InfoQ Homepage Cloud Security Content on InfoQ
-
Snyk Releases Enhanced Vulnerability Prioritization Features
Snyk has announced the release of a number of new features to simplify prioritizing security vulnerabilities. This includes a new, proprietary algorithm to assess and provide a score for each identified issue. This approach takes into account the maturity of the exploit and can analyze if the affected code is reachable through application execution.
-
Google Launches Confidential VMs in Beta on Its Cloud Platform
In a recent blog post, Google announced Confidential VMs, a new type of virtual machine that makes use of the company’s work around confidential computing to ensure that data isn’t just encrypted at rest but also while it is in memory.
-
AWS Open-Sources CloudFormation Compliance Analyzer
AWS has announced the preview release of CloudFormation Guard, an open-source CLI tool to enforce compliance policies against CloudFormation templates. cfn-guard provides a lightweight, declarative syntax for defining rules. It supports lists, wildcards, regex,and declaration of variables, and can work with CloudFormation intrinsic functions.
-
Production Identity Framework SPIRE Graduates to CNCF Incubator
The Cloud Native Computing Foundation has accepted SPIFFE and SPIRE as incubation level projects. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE APIs that is production ready.
-
Vulnerability Scanner Trivy Now Available as Integrated Option within Harbor
Aqua Security has announced that Trivy, their open source vulnerability scanner, is now available as an integrated option within a number of platforms. Trivy is able to scan for vulnerabilities within operating systems and a number of common application dependencies.
-
Alcide's New sKan Command Line Tool Scans Kubernetes Deployment Files
Alcide, a Kubernetes security platform, has announced the release of sKan, a command line tool that allows developers, DevOps and Kubernetes application builders access to the Alcide Security Platform. sKan enables developers to scan Kubernetes configuration and deployment files as part of their application development lifecycle including CI pipelines.
-
AWS Announces the General Availability of New Security Service: Amazon Detective
Recently, Amazon announced the general availability of Amazon Detective. This new security service in AWS allows customers to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
-
Azure Sphere, a Secure IoT Platform, Reaches General Availability
In a recent blog post, Microsoft announced the general availability (GA) of Azure Sphere, an end-to-end IoT Security Platform. The Azure Sphere platform focuses on three key areas including microcontroller units (MCUs), a secure operating system (OS), which is based upon Linux, and providing cloud security services including software updates and detecting emerging threats.
-
Elastic Stack 7.6 Released with Security, Performance, and Observability Improvements
Elastic announced the release of Elastic Stack 7.6. This release contains a number of security improvements including a new SIEM detection engine and a redesigned SIEM overview dashboard page. This release also includes performance improvements to queries that are sorted by date, enhanced supervised machine learning capabilities, and support for ingesting Jaeger trace data.
-
Compliance and the California Privacy Act - the Empire Strikes Back
On January 1, 2020, the California Privacy Act came into effect. Many companies have not complied with the law, and the long term effects of the legislation are unclear.
-
Linode Announces DDoS Protection Across Its Global Network
Linode announced the availability of its DDoS protection service across its network for detection and mitigation of DDoS attacks.
-
Keeping Credentials Safe, Google Introduces Cloud Secret Manager
In a recent blog post, Google announced a new service, called Secret Manager, for managing credentials, API keys and certificates when using Google Cloud Platform. The service is currently in beta and the intent of this service is to reduce secret sprawl within an organization’s cloud deployment and ensure there is a single source of truth for managing credentials.
-
Falco is the First Runtime Security Project to be Accepted into CNCF Incubator
Falco, a cloud-native runtime security project, was accepted by the Cloud Native Computing Foundation (CNCF) as an incubation-level hosted project. Falco provides intrusion and abnormality detection for platforms like Kubernetes, Mesosphere, and Cloud Foundry. With the move into the incubation stage, the Falco team has been focusing on making the tool easier to adopt and use.
-
Google Publishes Its BeyondProd Cloud-Native Security Model
Google BeyondProd white-paper provides a model for cloud-native security in a containerized world. Google's model requires moving beyond the traditional perimeter-based security model and leverages code-provenance and service identity as security cornerstones. Google also provided a list of open-source software that can be used to implement its security model.
-
Preventing and Dealing with Vulnerabilities with GitLab
One year after the official launch of GitLab public bung program, it is time for the company to wrap up its results and determine how it helped improve security for GitLab and its customers. InfoQ had the chance to speak with GitLab senior application security engineer James Ritchey to learn more about GitLab's security strategy and what a bug bounty program can contribute to an organization.