Release Date: 16/05/2021 | Issue: 87
The Cloud Security Reading List is a low volume newsletter (delivered once per week) that highlights security-related news focused on the cloud native landscape, hand curated by Marco Lancini.
Sponsor

The buyer's guide to next gen CSPM
With a significant increase in reliance on cloud and a shift to Infrastructure as Code (IaC), it's easy to see why existing CSPM solutions must evolve to keep pace. Download this report to be able to programmatically detect and resolve misconfigurations in IaC during development, as well as monitor infrastructure configurations in runtime and assess risk from configuration changes.

This week's articles


CNI Benchmark: Understanding Cilium Network Performance
#kubernetes, #monitor
Post exploring the performance characteristics of Cilium based on extensive benchmarks, and comparing them to Calico.


Business-friendly vulnerability management metrics
#build
Post from the Uber team, where they describe a methodology and metric to track the health of the vulnerability management program in your organization.


Detecting Malicious Activity in CI/CD Pipeline with Tracee
#ci/cd, #defend
Tracee, an open source runtime security project designed to trace system and applications at runtime and detect suspicious behavioral patterns, can also be used for CI/CD pipeline security.


Terraform Plan RCE
#terraform, #attack
Running a Terraform plan on unstrusted code can lead to RCE and credential exfiltration.


Detect suspicious activity in GCP using audit logs
#gcp, #monitor
How GCP audit logs work, and how to process them in an efficient way to implement cloud threat detection.


An Introduction to Kubernetes Security using Falco
#kubernetes, #monitor
Post discussing the basics of Kubernetes security monitoring and how Falco allows to use rules to achieve detection of security issues.


How to Master Admission Webhooks In Kubernetes
#kubernetes, #gcp, #explain
An in-depth guide to mastering admission webhooks in Google Kubernetes Engine (GKE).


Kubernetes and SSL Certificate Management
#kubernetes, #build
How to manage SSL certificates in Kubernetes with Helm and Let's Encrypt.


Security Audit Results for Teleport Cloud for 2021
#saas, #attack
Doyensec's report for the analysis they conducted on Teleport Cloud.


Mistakes made and lessons learned with Kubernetes and GitOps
#kubernetes, #build
Lessons learned from a migration of home services from disparate Docker Compose services to GitOps.

Tools


vault-plugin-secrets-onepassword
Hashicorp Vault plugin that allows for the retrieval, creation, and deletion of items stored in a 1Password vault accessed by use of the 1Password Connect.


cognitocurl
Easily sign curl calls to API Gateway with Cognito authorization token.


helm-diff
A helm plugin that shows a diff explaining what a helm upgrade would change.


kubestr
Kubestr is a collection of tools to discover, validate and evaluate your kubernetes storage options.

From the cloud providers


AWS Icon  Top Recommendations for Working with IAM from Our AWS Heroes - Part 3: Permissions Boundaries and Conditions
Using permissions boundaries and conditions is an effective way to limit access. By letting you set the maximum permissions for a user or role, permissions boundaries can be used for situations like granting someone limited permissions management abilities.


AWS Icon  Top Recommendations for Working with IAM from Our AWS Heroes - Part 4: Available Permissions and User Identity
Post discussing the Service Authorization Reference, which is a comprehensive list of all the permissions in AWS, and pointing to the AWS CloudTrail userIdentity element that keeps track of who did what.


AWS Icon  Resolve IT Incidents Faster with Incident Manager, a New Capability of AWS Systems Manager
AWS announced Incident Manager, a new capability of AWS Systems Manager that helps you prepare and respond efficiently to application and infrastructure incidents.


GCP Icon  Network Intelligence Center's Network Topology is now GA
Network Topology is a visualization tool that shows the topology of your Virtual Private Cloud (VPC) networks and their associated metrics.


GCP Icon  4 new features to secure your Cloud Run services
Google improved the security of Cloud Run environments with things like support for Secret Manager and Binary Authorization.


Azure Icon  Use the Secrets Store CSI driver for Azure Kubernetes Service secrets
Natively mount secrets from Azure KeyVault into your Pods in AKS.


Azure Icon  New Azure AD Capabilities for Conditional Access and Azure VMs at RSA 2021
Microsoft announced a bundle of new Azure AD features in Conditional Access and Azure. Admins can gain even more control over access in their organizations and manage a growing number of Conditional Access policies and Azure AD authentication for virtual machines (VMs) deployed in Azure.


Azure Icon  What's new: Hunting dashboard refresh
Azure refreshed the hunting query experience to help you find undetected threats in your environment more quickly.


Azure Icon  What's New: Fusion Advanced Multistage Attack Detection Scenarios with Scheduled Analytics Rules
Azure Sentinel leverages machine learning technology, Fusion, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill-chain.


Azure Icon  What's New: Azure Sentinel - SOC Process Framework Workbook
The Get-SOCActions Playbook with "SocRA" Watchlist gives SOCs the ability to onboard SOC Actions for their Analysts to follow that snap to the SOC Process Framework Workbook. As they onboard Use-Cases and apply triage steps, this playbook can then be run to add those steps to the Incident for an Analyst to follow to closure.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you'd forward it to them πŸ™

If you have questions, comments, or feedback, just reply to this email orΒ let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser Β© 2019-present
The Cloud Security Reading List by SecurityBite LTD.