This week's articles
An Opinionated Guide to Scaling Your Company's Security
This is an absolute must-read from Clint Gibler (@clintgibler), in which he tries to distill the best insights from a vast number of talks, blog posts, and conversations he had with security teams at a variety of companies. Things companies have found that systematically, scalably, raise their security bar. Not one-off wins.
Kubernetes Security monitoring at scale with Sysdig Falco
This post describes how Skyscanner decided to adopt Falco to detect malicious activity in their Kubernetes clusters. Main factors while evaluating different solutions were the ability to scale as much as their most demanding services, and the option of having an automated way of mapping and contacting the owners of the affected services if anything were to happen.
Open-Sourcing riskquant, a library for quantifying risk
Netflix open sourced riskquant
, a library for quantifying risk and helping teams dig deeper into areas like loss scenarios and risk tolerance. Riskquant takes a list of loss scenarios, each with estimates of frequency, low loss magnitude, and high loss magnitude, and calculates and ranks the annualized loss for all scenarios.
Dufflebag: Uncovering Secrets in Exposed EBS Volumes
Did you know that Elastic Block Store (Amazon EBS) has a "public" mode that makes your virtual hard disk available to anyone on the internet? Apparently, hundreds of thousands of others didn't either, because they're out there exposing secrets for everyone to see. To help identify these exposed EBS volumes and allow individuals and businesses to secure their secrets, the Bishop Fox team developed Dufflebag
, an open source tool which searches exposed EBS volumes for secrets.
Contrasting Transparent Logs And The Update Framework
Both Transparent Logs and The Update Framework were designed to protect end-users from a compromise of package repositories, but ultimately reflect different assumptions about how security should be managed. Transparent Logs are better at providing an immutable history of packages, which lends itself to third-party auditing. The Update Framework is better at providing a higher degree of compromise resilience, as well as built-in procedures for recovering from a compromise. One can obtain the best of both worlds by combining both systems.
Defense and Detection for Attacks Within Azure
This article gives an overview of the native Activity Log service functionality within Azure and provides insights into how to detect many TTPs, as well as suggestions on how to acquire more details out of the Activity Log service.
Kubeform provides auto-generated Kubernetes CRDs for Terraform resources and modules so that you can manage any cloud infrastructure in a Kubernetes native way. You write a CRD for a cloud infrastructure, apply it and Kubeform will create it for you.