If your GitOps deployment model has security issues (for example, a misconfigured permission because of a typo), this will be propagated until it is hopefully discovered at runtime, where most of the security events are scanned or found. What if you can fix potential security issues in your infrastructure at the source? Let’s start with the basics.

With the constant threat of malware weighing on cloud teams, AWS is introducing new ways to identify malicious software with Amazon GuardDuty. Amazon GuardDuty Malware Protection, a fully managed malware detection service launched today at Re:inforce by AWS, provides agentless scanning to identify when suspicious activity occurs.

For our latest specialist interview in our series speaking to security leaders from around the world, we’ve welcomed Tony Giles, Lead Auditor and CMMC Provisional Assessor with the NSF. Tony has conducted audits globally for over 10 years and worked on large-scale security implementation projects, including NIST 800-171, NIST 800-88 and ISO/IEC 27001, ISO 28000.

A couple of days ago, I was checking my Twitter feed and saw a tweet from someone saying how frustrated he was that DockerHub (a renowned container registry) was down. Someone else replied to the tweet, recommending the tweet’s author to check out Google’s repository, where they have DockerHub mirrors in Google Cloud.

Researchers from ESET have shed light on a new macOS backdoor, discovered in April 2022, dubbed CloudMensis. At first glance this is just the latest example of spyware targeting the Apple operating system with the intent of exfiltrating documents, keystrokes, and screen captures. However, as the name suggests, one of the interesting features of this malware is a sophisticated two-stage kill chain that exploits legitimate cloud services in different phases of the attack.

Zero trust network access (ZTNA) has become a hot topic and a popular IT project. Here are some of the reasons why: First, organizations are beginning to pursue a zero trust strategy and ZTNA is the first logical step towards a zero trust security program. Second, remote or hybrid work is here to stay. And as a result, now is the time to replace your legacy remote access VPN with a modern anywhere secure access solution for the long term.

The number and severity of cyber-attacks are increasing with time. For that, the international industry standards and government authorities aim to regulate cybersecurity by enforcing more strict cybersecurity compliance criteria.

The typical life of a consultant working in the field of governance, risk and compliance is often not deeply technical, but we have to be aware of new technology and the risks it poses; this is very true when it comes to Cloud, and with the massive adoption of Cloud as the vast majority of organizations now use cloud services on some level.

The Arctic Wolf team is having a great time in Boston at AWS re:Inforce 2022. What a wonderful show! It has been thrilling to connect with industry leaders and AWS experts from across the world–and it was equally thrilling for us to announce that Arctic Wolf has achieved the newly introduced Level 1 MSSP specialization in Digital Forensics Incident Response (DFIR).

I am very pleased and proud to share the big news that Devo is now an AWS Security Competency Partner. This is a significant milestone for Devo and it’s important for our current and future customers and partners. This designation validates that Devo has successfully met AWS’s technical and quality requirements for providing customers with a deep level of expertise in threat detection and response.