InfoQ Homepage Cloud Security Content on InfoQ
-
Google's New Cloud Security Services for Better Threat Detection and Protection in Enterprises
Google announced three new services for better threat detection and protection in enterprises: Web Risk API, Cloud Armor, and Cloud HSM. All these security services will offer Google Cloud Platform (GCP) customers advanced security functionalities.
-
Making Security More Intelligent, Microsoft Releases Azure Sentinel
In a recent blog post, Microsoft announced further investments to its intelligent security offerings in the form of a Security Information and Event Management (SIEM) product called Azure Sentinel. SEIMs are used by security professionals as a data store that is capable of aggregating security events from logs across a variety of systems, including servers, firewalls, routers and switches.
-
Tomcat and Kafka Selected for EU Bug Bounty Programme
The European Union recently launched a bug bounty program for critical infrastructure projects, offering financial compensation to anyone who finds and reports a new security flaw. The bug bounty is offered as part of FOSSA, the “Free and Open Source Software Audit” project. The FOSSA list includes two notable Java projects: Apache Tomcat and Kafka.
-
RunC Bug Enables Malicious Containers to Gain Root Access on Hosts
Security researchers have discovered a critical bug in runC - a lightweight CLI tool for spawning containers according to the OCI specification - which allows the attackers to escape the container and gain administrative privileges on the host, rendering it vulnerable.
-
Amazon Adds Three New Threat Detections to Its GuardDuty Service in AWS
Amazon has added another set of new threat detections to its GuardDuty service in AWS. The three new threat detections are two new penetration testing detections and one policy violation detection.
-
Q&A on Cloud Discovery Tool for Multi-Cloud Environments
Cloud Discovery is an open-source tool from Twistlock that connects to cloud providers and gets an inventory of all the various infrastructure resources deployed. Cloud Discovery gathers and reports resources metadata in an aggregated way. Furthermore, application security holes can be identified when there’s more visibility across environments, such as which resources are missing a firewall rule.
-
AWS Identity and Access Management Gains Tags and Attribute-Based Access Control
Amazon Web Services (AWS) recently enabled tags for IAM users and roles to ease the management of IAM resources. Notably, this release also includes the ability to embrace attribute-based access control (ABAC) and match AWS resources with IAM principals dynamically to "simplify permissions management at scale".
-
Google Releases New Security Features for Compute Engine: Resource-Level IAM and IAM Conditions
Google announced two new Cloud Identity and Access Management (IAM) features to help customers manage their security and access control in the Google Compute Engine better. These features are the resource-level IAM to set policies on individual resources, and IAM conditions to grant access based on predefined conditions.
-
Azure Virtual WAN and Azure Firewall Now in Public Preview
With Azure Virtual WAN and Azure Firewall, Microsoft will provide two new services to help customers modernise their network. The Azure Virtual WAN service will simplify large-scale branch connectivity, while with the Azure Firewall enterprises can enforce their security policies in the cloud. Both services are currently in public preview.
-
OpenID Loses Major Proponent, StackOverflow
OpenID has lost one of its largest proponents. Stack Exchange, the company behind StackOverflow and other Q&A websites, will be completely eliminating support for OpenID on July 25, 2018. This continues a long running trend of websites eliminating OpenID from their offerings.
-
Amazon Launches a New Cloud Security Service: AWS Firewall Manager
Amazon has launched a new service called AWS Firewall Manager, providing AWS customers a way to configure AWS Web Application Firewall rules across multiple accounts centrally. The AWS Firewall Manager is a part of Amazon’s recent launch of several services for security and compliance.
-
Amazon Launches AWS Secrets Manager to Securely Store, Distribute, and Rotate Credentials
Amazon announced the launch of the AWS Secrets Manager, which makes it easy for customers to store and retrieve secrets using an API or the AWS Command Line Interface (CLI). Furthermore, customers can rotate their credentials with built-in or custom Lambda functions. The AWS Secrets Manager enables users to centralize the management of secrets of distributed services and applications.
-
Chef Enhances Cloud Security Automation in InSpec 2.0
Continuous automation vendor, Chef, has announced the availability of InSpec 2.0, a new version of Chef’s free open source tool that enables DevOps and cross-functional application, infrastructure and security teams to express security and compliance rules as code and assess and remediate compliance issues through the entire software delivery life cycle.
-
Xen Hypervisor 4.10 Focuses on Security and Better ARM Support
The Xen Project released version 4.10 of their hypervisor with an improved architecture for x86, better support for ARM processor hardware updates, and changes to schedulers and the user interface.
-
NIST Publishes Guidelines on Application Container Security
The National Institute of Standards and Technology (NIST) published a bulletin on application container technology and its most notable security challenges. The report is a summary of two previous bulletins outlining vulnerability areas including image, registry, orchestrator, container, host OS, and hardware, and their countermeasures.