CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
JupiterOne: Know What You’re Defending Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more. It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.” Start your free account today
APE takes all of your AWS IAM policies attached to a User, Group, or Role object, and presents you with a single policy, summarizing all of their actual permissions. You can also refer to the companion blog post.
Lambda Looter will take a list of profiles and scan through them and download the code you have access to and then process that code for secrets outputting any potential secrets to a loot directory.
The Cloud Security Workflow Handbook The Wiz research team surveyed security orgs at hyper-scaling enterprises to uncover how they’re adapting in 2023+. They packed their best-practices, frameworks, and templates into this playbook including:
A breakdown of the three pillars of the modern cloud security operating model best-in-class orgs are moving to.
A 4-step roadmap used by the fastest-growing companies to adapt to the new threat landscape.
Plus: Goals and KPI templates for your team to track based on maturity stage presented in a convenient cheat sheet.
Watch for update notifications and have a strategy to apply the latest security patches, Get deeper visibility and management capabilities, Check for end of support versions and prepare to modernize, Utilize cloud-native services for enhanced security and compliance anywhere.