| |
| π Stories, Tutorials & Articles |
| |
|
| |
| Improve the security of Azure environment and DevOps platforms |
| |
| |
| This article presents how to monitor the security posture of Azure cloud environments and DevOps platforms |
|
| |
|
| |
|
| |
| Automating security operations and managing it as code |
| |
| |
According to a prediction from Google Cloud experts, by 2025, 90% of security operations workflows will be automated and managed as code. The prediction is based on the current challenges faced by organizations in managing security risk across modern technology environments, including a lack of funding, resourcing, skills, and applicable solutions, as well as an increase in data volume, alert fatigue, financial costs, and complexity.
To address these challenges, organizations are turning to automation and managed services, and shifting to security engineering over operations in order to manage risk at scale.
Google has developed the Autonomic Security Operations (ASO) framework as a holistic approach to modernizing people, processes, and technologies, with the goal of enabling organizations to adopt a cloud-scale engineering approach to threat management. |
|
| |
|
| |
|
| |
| Shhhh... Kubernetes Secrets Are Not Really Secret! |
| |
| |
| Learn how to setup secure secrets on Kubernetes using Sealed Secrets, External Secrets Operator, and Secrets Store CSI driver. |
|
| |
|
| |
|
| |
| Auditing GKE Clusters across the entire organization |
| |
| |
GKE Policy Automation is a tool for automating the checking of GKE clusters across an organization.
It comes with a library of policies based on best practices and recommendations from Google, and can be run manually or continuously for automated verification. It uses the Kubernetes Engine API to gather data from the clusters, and checks it against the set of policies. Results can be output in the console or saved to Cloud Storage or Pub/Sub.
It can also integrate with Google's Security Command Center to allow for easier analysis and remediation of non-compliant clusters. |
|
| |
|
| |
|
| |
| Researchers show techniques for malware persistence on F5 and Citrix load balancers |
| |
| |
| Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers. |
|
| |
|
| |
