InfoQ Homepage Cloud Security Content on InfoQ
-
Google Cloud Spanner Introduces Free Trial Instances and Fine-Grained Access Control
Google Cloud recently announced different improvements to their managed databases. The cloud provider introduced free trial instances and fine-grained access control for Spanner to let developers try the managed service and configure access to data at the table and column level.
-
Production Identity Framework SPIRE Graduates from CNCF
The Cloud Native Computing Foundation has announced the graduation of SPIFFE and SPIRE. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE API that is production ready. Recent improvements to the project include adding experimental Windows support.
-
Open-Source Constellation K8 Engine Aims to Bring Confidential Computing to Kubernetes
Constellation is a Kubernetes engine that shields Kubernetes clusters from the rest of the cloud infrastructure using confidential computing and confidential VMs. This creates a confidential context that ensures data is always encrypted, both at rest and in memory.
-
Open-Source Threat Detection Tool Falco Adds Support for Google gVisor
The latest version of Falco introduces support for gVisor, Google's application kernel providing an additional isolation layer between applications and the host OS. Using Falco 0.32.1 users can monitor security events from gVisor to detect threats and audit containers.
-
GCP Announces MITRE ATT&CK Mappings to Implement Security Controls
Google Cloud Platform (GCP) recently announced the MITRE ATT&CK Mappings to improve security controls across the Google Cloud workloads. MITRE ATT&CK framework is a globally-accessible knowledge base of adversary tactics & techniques based on real-world observations. The mappings will empower Google Cloud users to assess the GCP controls against adversary tactics, techniques and procedures(TTPs).
-
Amazon SNS Introduces Message Data Protection to Discover Sensitive Data in Motion
Amazon SNS recently announced the public preview of message data protection. Identifying PII data and other sensitive information in flight, the new SNS feature leverages pattern matching, machine learning models, and data protection policies to simplify data protection and compliance in applications that exchange high volumes of data.
-
AWS IAM Identity Center Introduces APIs to Manage Users and Groups at Scale
AWS recently introduced IAM Identity Center APIs to create users and groups at scale. Administrators can use these new APIs to manage identities programmatically and gain visibility into users in the Identity Center directory.
-
Google Cloud Certificate Manager Generally Available
Google Cloud recently announced the general availability of Certificate Manager, a service to acquire, manage, and deploy TLS certificates for use with Google Cloud workloads.
-
Amazon Introduces Encrypted Communication Service AWS Wickr
A year after the acquisition of the company Wickr, Amazon recently announced the preview of the collaboration suite AWS Wickr. Built on a proprietary encryption protocol, the new managed service provides enterprises and government agencies with security and administrative controls to meet security and compliance requirements.
-
Accelerated Multi-Account Auditing and Compliance in AWS with Steampipe, HCL and SQL
AWS recently examined the use of AWS Insights Mod, based on Steampipe, an open-source tool that defines over 650 queries and displays their results on 84 dashboards.
-
Virtual Machine Threat Detection in Google Security Command Center Now Generally Available
Google Cloud recently announced the general availability (GA) of Virtual Machine Threat Detection (VMTD) as a built-in service in Security Command Center Premium, which can detect if hackers attempt to mine cryptocurrency in a company's cloud environment.
-
Cloud Security Posture Management Now Available in Vulnerability Scanner Trivy
The open source vulnerability scanner Trivy has been recently extended to support cloud security posture management (CSPM) capabilities. While initially available only for AWS, Trivy will soon get support for other cloud providers, says Aqua Security.
-
AWSGoat Open-Source Project for Pen Testing AWS Cloud Solutions
AWSGoat is a vulnerable-by-design infrastructure on AWS, featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. It mimics real-world infrastructure with additional flaws and uses a black-box approach, including multiple escalation paths.
-
Google Cloud Blocks Largest Layer 7 DDoS Attack
Google claims to have recently fended off the largest ever HTTPS-based distributed denial of service attack, which peaked at 46 million requests per second. According to the cloud provider, the DDoS attack was quickly detected and stopped at the edge of Google’s network, and the customer was not impacted.
-
New Microsoft Defender Products: Threat Intelligence and External Attack Surface Management
Microsoft recently announced two security products: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. These new products are driven by their acquisition of RiskIQ just over a year ago.
CONTENT IN THIS BOX PROVIDED BY OUR SPONSOR
Resources
The Definitive Guide to Backing Up Data in AWS
Understand what AWS Backup does and doesn’t cover for data protection and compliance. Download now.
Best Practices Checklist for Ransomware Protection
This checklist guides you with recommendations for a multi-layer defensive plan from thwarting attacks to recovering quickly in the event of a breach. Download now.
451 Research Market Insight: Why Backup Amazon S3
Viewing backup for Amazon S3 as unnecessary is outdated thinking. See what data lake trends are driving new requirements for data protection. Download now.
Webinars
Protecting Mission Critical Databases on AWS
[On Demand] How to backup data sets in Amazon EC2 and EBS. Watch now.
Simplifying SOC 2 Compliance
[On Demand] Learn about common compliance pitfalls to avoid and tips for passing your SOC 2 audit. Watch now.
