This week's articles
Announcing the Cloud Native Security White Paper
#announcement, #cncf, #defend
The CNCF Security SIG has just released a new Cloud Native Security Whitepaper to help educate the community about best practices for securing cloud native deployments. The whitepaper intends to provide organizations and their technical leadership with a clear understanding of cloud native security, its incorporation in lifecycle processes, and considerations for determining the most appropriate application thereof. You can also check the accompanying blog post om the K8s blog.
Introducing BloodHound 4.0: The Azure Update
#azure, #attack, #defend
The newest release of BloodHound introduced AzureHound (a new data collector for Azure), 10 new node types, and 14 new edges that cover attack primitives against the new node types.
|
|
Tools
project_lockdown
Collection of automated remediation Cloud Functions that react to high risk events in real time. See also the related blog post.
illuminatio
illuminatio is a tool for automatically testing kubernetes network policies.
|
|
From the cloud providers
Announcing protection groups for AWS Shield Advanced
AWS Shield Advanced now allows you to bundle resources into protection groups, giving you a self-service way to customize the scope of detection and mitigation for your application by treating multiple resources as a single unit.
Introducing Amazon S3 Storage Lens โ Organization-wide Visibility Into Object Storage
The S3 team has built a new feature called Amazon S3 Storage Lens. This is the first cloud storage analytics solution with support for AWS Organizations to give you organization-wide visibility into object storage, with point-in-time metrics and trend lines as well as actionable recommendations. All these things combined will help you discover anomalies, identify cost efficiencies, and apply data protection best practices across accounts.
Introducing Voucher, a service to help secure the container supply chain
Voucher evaluates container images created by CI/CD pipelines and signs those images if they meet certain predefined security criteria. Binary Authorization then validates these signatures at deploy time, ensuring that only explicitly authorized code that meets your organizational policy and compliance requirements can be deployed to production.
New Azure Kubernetes Service (AKS) Security Workbook
Now you can get even more insights about the security of your AKS clusters with the new workbook for Azure Kubernetes Service (AKS) security in Sentinel. The workbook helps you to get a better visibility to your cluster from security perspective.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐ If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|