Earl

38 Flips | 1 Magazine | 3 Likes | @earl553 | Keep up with Earl on Flipboard, a place to see the stories, photos, and updates that matter to you. Flipboard creates a personalized magazine full of everything, from world news to life’s great moments. Download Flipboard for free and search for “Earl”

NIST releases Cybersecurity Framework 1.1

The US Commerce Department’s National Institute of Standards and Technology (NIST) has announced at RSA Conference 2018 the release of version 1.1 of …

Akamai touts network perimeter security shifts, zero-trust model

SEO

Securing Remote Desktop (RDP) for System Administrators

<i>Special thanks to Forrest Smalley of IST for providing content and screen shots for this article</i><p>How secure is Windows Remote Desktop?<p>Remote Desktop …

Information Security

The Emergent Cloud Security Toolchain for CI/CD

The Emergent Cloud Security Toolchain for CI/CD given at RSA Conference 2018 in San Francisco.<p>All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will …

Titus, the Netflix container management platform, is now open source

by Amit Joshi, Andrew Leung, Corin Dwyer, Fabio Kung, Sargun Dhillon, Tomasz Bak, Andrew Spyker, Tim Bozarth<p>Today, we are open-sourcing Titus, our …

Containers and Compliance: Building Secure, Automated Systems on Amazon Web Services

Is it possible to use containers and maintain PCI, HIPAA, HITRUST, FedRAMP, or other compliance requirements? This is a question we hear a lot — …

Google and Netflix team up on Kayenta, an open-source project for automated deployment monitoring

A new open-source project from Google and Netflix aims to help other companies that want to modernize their application deployment practices but …

Serverless monitoring — the good, the bad and the ugly

Not so long ago, a job requirement pushed me into the world of FaaS, and I was thrilled. I had dreams of abstraction — eliminating all that tedious …

Cloud Computing

NSX-T Automation with Terraform

Do you want to maintain your network and security infrastructure as a code? Do you want to automate NSX-T? One more option has been just added for …

Cloud Computing

Orchestrator: Lightweight & Flexible Security Orchestration

Screenshots<p>Drag to left to slide<p>Agentless<p>Orchestrator runs scripts on endpoints using Powershell Remoting (for Windows) and SSH (for Linux).<p>Supports …

Azure DNS Private Zones now available in public preview

We are pleased to announce the public preview of DNS Private Zones in all Azure Public cloud regions. This capability provides secure and reliable …

A Sneak Peek at the New NIST Cybersecurity Framework

Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement.<p>The National Institute of …

Prowler: AWS CIS Benchmark Tool

Table of Contents<p>Description<br>• Features<br>• Requirements<br>• Usage<br>• Fix<br>• Screenshots<br>• Troubleshooting<br>• Extras<br>• Forensics Ready Checks<br>• Add Custom Checks<br>• Third Party …

Moving Beyond the Limits of Infrastructure Testing with Chef InSpec 2.0

InSpec just reached its next major upgrade with the release of InSpec 2.0. After more than two years as an open source project and a year since its …

How to automate the auditing of operational best practices for your AWS account | Amazon Web Services

With a microservices architecture, distributed teams often need a central operational excellence team to make sure that the rest of the organization …

Cloud Computing

Demystifying Information Security Using Data Science

Introduction<p>When you search for security data science on the internet, it’s difficult to find resources with crisp and clear information about the …

How To Avoid Common Emerging Anti-Patterns In Serverless Computing

Serverless is all the rage right now and for a lot of amazing reasons, from performance and up time to scalability and billing. Most popular are could functions such as AWS Lambdas, Google Cloud Functions, and Azure functions, but serverless architectures have been around and prominent on the …

Software Development

Tagging Best Practices for Cloud Governance and Cost Management

TweetEnterprises are now, more than ever, living in a multi-cloud environment managing highly complex pricing structures and an onslaught of new …

Cloud Computing

How We Built an Intrusion Detection System on AWS using Open Source Tools

It’s roughly a year now that we built an intrusion detection system on AWS cloud infrastructure that provides security intelligence across some …

Linux

Amazon Connect Adds Federated Single Sign-On Using SAML 2.0 Available in Preview

You can enable federated access and controls via any SAML 2.0 compliant identity provider such as Microsoft Active Directory Federation Services, …

Cloud Computing

Understand how Chef Supports the AWS Shared Responsibility Model - Chef Blog

One of the key reasons organizations look at cloud migration is to improve the security of their IT systems. Cloud vendors such as AWS bring a level …

Cloud Computing

How Containers Serverless Computing Transform Attacker Methodologies

The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.<p>In technology, as in life, the only …

Cybersecurity

AWS Monitoring Primer

Monitoring is critical for a secure, high-performing, resilient, and efficient cloud infrastructure. This blog post summarizes all the bits and …

Top 10 Docker Logging Gotchas

Docker changed not only how applications are deployed, it also changed the workflow for log management. Instead of writing logs to files, containers …

Simplify Cloud VPC firewall management with service accounts

By Daniel Merino, Technical Program Manager and Srinath Padmanabhan, Product Marketing Manager <br>Firewalls provide the first line of network defense …

Cloud Computing

Exporting Computers that are not Compliant with Security Baseline Recommendations in Azure Security Center

To enhance your security posture you must ensure that your computers are using the appropriate secure configuration, which may vary according to its …

Pragmatically storing security sensitive data using AWS KMS

<i>This article was first published on my blog as "Painlessly storing security sensitive data using AWS KMS and OpenSSL".</i><p><i>TL;DR:</i> In this post, I am going …

Azure Security Audits With Pester

We’ve previously discussed using Pester to test Azure resources in our infrastructure pipeline. In that article, we used Pester to run against a …

A Step-by-Step Guide for Protecting Sensitive Data in Docker

Managing passwords, access tokens, and private keys in an application can be tedious. Any small mistake accidentally exposes all the secret …

Cleanup Old Docker Images from Nexus Repository

Many of us are using Nexus as a repository to publish Docker images. Typically, we build images tagged with the <b>commit hash</b> (or using semver ideally) …