Post exploring the performance characteristics of Cilium based on extensive benchmarks, and comparing them to Calico.

Post from the Uber team, where they describe a methodology and metric to track the health of the vulnerability management program in your organization.

Tracee, an open source runtime security project designed to trace system and applications at runtime and detect suspicious behavioral patterns, can also be used for CI/CD pipeline security.

Running a Terraform plan on unstrusted code can lead to RCE and credential exfiltration.

How GCP audit logs work, and how to process them in an efficient way to implement cloud threat detection.

Post discussing the basics of Kubernetes security monitoring and how Falco allows to use rules to achieve detection of security issues.

An in-depth guide to mastering admission webhooks in Google Kubernetes Engine (GKE).

How to manage SSL certificates in Kubernetes with Helm and Let's Encrypt.

Doyensec's report for the analysis they conducted on Teleport Cloud.

Lessons learned from a migration of home services from disparate Docker Compose services to GitOps.

Hashicorp Vault plugin that allows for the retrieval, creation, and deletion of items stored in a 1Password vault accessed by use of the 1Password Connect.

Easily sign curl calls to API Gateway with Cognito authorization token.

A helm plugin that shows a diff explaining what a helm upgrade would change.

Kubestr is a collection of tools to discover, validate and evaluate your kubernetes storage options.

Using permissions boundaries and conditions is an effective way to limit access. By letting you set the maximum permissions for a user or role, permissions boundaries can be used for situations like granting someone limited permissions management abilities.

Post discussing the Service Authorization Reference, which is a comprehensive list of all the permissions in AWS, and pointing to the AWS CloudTrail userIdentity element that keeps track of who did what.

AWS announced Incident Manager, a new capability of AWS Systems Manager that helps you prepare and respond efficiently to application and infrastructure incidents.

Network Topology is a visualization tool that shows the topology of your Virtual Private Cloud (VPC) networks and their associated metrics.

Google improved the security of Cloud Run environments with things like support for Secret Manager and Binary Authorization.

Natively mount secrets from Azure KeyVault into your Pods in AKS.

Microsoft announced a bundle of new Azure AD features in Conditional Access and Azure. Admins can gain even more control over access in their organizations and manage a growing number of Conditional Access policies and Azure AD authentication for virtual machines (VMs) deployed in Azure.

Azure refreshed the hunting query experience to help you find undetected threats in your environment more quickly.

Azure Sentinel leverages machine learning technology, Fusion, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill-chain.

The Get-SOCActions Playbook with "SocRA" Watchlist gives SOCs the ability to onboard SOC Actions for their Analysts to follow that snap to the SOC Process Framework Workbook. As they onboard Use-Cases and apply triage steps, this playbook can then be run to add those steps to the Incident for an Analyst to follow to closure.