InfoQ Homepage Cloud Security Content on InfoQ
-
Google Announces Machine Learning Powered API Abuse Detection
Google recently announced an API abuse detection dashboard powered by machine learning algorithms.
-
Google Introduces Digital Sovereignty Explorer for European Organizations
Google Cloud recently released the Digital Sovereignty Explorer, a free online and interactive tool to determine a digital sovereignty strategy on the cloud using a multiple-choice format. The tool currently focuses on European organizations and deployments.
-
Amazon VPC Lattice Now GA with New Capabilities for Service-to-Service Connectivity
Announced in preview at the latest re:Invent conference, Amazon VPC Lattice is now generally available, with new capabilities for service-to-service connectivity, security, and monitoring. The pricing model raised some concerns in the community.
-
HashiCorp Policy-as-Code Framework Sentinel Adds Multiple Developer Experience Improvements
HashiCorp has released a number of improvements to Sentinel, their policy-as-code framework. The new features include an improved import configuration syntax, a new static import feature, support for named functions, and per-policy parameter values. There are also new helper functions to determine if a value is undefined.
-
GitHub Adds SBOM Export to Make it Easier to Comply with Security Requirements
GitHub has announced a new SBOM export feature meant to be used as part of security compliance workflows and tools. The new feature allows you to export NTIA-compliant SBOM easily, says GitHub.
-
Amazon GuardDuty Adds EKS Runtime Monitoring and RDS Protection
Amazon GuardDuty added Amazon EKS Runtime Monitoring and RDS Protection for Amazon Aurora. EKS Runtime Monitoring can detect runtime threats from over 30 different security findings. RDS Protection adds support for profiling and monitoring access activity to Aurora databases.
-
Amazon OpenSearch Service Introduces Security Analytics
Amazon recently announced the general availability of security analytics for OpenSearch Service. The new capability of the successor of ElasticSearch Service provides threat monitoring, detection, and alerting features to help manage security threats.
-
Celebrity Vulnerabilities: Effective Response to Critical Production Threats
Alyssa Miller, chief information security officer of EpiqGlobal, presented at QCon London about the lessons learned from three major open-source security events, the Equifax breach via Struts, the Log4j vulnerabilities, and the Spring4Shell exploit.
-
Survey on Supply Chain Practices Finds Perceived Usefulness of Practice Correlates with Adoption
A recent survey on supply chain security practices found that some practices are widely adopted but key practices are lagging behind. Key practices, such as generating provenance, were noted for lagging behind in adoption. The survey also found that the perceived usefulness of a practice is highly correlated with the adoption of that practice.
-
Microsoft Adds Support for Pod Sandboxing to Azure Kubernetes Service
Microsoft has released, in preview, support for pod sandboxing in the Azure Kubernetes Service (AKS). Available within all Azure regions for a subset of Azure VM sizes, pod sandboxing provides an isolation boundary between the container application and the shared kernel and compute resources of the container host.
-
AWS Introduces Global Condition Context Keys to Improve EC2 Security
AWS recently introduced global condition context keys to restrict the usage of EC2 instance credentials to the instance itself. The new keys allow the creation of policies that can limit the use of role credentials to only the location from where they originated, reducing the risk of credential exfiltration.
-
Passwordless Cloud Deployments with GitHub Actions
GitHub’s CICD service offering, GitHub Actions, now supports the use of Open Identity Connect credentials to authenticate against cloud providers such as Hashicorp Vault, AWS, Azure and GCP without the use of long-lived credentials or passwords.
-
Azure Application Gateway Now Supports mTLS and OCSP
Microsoft has announced that its Azure Application Gateway, a cloud-based solution that provides secure, scalable, and reliable access to web applications, now supports mutual Transport Layer Security (mTLS) and Online Certificate Status Protocol (OCSP).
-
Cloudflare Detects a Record 71 Million Request-Per-Second DDoS Attack
On the weekend of 11 and 12 February, the Super Bowl weekend, Cloudflare detected dozens of hyper-volumetrics DDoS attacks. These attacks peaked at 50-70 million requests per second (rps), with the highest at 71 million rps. This is the largest reported HTTP DDoS attack on record. This attack is 54% higher than the previous record registered in June 2022 with 46M rps.
-
Google Cloud Adds New PCI DSS Policy Bundle to Anthos Config Management
Google has recently added Payment Card Industry Data Security Standard (PCI DSS) Policy bundle to Anthos Config Management (ACM). In its version 3.2.1, security administrators can now understand compliance with PCI DSS requirements using the Policy Controller Dashboard.