Cloud Security Podcast

In this episode of the Virtual Coffee with Ashish edition, we spoke with Andrew Krug (@andrewkrug) is a AWS Re:invent speaker and Cloud Security Evangelist at DataDog (@DataDogHQ). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Andrew Krug (@andrewkrug) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security News  - Cloud Security Academy

Cloud Security News this week 17 November 2021 According to a research by Trend Micro, Elastic Computing Service (ECS) instances for Alibab Cloud are becoming an increasingly common target for financially motivated hackers with cryptomining goals. This increased targeting may be due to a few unique features of Alibaba Cloud. Alibaba ECS instances come with a preinstalled security agent and provides root access/ privileged control by default. There is a detailed article attached about this here JupiterOne (a Cyber Asset Management Platform ) and Cisco have announced  the launch of Secure Cloud Insights, an expanded cloud security and security operations partnership designed to provide businesses with a range of cybersecurity services. This new solution is aimed at  helping Cisco customers achieve a higher level of maturity with their digital transformation and security program. CEO of Jupiter One, Erkang Zheng calls it a game changing offering - that would provide increased visibility, efficiency, and speed to security operations, with combined context from situational awareness and structural data. We would be curious to know if you think the same. Those familiar with Palo Alto and their core cloud-security package, Prisma may be intrigued to know that they have launched Prisma 3.0.  Truffle Security has released an open source hacking tools called Driftwood designed to discover leaked, paired private and public keys which may be harmful. Driftwood builds upon Truffle Hog and is available on Github. Truffle Security in their blog which is shared here. stated that With this tool they found the private keys for hundreds of Transport Layer Security certificates, and Secure Shell keys that would have allowed an attacker to compromise millions of endpoints/devices. The Federal government is going from a  “Cloud First” to a “Cloud Smart” strategy to leverage cloud without compromising security. They quoted that “Cloud Smart is about equipping agencies with the tools and knowledge they need to make these decisions for themselves, rather than a one-size-fits-all approach.The shift will be from “buy before build” to “solve before buy,”. Under security they added that “Successfully managing cloud adoption risks requires collaboration” leaning into that shared responsibility model we hear often about with Cloud Security. The link to the document is here Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News  If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Ran Ribenzaft (@ranrib) is an AWS Serverless Hero, Forbes under 30 and the  co-Founder of Epsagon (@Epsagon). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:  Ran Ribenzaft (@ranrib) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security News  - Cloud Security Academy

Cloud Security News this week 10 November 2021 Microsoft is extending its native cloud security posture management (CSPM) and workload protection capabilities to Amazon Web Services (AWS) - yes you heard that right! within a suite called Microsoft Defender for Cloud. This was previously know as Azure Security Center and Azure Defender At their annual conference Ignite 2021, their focus was enterprise cloud protection, specially multi cloud environments. Microsoft Defender for Cloud will now let organizations secure AWS and Azure environments from one place without depending on the AWS Security Hub. We will bring you the highlights from Ignite 2021 next week, you can check out the event virtually here For folks who have been waiting on better security services support for Linux on Microsoft Azure - they recently announced the expansion of  the Defender for Endpoint on Linux capabilities. Defender for Endpoint is a cloud-based product that includes vulnerability management and assessment, and endpoint detection and response (EDR) on Linux servers.  Are you wondering about Oracle Cloud and what they are upto? Oracle Cloud most recently trying to stand out amongst its competitors by broadening the range of built-in and add-on cybersecurity features in Oracle Cloud Infrastructure. Oracle said the new features are intended not only to simplify management but also to address the problem misconfiguration and user error. If you want to find out more - you can check out their new Oracle Cloud Infrastructure Web Application Firewall for Flexible Load Balancers, Oracle Cloud Infrastructure Vulnerability Scanning Service, Oracle Cloud Infrastructure Bastion and Oracle Cloud Infrastructure Certificates If you use Crowdstrike, this ones for you. The popular real-time detection and automated response software, Crowstrike is making some big moves in the Cloud Space, doubling down on zero trust.  The National Security Agency (NSA) and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement. Read more here If you have been reading about Robinhood being hacked, this one wasn't a cloud security breach however a good old social engineering attack which if your interested to know more about, you can read here Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News  If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jon Zeolla (@jonzeolla ) is a Cloud Native Contributor, co-founder CTO of Seiso. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:  Jon Zeolla (@jonzeolla ) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security News  - Cloud Security Academy

Cloud Security News this week 27 October 2021 In case you missed the quarterly earnings updates from last episode, I do encourage you to check it out to see how Google Cloud and Azure faired last Quarter. AWS came out still leading the pack $16.11 billion in the quarter, up almost 39% from a year ago. You can view the report here  Industry Tech giants including Google, Salesforce, Okta and Slack have announced the creation of a “vendor-neutral” security baseline for businesses called ‘Minimum Viable Secure Product’ (MVSP). Its a minimalistic security checklist for B2B software and business process outsourcing supplier designed  to eliminate overhead, complexity and confusion during the procurement and vendor security assessment process by establishing minimum acceptable security baselines. The intention is to increase clarity reduce the onboarding and sales cycle by weeks or even months. You can view the checklist here Remote code execution vulnerability was patched by Gitlab in April 2021 however researchers from Rapid 7 recently found that the exploitations were continuing to this day, with  only 21% of the instances fully patched against the issue. Gitlab strongly recommends updating to the latest version to remedy this. Read more about Rapid 7’s research here and Gitlab’s release here IBM has released their report - Cloud’s Next Leap. They surveyed over 7000 executives in enterprise cloud adoption over 44 countries. 59% of organizations reported that digital transformation has accelerated for them through the pandemic. Not dissimilar to other reports this year, most of their respondents are also yet to fully realize cloud’s full transformational power. Hybrid cloud/multicloud once again is reported to be  the dominant architecture for cloud service delivery. Something rather interesting they reported on is that while many organisations are moving to the cloud, they are often moving to different versions of it.Report here For our sonic hedgehog gaming fans, Tokyo-based Sega is looking to produce large-scale, global games in a next-generation development environment built on Microsoft’s Azure cloud platform. The intent is to create big-budget titles using Microsoft’s know how  - who also own  Xbox cloud gaming tech. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News  If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Maximilian Burkhardt (@maxb) is a Staff Security Engineer at Figma (@Figma) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:  Maximilian Burkhardt (@maxb) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security Podcast - www.cloudsecuritypodcast.tv - Cloud Security News  - Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Chris Hughes (@Linkedin-Profile) is a host of the Resilient Cyber Podcast. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:  Chris Hughes (@Linkedin-Profile) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security Podcast - Cloud Security News  - Cloud Security Academy

Cloud Security News this week 27 October 2021 UK’s spy agencies have given a contract to AWS to host classified material. Their intention is to boost use of data analytics and artificial intelligence for espionage. The agreement, estimated by industry experts to be worth £500m to £1bn over the next decade. The Guardian has reported that “the contract with Amazon is likely to ignite concerns over sovereignty because the UK’s most secret data will be hosted by a single US tech company” - Quite the interesting comment and Cloud Security News would love to hear your thoughts on this It's also the season for Revenue announcements for Quarter 3 for our big cloud providers. Google announced this week that Google Cloud revenue jumped 45 percent to $4.99 billion in the third quarter compared to the same period last year. You can view the results here Microsoft also announced their Quarter 3 revenue for Intelligent Cloud  to be $17.0 billion, an increase of   31% -  You can view the results here Microsoft shared earlier this month that things remain “Business as usual for Azure customers despite 2.4 Tbps DDoS attack” in Europe. They reported that the attack traffic originated from approximately 70,000 sources and from multiple countries in the Asia-Pacific region. Read the full statement from Microsoft here The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with NOBELIUM. It's quite the interesting read and the full blog can be found here. If you use discourse, a popular open source forum software, you should make sure that you update to Discourse versions 2.7.9 or later, as a security bug has been found that affects Discourse versions 2.7.8 and earlier. Read the Discord blog here Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News  If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Nathan Case ( Linkedin Profile ) is a Senior Director, Security Operations at Resilience. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:  Nathan Case ( Linkedin Profile ) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security Podcast - Cloud Security News  - Cloud Security Academy