics
Google announced a new capability that makes it easier than ever to monitor your Google Kubernetes Engine (GKE) deployments: GKE workload metrics.


GCP Icon  New data sovereignty controls for EU customers
New sovereign controls can help Cloud customers in the EU meet digital sovereignty requirements.


Azure Icon  The Azure Sentinel Anomalies Simulator
Microsoft announced the "Unusual Mass Downgrade AIP Label" anomaly simulator, the first in a series of simulators for Azure Sentinel Anomalies.


Azure Icon  Advancing reliability through a resilient cloud supply chain
How Microsoft is handling supply chain disruptions.


Azure Icon  Streamline your DDoS management with new Azure Firewall Manager capabilities
Azure DDoS Protection Standard provides enhanced DDoS mitigation features to defend against DDoS attacks. It is automatically tuned to protect all public IP addresses in virtual networks.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.