Release Date: 02/05/2021 | Issue: 85
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Threats in the Cloud During COVID-19
Prisma Cloud by Palo Alto Networks is hosting a LinkedIn Live event on May 4th on the topic of their latest Unit 42 Cloud Threat Report, which centers around the impact of COVID-19 on cloud security. RSVP to the live event to hear how organizations globally increased their cloud workloads by more than 20% during the pandemic, leading to an explosion of security incidents. To learn more about the Unit 42 team’s findings and recommendations, download the report here.

This week's articles


Automating Cartography Deployments on Kubernetes
Open sourcing an automated process to get Neo4J and Cartography up and running in a Kubernetes cluster, using HashiCorp Vault as a secrets management engine.   #kubernetes   #build


What's New in ATT&CK v9? Data Sources, Containers, Cloud, and more
Blog providing details on new data sources, cloud changes, container techniques and more additions to ATT&CK v9.   #kubernetes   #monitor


Falcosidekick + OpenFaas = a Kubernetes Response Engine
Post explaining the basic concepts for integrating your own Response Engine into K8S with the stack Falco + Falcosidekick + OpenFaaS.   #kubernetes   #monitor


Why You Shouldn't Use Config Maps to Store Sensitive Data in K8s
It's recommended to store sensitive data of cloud native applications using a built-in secrets object type rather than Kubernetes Configmaps.   #kubernetes   #build


Terraform Recommended Practices
Guide describing HashiCorp's recommended Terraform practices and how to adopt them.   #terraform   #explain


Docker Security Cheat Sheet
Cheat sheet aiming to provide an easy to use list of common security mistakes and good practices that will help you secure your Docker containers.   #docker   #build


How to monitor AWS SQS with Prometheus
How to monitor AWS SQS with Prometheus, leveraging the data offered by CloudWatch exporting the metrics to Prometheus using the YACE exporter (Yet Another CloudWatch Exporter).   #aws   #monitor


Secure Deployment: 10 Pointers on Secrets Management
Secrets management is an important indicator of security maturity. This blog gives 10 pointers on how to do secrets management well.   #build


Create Reproducible Security in Kubernetes with Helm 3 and Helm Charts
How to use Helm and Helm Charts to create reproducible security in Kubernetes deployments, with a particular emphasis on user management with RBAC, secrets management, and chain of custody and provenance files.   #kubernetes   #defend


Argo's Threat Model
Another excellent threat model exercise conducted by Trail of Bits, this time on ArgoCD.   #kubernetes   #attack

Tools


dockerscan
A tool focused on analysing and attacking Docker images.


k8s-image-swapper
Mirror images into your own registry and swap image references automatically.


kube-bench-exporter
Helps you to export your cluster's kube-bench reports to remote targets like multiple Amazon S3 buckets, Azure blob storage, etc. in one-go with ease.

From the cloud providers


#AWS   Disaster Recovery (DR) Architecture on AWS, Part II: Backup and Restore with Rapid Recovery
Different backup and restore strategies to meet the DR needs for your workload.


#AWS   Hands-on walkthrough of the AWS Network Firewall flexible rules engine
How to deploy a demo AWS Network Firewall within your AWS account to interact, first-hand, with its rules engine.


#GCP   Sign here! Creating a policy contract with Configuration as Data
Configuration as Data is an emerging cloud infrastructure management paradigm that allows developers to declare the desired state of their applications and infrastructure, without specifying the precise actions or steps for how to achieve it. Config Connector is the tool that allows you to express configuration as data in Google Cloud. There is also a sample repo.


#GCP   Build security into Google Cloud deployments with our updated security foundations blueprint
Google launched an updated version of their Google Cloud security foundations guide and corresponding Terraform blueprint scripts, which provide step-by-step guidance for creating a secured landing zone into which you can configure and deploy your Google Cloud workloads.


#GCP   Choose the best way to use and authenticate service accounts on Google Cloud
There are a variety of authentication methods that service accounts can employ, and it's important to use the right one based on your needs.


#GCP   Risk governance of digital transformation: guide for risk, compliance & audit teams
Whitepaper describing what a cloud transformation means for risk, compliance, and audit functions, and how to best position those programs for success in the cloud world.


#GCP   The evolution of Kubernetes networking with the GKE Gateway controller
Google announced the Preview release of the GKE Gateway controller, GCP's implementation of the Gateway API. Over a year in the making, the GKE Gateway controller manages internal and external HTTP/S load balancing for a GKE cluster or a fleet of GKE clusters.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini