How to Secure AWS Serverless API(s)

How to Secure AWS Serverless API(s)

How to Secure AWS Serverless API(s) Network Security Discover how to easily enhance security of your container-based AWS serverless API to protect against known and unknown vulnerabilities. By: Anna Lapyko March 18, 2022 Read time:  ( words) Container-based serverless APIs are becoming increasingly popular as many organizations move toward cloud native applications. Serverless containers outsource the effort of managing the actual servers, making it easier to scale quickly and maintain at any scale. However, you…

Read More

How to Build a Serverless API with Lambda and Node.js

How to Build a Serverless API with Lambda and Node.js

Serverless technologies enable developers to concentrate on what the application does without the hassle of managing where it runs and how it scales. The cloud provider manages infrastructure, simply upload the applications, and the provider handles the rest. This article highlights the benefits of going serverless by walking through creating a serverless REST API using AWS Lambda and Node.js. Setting Up the Local Environment This tutorial requires the following dependencies: Now that the environment is…

Read More

10 best practices for S3 bucket security configuration

10 best practices for S3 bucket security configuration

Rule GD-001: GuardDuty enabled Conformity has rule GD-001 for enabling GuardDuty. This rule checks that GuardDuty is enabled in all regions for the security of your AWS environment and infrastructure. Because this rule is a medium-level threat, Conformity encourages compliance. The result of non-compliance is the potential occurrence and proliferation of malicious activity on your AWS account and infrastructure without your knowledge, such as Recon:EC2/PortProbeUnprotectedPort, UnauthorizedAccess:EC2/SSHBruteForce, or UnauthorizedAccess:IAMUser/MaliciousIPCaller. To remediate, simply visit GuardDuty to enable…

Read More

Cloud Native Security Platform Must-have Components

Cloud Native Security Platform Must-have Components

5 key components to review To ensure secure apps are developed and deployed, McCluney and Griffin recommend implementing review processes for the following: Cloud posture and compliance Vulnerability visibility and management Container security Template scanning Securing your code Before delving into each of these components, let’s review why each one is key, and understand how the state of the industry has shaped these key security components. 4 cloud native development trends McCluney and Griffin point…

Read More

Why IaC Security Should Matter to CISOs

Why IaC Security Should Matter to CISOs

Speed is the name of the game for organizations building in the cloud. And in order to meet increasingly demanding deadlines, many DevOps teams are turning to infrastructure as code (IaC) to spin up new projects at scale—but are they doing so securely? This article looks at IaC security challenges and how CISOs can choose the right cloud security tool to support quick development and drive innovation. What is IaC? Infrastructure as code (IaC), as…

Read More

Global Cyberattacks: Managing Risk in Chaotic Times

Global Cyberattacks: Managing Risk in Chaotic Times

Global Cyberattacks: Managing Risk in Chaotic Times Risk Management As global tension rises, cyber-risk management and security fundamentals are the key to cyber-resilience By: Trend Micro February 24, 2022 Read time:  ( words) While it seems almost cliché now, we are living in unprecedented times. The global pandemic has forced organizations everywhere to deal not only with health and supply-chain challenges, but also with increasing political turmoil that can negatively impact ongoing operations. And with…

Read More

7 Container Security Best Practices For Better Apps

Cloud Native Security Platform Must-have Components

Write clean code In 2020, Digital Shadow scanned more than 150 million entities from GitHub, GitLab, and Pastebin and found 800,000 access keys and secrets. 40% of these were for database stores—38% for CSPs such as Google, Microsoft Azure, and AWS. Yikes. It goes without saying (but I’m saying it anyways) you cannot afford to have your secrets exposed. To keep your secrets secret, avoid writing secrets into the code or in a config file…

Read More

An All-in-One Well-Architected Framework Guide for Cloud Architects

An All-in-One Well-Architected Framework Guide for Cloud Architects

Source: Trend Micro Blog Not so easy, huh? Luckily, Microsoft Azure and AWS have created several white papers on the Well-Architected Framework to explain cloud architectural design principals that can help guide you through the process. For example, in the case of an Amazon S3 bucket, you need to remember to disallow public read access, ensure logging is enabled, use customer-provided keys to ensure encryption is on, and so on. With so many cloud services…

Read More

CNAPP Security: Cloud Native Application Protection Platform

Cloud Native Security Platform Must-have Components

According to Gartner, manual integration is the most common method of integrating different security tools to streamline DevOps. By consolidating capabilities, security teams are freed from manual correlation and investigation between several, disparate point products. And comprehensive visibility leads to better identification, assessment, prioritization, and adaptation to risks in cloud native applications. Ok, good for them, you may be thinking, but how does this help me? DevOps and CNAPP Think of it this way: the…

Read More

Cryptojacking Attacks Target Alibaba ECS Instances

Cryptojacking Attacks Target Alibaba ECS Instances

Cryptojacking Attacks Target Alibaba ECS Instances Workload Security Discover how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero. By: Alfredo de Oliveira February 04, 2022 Read time:  ( words) Cryptojacking attacks continue to increase. Unlike ransomware, cryptojacking cybercriminals make their money staying silent and undetected, leeching the computer power from their target to mine valuable cryptocurrency. Cryptomining can cause serious downtime for developers by draining the enterprise’s processing…

Read More
1 12 13 14 15 16 17