InfoQ Homepage Cloud Security Content on InfoQ
-
Cloudflare Releases a Cloud-Based Network-as-a-Service Solution: Cloudflare One
Cloudflare, an American web-infrastructure and website-security company, recently introduced a cloud-based network-as-a-service solution for the enterprise workforce called Cloudflare One. The solution provides secure, fast, reliable, cost-effective network services, integrated with leading identity management and endpoint security providers.
-
Cloudflare Introduces API Shield
Cloudflare has recently introduced API Shield, a free security tool that protects API traffic against attacks designed to perform unauthorized actions or exfiltrate data. Strong client certificate-based identity is already generally available, while schema validation is currently a closed beta.
-
Bridgecrew Releases State of Open Source Terraform Security Report
Bridgecrew, a developer-first platform that codifies cloud security, recently published the State of Open Source Terraform Security report. The company utilized open-source Infrastructure-as-Code (IaC) static analysis tool Checkov. One of the key findings reveals that modules used to provision AWS resources are most likely misconfigured.
-
Attackers Found Building Malicious Container Images Directly on Host
Aqua’s cyber security research team, ‘Nautilus,’ has found a new attack technique targeting misconfigured Docker Daemon API ports to build an image directly on the target host container infrastructure, in order to mine cryptocurrency. Further investigation by the team uncovered an associated 330k malicious image pulls from an infrastructure of 23 container images stored in Docker Hub.
-
Snyk Releases Enhanced Vulnerability Prioritization Features
Snyk has announced the release of a number of new features to simplify prioritizing security vulnerabilities. This includes a new, proprietary algorithm to assess and provide a score for each identified issue. This approach takes into account the maturity of the exploit and can analyze if the affected code is reachable through application execution.
-
Google Launches Confidential VMs in Beta on Its Cloud Platform
In a recent blog post, Google announced Confidential VMs, a new type of virtual machine that makes use of the company’s work around confidential computing to ensure that data isn’t just encrypted at rest but also while it is in memory.
-
AWS Open-Sources CloudFormation Compliance Analyzer
AWS has announced the preview release of CloudFormation Guard, an open-source CLI tool to enforce compliance policies against CloudFormation templates. cfn-guard provides a lightweight, declarative syntax for defining rules. It supports lists, wildcards, regex,and declaration of variables, and can work with CloudFormation intrinsic functions.
-
Production Identity Framework SPIRE Graduates to CNCF Incubator
The Cloud Native Computing Foundation has accepted SPIFFE and SPIRE as incubation level projects. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE APIs that is production ready.
-
Vulnerability Scanner Trivy Now Available as Integrated Option within Harbor
Aqua Security has announced that Trivy, their open source vulnerability scanner, is now available as an integrated option within a number of platforms. Trivy is able to scan for vulnerabilities within operating systems and a number of common application dependencies.
-
Alcide's New sKan Command Line Tool Scans Kubernetes Deployment Files
Alcide, a Kubernetes security platform, has announced the release of sKan, a command line tool that allows developers, DevOps and Kubernetes application builders access to the Alcide Security Platform. sKan enables developers to scan Kubernetes configuration and deployment files as part of their application development lifecycle including CI pipelines.
-
AWS Announces the General Availability of New Security Service: Amazon Detective
Recently, Amazon announced the general availability of Amazon Detective. This new security service in AWS allows customers to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
-
Azure Sphere, a Secure IoT Platform, Reaches General Availability
In a recent blog post, Microsoft announced the general availability (GA) of Azure Sphere, an end-to-end IoT Security Platform. The Azure Sphere platform focuses on three key areas including microcontroller units (MCUs), a secure operating system (OS), which is based upon Linux, and providing cloud security services including software updates and detecting emerging threats.
-
Elastic Stack 7.6 Released with Security, Performance, and Observability Improvements
Elastic announced the release of Elastic Stack 7.6. This release contains a number of security improvements including a new SIEM detection engine and a redesigned SIEM overview dashboard page. This release also includes performance improvements to queries that are sorted by date, enhanced supervised machine learning capabilities, and support for ingesting Jaeger trace data.
-
Compliance and the California Privacy Act - the Empire Strikes Back
On January 1, 2020, the California Privacy Act came into effect. Many companies have not complied with the law, and the long term effects of the legislation are unclear.
-
Linode Announces DDoS Protection Across Its Global Network
Linode announced the availability of its DDoS protection service across its network for detection and mitigation of DDoS attacks.