InfoQ Homepage Cloud Security Content on InfoQ
-
Microsoft Extends Azure Security Center Capabilities to Partners, Adds Automation
At the recent Ignite conference, Microsoft announced several updates to their Azure Security Center offerings. These updates include enhanced cloud resource threat protection, Customer Lockbox extensions, the release of a Secure Code Analysis toolkit, additional support for Azure Disk Encryption, certificate management extensions, API automation and partner integrations.
-
CPDoS Attacks Cause CDNs to Deliver Error Pages instead of Expected Results
Security researchers disclosed three new variants of the cache poisoning attack first discussed at the 2018 DEFCON conference. These three new attacks are being categorized as cache poisoning denial of service (CPDoS) attacks. These vulnerabilities allow an attacker to inject their own malicious content to be served by the cache in lieu of the expected web pages.
-
Elastic Releases New Security Suite Integrating SIEM with Endpoint Protection
Elastic recently released Elastic Endpoint Protection, a new feature for integrated security built upon Elastic’s acquisition of Endgame. With Endpoint, Elastic is combining their SIEM product and endpoint security into a single solution built on the Elastic stack.
-
PARSEC Is a New Platform-Agnostic API for Secure Systems
Backed by Arm and Docker, Platform AbstRaction for SECurity aims to define a universal software standard to handle secure object storage and cryptography services. It focuses on modern system architectures made of containerized services and strives to make security technology easy to access. InfoQ has spoken with Justin Cormack, security lead at Docker and PARSEC maintainer, to learn more.
-
Microsoft Releases Azure Sentinel, a Cloud Native SIEM, to General Availability
In a recent blog post, Microsoft announced the general availability of Sentinel, a Security Information and Event Management (SIEM) service in Azure, providing customers with intelligent security analytics across their enterprise. With the GA of Azure Sentinel, Microsoft now enters the SIEM market.
-
Kubernetes Policy Enforcement with Open Policy Agent Gatekeeper
The latest release of the Kubernetes Policy Controller Gatekeeper takes greater advantage of the CNCF project Open Policy Agent to offer users the ability to declare policies, share constraint templates, and audit resources for policy violations.
-
Security Architecture Anti-Patterns by UK Government National Cyber Security Centre
The National Cyber Security Centre of the UK Government recently published a white paper on the six design anti-patterns that we should avoid when designing computer systems.
-
Google Announces General Availability of Cloud Security Scanner for GKE and Compute Engine
Recently, Google announced the general availability of Cloud Security Scanner for Google Kubernetes Engine and Compute Engine. This service allows scanning for vulnerabilities and threats of web apps possibly introduced during development, and act before anyone can abuse them.
-
Enabling Single Tenant Workloads in the Cloud, Microsoft Introduces Azure Dedicated Host
In a recent blog post, Microsoft announced Azure Dedicated Hosts, a service that allows organizations to run Linux and Windows virtual machines on single-tenant physical servers. This service was introduced to address customer compliance and regulatory requirements. Organizations can also take advantage of Azure Hybrid Benefits which allows them to leverage existing software investments.
-
Microsoft Announces General Availability of Azure Security Center for IoT
Initially introduced in March 2019, Microsoft has announced the general availability of Azure Security Center for IoT, which enables end-to-end threat protection and security management of IoT environments. The solution helps in identifying threats, insecure settings, and misconfigurations, allowing to mitigate before attackers can take advantage of them.
-
Web Application Firewall Causes Outage
The CloudFlare outage from June 2nd was caused by high CPU consumption of a backtracking regular expression, defending against a Sharepoint CVE.
-
Amazon Releases the Multi-Account Management Service AWS Control Tower to General Availability
Recently, Amazon announced the general availability of AWS Control Tower, a service that automates the process of setting up a new baseline multi-account AWS environment that is secure, and well-architected. With AWS Control Tower, cloud administrators can consistently set-up security and compliance for multi-account AWS environments.
-
Benefits of Microsoft’s New Versions of Azure Application Gateway and the Web Application Firewall
In a recent blog post, Microsoft discusses the benefits of the generally available releases of Azure Application Gateway V2 Standard SKU and Web Application Firewall (WAF) V2 SKU's. Microsoft fully supports them with a 99.95% SLA, significant improvements and capabilities.
-
Open Policy Agent Accepted as CNCF Incubation Level Project
The Cloud Native Computing Foundation (CNCF) accepted the Open Policy Agent (OPA) as an incubation-level hosted project on April 2nd. OPA is an open source, general-purpose policy engine. OPA targets cloud-based enterprise technology companies with a solution that offloads service level policy management to a unified, context-aware policy management solution.
-
Microsoft Introduces Azure Front Door, a Scalable Service for Protecting Web Applications
In a recent blog post, Microsoft introduced the general availability (GA) of Azure Front Door (AFD), a scalable and secure entry point for web applications. The underlying technology in Azure Front Door, has been in place inside of Microsoft for the past five years where it has enabled scaling and protection for many popular Microsoft services including Office 365, Xbox, and Microsoft Teams.