A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Super X-Ray Vision for Vulnerabilities into Non-Running Containers (The State of Security, Aug 08 2017)
New functionality to scan non-running (paused, stopped, created, exited, etc.) Docker containers. This supplements the coverage for running containers, thereby giving a full view into the state of containers in production. Some people will think, “Cool! But why do I need that I scan non-running containers if they are all scanned before they go into production anyway?”

Containers 101 – What do you need to know? (The CloudPassage Blog, Aug 08 2017)
Thanks to Docker, containers are now the future of web development. According to DataDog, 15% of hosts run Docker, which is significantly up both from the 6% of hosts running it at this point in 2015 and the 0% of hosts running it before it was released in March of 2013….

How ‘zero trust’ networks can help hospitals strengthen cybersecurity (Healthcare IT News, Aug 07 2017)
“Traditional network designs use the concept of zones. The zone furthest out, the Internet, is untrusted, and more trust gradually is given to network zones the closer in they are. Thus, a user on the internal network might be able to look at anything and everything once they are inside.” Ever heard of Google BeyondCorp? If you’re running a zero trust network, let me know.


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Think you’re doing Agile? Think again. (Puppet, Aug 08 2017)
“…the focus on waste elimination is often ignored, but it’s a key pillar of organizational agility. Any business that has been around for a few years has vestiges of past efforts, and these require constant pruning. It could be technical debt: shortcuts and architectural decisions that were necessary at one time to deliver on an urgent business need, and that, ignored over time, can be a dangerous source of sluggishness.”…

CVEs Abound, But Not Enough to Secure the Enterprise (Skybox Security Blog, Aug 04 2017)
…the CVE, the old–guard vulnerability “dictionary,” is falling behind and leaving security teams and technologies that rely on it open to risk……

Continuous Cybersecurity in a DevOps World (BeyondTrust, Aug 07 2017)
Businesses continue to expand their vulnerability and privilege management programs to cover additional DevOps use cases, and BeyondTrust spells out a few. Do you use priviledged access management for any of these DevOps use cases? If so, let me know….

People are already Getting Ready for November AWS re:Invent 2017 (mostly conference workers, but still) (AWS Blog, Aug 08 2017)
“Every year I get last-minute texts, calls, and emails from long-lost acquaintances begging for tickets and have to turn them all down”…