Release Date: 16/05/2021 | Issue: 87
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The buyer's guide to next gen CSPM
With a significant increase in reliance on cloud and a shift to Infrastructure as Code (IaC), it's easy to see why existing CSPM solutions must evolve to keep pace. Download this report to be able to programmatically detect and resolve misconfigurations in IaC during development, as well as monitor infrastructure configurations in runtime and assess risk from configuration changes.

This week's articles


CNI Benchmark: Understanding Cilium Network Performance
Post exploring the performance characteristics of Cilium based on extensive benchmarks, and comparing them to Calico.   #kubernetes   #monitor


Business-friendly vulnerability management metrics
Post from the Uber team, where they describe a methodology and metric to track the health of the vulnerability management program in your organization.   #build


Detecting Malicious Activity in CI/CD Pipeline with Tracee
Tracee, an open source runtime security project designed to trace system and applications at runtime and detect suspicious behavioral patterns, can also be used for CI/CD pipeline security.   #ci/cd   #defend


Terraform Plan RCE
Running a Terraform plan on unstrusted code can lead to RCE and credential exfiltration.   #terraform   #attack


Detect suspicious activity in GCP using audit logs
How GCP audit logs work, and how to process them in an efficient way to implement cloud threat detection.   #gcp   #monitor


An Introduction to Kubernetes Security using Falco
Post discussing the basics of Kubernetes security monitoring and how Falco allows to use rules to achieve detection of security issues.   #kubernetes   #monitor


How to Master Admission Webhooks In Kubernetes
An in-depth guide to mastering admission webhooks in Google Kubernetes Engine (GKE).   #kubernetes   #gcp   #explain


Kubernetes and SSL Certificate Management
How to manage SSL certificates in Kubernetes with Helm and Let's Encrypt.   #kubernetes   #build


Security Audit Results for Teleport Cloud for 2021
Doyensec's report for the analysis they conducted on Teleport Cloud.   #saas   #attack


Mistakes made and lessons learned with Kubernetes and GitOps
Lessons learned from a migration of home services from disparate Docker Compose services to GitOps.   #kubernetes   #build

Tools


vault-plugin-secrets-onepassword
Hashicorp Vault plugin that allows for the retrieval, creation, and deletion of items stored in a 1Password vault accessed by use of the 1Password Connect.


cognitocurl
Easily sign curl calls to API Gateway with Cognito authorization token.


helm-diff
A helm plugin that shows a diff explaining what a helm upgrade would change.


kubestr
Kubestr is a collection of tools to discover, validate and evaluate your kubernetes storage options.

From the cloud providers


#AWS   Top Recommendations for Working with IAM from Our AWS Heroes - Part 3: Permissions Boundaries and Conditions
Using permissions boundaries and conditions is an effective way to limit access. By letting you set the maximum permissions for a user or role, permissions boundaries can be used for situations like granting someone limited permissions management abilities.


#AWS   Top Recommendations for Working with IAM from Our AWS Heroes - Part 4: Available Permissions and User Identity
Post discussing the Service Authorization Reference, which is a comprehensive list of all the permissions in AWS, and pointing to the AWS CloudTrail userIdentity element that keeps track of who did what.


#AWS   Resolve IT Incidents Faster with Incident Manager, a New Capability of AWS Systems Manager
AWS announced Incident Manager, a new capability of AWS Systems Manager that helps you prepare and respond efficiently to application and infrastructure incidents.


#GCP   Network Intelligence Center's Network Topology is now GA
Network Topology is a visualization tool that shows the topology of your Virtual Private Cloud (VPC) networks and their associated metrics.


#GCP   4 new features to secure your Cloud Run services
Google improved the security of Cloud Run environments with things like support for Secret Manager and Binary Authorization.


#AZURE   Use the Secrets Store CSI driver for Azure Kubernetes Service secrets
Natively mount secrets from Azure KeyVault into your Pods in AKS.


#AZURE   New Azure AD Capabilities for Conditional Access and Azure VMs at RSA 2021
Microsoft announced a bundle of new Azure AD features in Conditional Access and Azure. Admins can gain even more control over access in their organizations and manage a growing number of Conditional Access policies and Azure AD authentication for virtual machines (VMs) deployed in Azure.


#AZURE   What's new: Hunting dashboard refresh
Azure refreshed the hunting query experience to help you find undetected threats in your environment more quickly.


#AZURE   What's New: Fusion Advanced Multistage Attack Detection Scenarios with Scheduled Analytics Rules
Azure Sentinel leverages machine learning technology, Fusion, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill-chain.


#AZURE   What's New: Azure Sentinel - SOC Process Framework Workbook
The Get-SOCActions Playbook with "SocRA" Watchlist gives SOCs the ability to onboard SOC Actions for their Analysts to follow that snap to the SOC Process Framework Workbook. As they onboard Use-Cases and apply triage steps, this playbook can then be run to add those steps to the Incident for an Analyst to follow to closure.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini