Attackers are increasing their focus on the growing cloud playing field as it becomes more lucrative. They are refining their craft to further accelerate attacks with methods like artificial intelligence and automation. Slow response times, limited coverage, and visibility gaps, often exacerbated by inadequate and fragmented tooling, allow attackers to make quick work of vulnerable environments.
In the modern software ecosystem, containerization has become a popular method for packaging and deploying applications. Alongside this growing trend, ensuring the security of software supply chains has become a critical concern for businesses of all sizes. Implementing best practices, such as signing and verifying images to mitigate man-in-the-middle (MITM) attacks and validating their authenticity and freshness, play a pivotal role in safeguarding the integrity of the software supply chain.
This is a follow up discussion of some advanced use case scenarios for Egress Gateways. In a previous blog post, Policy-based routing with Egress Gateways, I explained how to achieve connectivity to multiple destinations using policies based on the destination of the traffic. One of the use cases described was the ability of connecting to different services based on the destination, so we can use a different source IP that can be included in an allowlist for such services.
According to CSO the fines incurred for data breaches or non-compliance with security and privacy laws, for only a handful of companies, has cost $4.4 billion. The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years (IBM). The challenge for organizations is how to safeguard sensitive information while adhering to the law, but without compromising innovation. Cyber threats loom large, affecting businesses in every industry.
By default, traffic leaving a Kubernetes cluster lacks a meaningful network identity, making it challenging to associate it with its source workload. This is an issue because, in an on-premises infrastructure, companies rely on firewalls, for example Sophos Firewall, to inspect this traffic which loses its identity as soon as it leaves the cluster.
One of the most common questions people new to Open Policy Agent (OPA) and Rego ask is about how to express logical “OR” in the language. While there is no “OR” operator, Rego has no shortage of ways to express that, with some being more obvious than others. In this blog, we’ll take a look at the most common ways to express OR, and weigh the virtues of each method against the others. Hopefully you’ll learn a few tricks along the way.
Security Information and Event Management (SIEM) is essential for enterprise organizations because it provides the tools and capabilities needed to effectively monitor, detect, respond to, and mitigate cybersecurity threats, while also supporting compliance and overall security strategy enhancement.
The Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they’ve named AMBERSQUID. This operation leverages AWS services not commonly used by attackers, such as AWS Amplify, AWS Fargate, and Amazon SageMaker. The uncommon nature of these services means that they are often overlooked from a security perspective, and the AMBERSQUID operation can cost victims more than $10,000/day.
