A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Demystifying container vs VM-based security: Security in plaintext (Google Cloud Platform Blog, Aug 09 2017)
Containers can significantly improve development speed, lower costs by improving resource utilization, and improve production consistency; however, their unique security implications in comparison to traditional VM-based applications are often not well understood. At Google,……
Salesforce fires red team staffers who gave Defcon talk (ZDNet, Aug 09 2017)
Salesforce fires red team staffers who gave Defcon talk. “As soon as they got off the stage, they were fired.” For talking about a homegrown tool that doesn’t launch attacks or exploit systems, but it allows red teamers to control the system once access has been granted…
SecOps: The Next Stride for DevOps (Blogs – DevOps.com, Aug 14 2017)
With the continuously increasing business demands for new applications and software, and new practices and development trends such as DevOps, Agile, cloud, automation, CI/CD and others, traditional security needs to upgraded in the new paradigm…
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
Amazon reaches out to users with bad security before the crooks do (Naked Security – Sophos, Aug 04 2017)
Amazon is taking proactive steps to keep its customers safe…
Announcing the new and improved Azure Log Analytics (Microsoft Azure Blog, Aug 09 2017)
Azure Log Analytics service is rolling out an upgrade to existing customers today – offering powerful search, smart analytics, and even deeper insights. This upgrade provides an interactive…
Agile and DevOps Are Failing in Fortune 500 Companies: It Should Be a Wake-Up Call to All of Us (DZone DevOps Zone, Aug 09 2017)
ING began its agile transformation in 2010 with just three teams practicing agile. After seeing the success of those first three teams, ING transformed its entire development organization to Agile in 2011…By 2014, ING executives felt that they weren’t receiving the benefits from Agile and DevOps for which they had hoped…
New – Encryption of Data at Rest for Amazon Elastic File System (EFS) (AWS Blog, Aug 15 2017)
When you create a new file system, you can select a key that will be used to encrypt the contents of the files that you store on the file system. The key can be a built-in key that is managed by AWS or a key that you created yourself using AWS Key Management Service (KMS)…
AWS CloudHSM Update – Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads (AWS Blog, Aug 14 2017)
AWS: making a major update to CloudHSM, with a set of improvements designed to make the benefits of hardware-based key management available to a much wider audience while reducing the need for specialized operating expertise…
An In Depth Look: Top PHP Frameworks (Blog – Checkmarx, Aug 10 2017)
PHP is an open source scripting language designed for web development. When the language was first released in 1994, PHP stood for Personal Home Page. Today, PHP is referred to as a backronym – PHP, Hypertext Preprocessor…
TCO Calculator (Blog – WhiteHat Security, Aug 15 2017)
Our goal was to create a calculator that would make it easier for buyers to compare the costs of AppSec solutions offered by various vendors. This would be a true comparison, keeping the value derived out of the solution, and level of service, the same for all vendors…