The project steampipe uses a fast programing language and an intelligent caching approach outrunning prowler speed tenfold. While I tried to workaround prowlers limits I learned a lot about optimizing.
There is a conflict between developer freedom and the requirements of security teams. In this post we’ll look at one approach to address this tension: permission boundaries. They’re an often overlooked part of IAM, but provide a valuable addition to our security toolkit.
Over the last years, demands and expectations on data security have increased dramatically. The main drivers are local data privacy regulations like the EU-GDPR, which imply awareness of sensitive data and an overview of potential risks. Amazon has offered its service Macie in 2017, added new capabilities lately, and is doing a great job with data on S3. But how do you include your EFS/FSx file shares and RDS databases to eliminate blind spots? Meet NetApp Cloud DataSense.
Viele Unternehmen und insbesondere solche in der Finanzbranche stellen sich die Frage, ob sie ihre IT oder Teile dieser überhaupt in die Cloud migrieren dürfen. Ja, die Cloud skaliert gut, sie schafft bessere Verfügbarkeit lokal wie global, sie fördert Agilität, erleichtert den Zugang zu neuen Technologien und kann in vielen Fällen auch Sicherheitsvorteile schaffen. Aber wie die rechtliche Situation bei einer Auslagerung an Public Cloud-Anbieter aussieht, steht nochmal auf einem anderen Blatt Papier.
In this post, we will set it all up for easy working in Visual Studio Code. Let’s start!
While Infrastructure-as-Code slowly becomes omnipresent, many of the communicated advantages of the approach stay mostly unrealized. Sure, code style checks (linting) and even automated documentation get more common every month. But one of the cornerstones often gets ignore: testing. Let’s see which types of code testing are available and how to do it without writing too much code. The promise of the Infrastructure-as-Code (short: IaC) movement is to handle infrastructure just as if it was a program.
Recently, I blogged about a security incident where CloudTrail was not set up to log S3 data events. But while this is the most common type of data events, there are some more. And one of them has really scary implications. But good news: you can protect yourself about that.
In today’s post, I will talk about a hacking investigation I recently took part in. We will look into what went wrong, what the attackers did, and how we can improve detection and prevention to manage such incidents better.
