TeamTNT is a prevalent threat actor who has been targeting cloud and virtual environments such as Kubernetes and Docker since at least late 2019. This threat actor is financially motivated, focusing their efforts on stealing credentials and cryptomining. In 2020, we analyzed their use of Weave Scope on an unsecured Docker API endpoint exposed to the internet. In December 2021, we attributed an attack to TeamTNT in which they targeted a vulnerable WordPress pod to steal AWS credentials.

If you work in Security or Operations, you are surely familiar with the concept of “alert fatigue.” Alert fatigue Syndrome is the feeling of becoming desensitized to alerts, causing you to potentially ignore or minimize risks and harming your capability to respond adequately to potential security threats.

Kubernetes Security Posture Management or KSPM refers to the security state and capabilities in place to manage the defense of the Kubernetes clusters and the workloads running on top of it. It tells us how well those capabilities can predict, prevent and respond to cyber threats in relation to Kubernetes. If that definition sounds familiar to you, it is because it is the common definition of Security Posture, but focused on Kubernetes Security.

Infrastructure as Code (IaC) is a powerful mechanism to manage your infrastructure, but with great power comes great responsibility. If your IaC files have security problems (for example, a misconfigured permission because of a typo), this will be propagated along your CI/CD pipeline until it is hopefully discovered at runtime, where most of the security issues are scanned or found. What if you can fix potential security issues in your infrastructure at the source?

AWS Security Groups (and Network ACLs and VPCs) are some of the fundamental building blocks of security in your cloud environment. They are similar to firewalls but are not the same thing. You have to understand this topic very well before you begin building in the cloud, because there are some subtle differences in how they are used, and you need to follow best practices. You should know your public cloud provider is contractually bound to honor its side of a shared responsibility model.

Contrary to what you might have read on the Internet, machine learning (ML) is not magic pixie dust. It’s a broad collection of statistical techniques that allows us to train a computer to estimate an answer to a question even when we haven’t explicitly coded the correct answer into the program.

One of the most important pillars of a well-architected framework is security. Thus, it is important to follow these AWS security best practices to prevent unnecessary security situations. So, you’ve got a problem to solve and turned to AWS to build and host your solution. You create your account and now you’re all set up to brew some coffee and sit down at your workstation to architect, code, build, and deploy. Except, you aren’t.

This article is intended to summarize the security services and tools provided by Microsoft for Azure cloud. We will also explore the value add Sysdig can provide when used in conjunction with the default Azure services for security.

Whether you’re learning cloud-native workload protection for the first time or running all your microservice workloads in production, you probably already noticed that cloud-native security is much different from security design used for traditional monolith applications. The dramatic increase in complexity and the evolving threat landscape make cloud and container security even more critical and harder to manage.