Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2022

How to use Atomic Red Team to test Falco rules in K8s

The best way to know if something works is to try it out. Ensuring that your security products are actually working is a fundamental task of routine maintenance. This is why it is so useful to use tools like Atomic Red Team that generate suspicious events based on ATT&CK techniques and see how Falco triggers alerts. In this blog, we will cover how to install and run the Atomic Red Team environment on a Kubernetes system for testing Falco rules.

Improving AWS Security Services with Sysdig Secure

One of the primary goals of information security is to protect data, which of course entails protecting the resources that store and provide access to that data. According to the NIST Cybersecurity Framework, organizations need to develop and implement the necessary protections to restrict or mitigate the effect of a possible cybersecurity incident. Security should be integrated right from the source of the cloud architecture design process.

Shift left is only part of secure software delivery

We’re living in the age of accelerated consumption and delivery. You can get a seemingly infinite selection of products delivered to your door within two days, for free, from thousands of miles away. You can access an endless variety of services online within mere seconds: Movies, music, games, education and even health care. These modern marvels are afforded to us by relatively recent advances in software development, delivery and operations.

Killnet Cyber Attacks Against Italy and NATO Countries

On May 11, several Italian institutional websites, including the Italian Senate, the Ministry of Defense, and the National Institute of Health, were taken offline and unreachable for a few hours. This was day one of a multiday cyber attack, which targeted other Italian websites as well as other countries.

Trends at Blackhat Asia 2022 - Kubernetes, Cloud Security and more

This week BlackHat Asia 2022 took place in hybrid mode. It’s one of the most important events within the #infosec community, where security experts show how far they can go. In this edition, the trend of talks and tools focused on improving the security of Kubernetes, Cloud Security or Supply Chain, either from the perspective of the blue team or the red team.

Ten considerations for securing cloud and containers

Most organizations adopt cloud and containers to accelerate application development, but by adopting a secure DevOps approach and embedding security into the DevOps workflow, you can ensure security controls don’t slow down developers. Check out these key considerations to keep in mind as you put together your plan for securing clouds and containers.

Hunting AWS RDS Security Events with Sysdig

The AWS RDS service itself falls on the AWS side of the Shared Responsibility model, but the day-to-day management of the RDS security instances falls on your side. When it comes to shared responsibility, your obligation depends on the AWS services that you deploy, and also other factors including (but not limited to) the sensitivity of your data, your company’s requirements, and applicable laws and regulations.

Beekeeper Serves Up Secure Communications, Data, and Applications Across Cloud Environments with Sysdig

Beekeeper is known as one of the world’s top platforms for helping remote employees stay connected with their customers, other front-line workers, and the data they need to be successful. Through the company’s platform, employees can gain access to training, forms, and other work-based resources that require flawless access every time.

Compromising Read-Only Containers with Fileless Malware

Containers provide a number of security features that are not simply available on a normal host. One of those is the ability to make the container’s root filesystem read-only. By making the file system unable to be altered, it prevents an attacker from writing their malware executable to disk. Most attacks rely on writing files in order to work, but sophisticated cases use fileless malware as part of their malicious behavior.