Keith Gregory: Mitigating Log4Shell with AWS
Deploying your applications in the Cloud, and using the services it provides, is one good way to mitigate the possibility of future attacks.
Managing Internet Access for AWS Workloads
Two months ago I didn’t give much thought to controlling a program’s access to the Internet. Then Log4Shell happened. This post looks at three ways that you can control what an in-VPC application is allowed to talk to.
Using Cloud Deployments To Mitigate Log4Shell and Similar Vulnerabilities
It’s been a week since CVE-2021-44228, a remote code execution vulnerability in Log4J 2.x, hit the world. Hopefully by now everybody reading this has updated their Java deployments with the latest Log4J libraries. But no doubt there’s another vulnerability, in some popular framework or library, just waiting to make its presence known. This post is about Cloud features that act to minimize the blast radius of such vulnerabilities.
Delving into CloudTrail events
CloudTrail provides you with an audit log of every successful API call made in your AWS account. This post focuses on management events in CloudTrail, and techniques for exploring and analyzing those events using a search engine such as Elasticsearch with Kibana.
IoT on AWS – Cyber Solutions’ Steve Pressman on Data Protection and Cloud Security
This presentation will take you through the biggest areas where you need to focus your efforts in order to keep your data safe in AWS, and will show some real-life examples of what could go wrong if you make compromises or allow bad practices.
Media Giant Migrates From Bare Metal to AWS
A Chariot team led by Eric Snyder migrates a local media giant’s data to the Amazon Web Services cloud.
Philly ETE 2014 – Gulrukh Ahange – Patterns for Service Security in Hybrid Public/Private Cloud Deployment
How do organization provide security between the realm of greater oversight and control in private cloud and the unknowns in the public cloud? Do the patterns for securing a service in a hybrid cloud deployment look different than used in traditional private cloud? This presentation will cover some of the challenges and patterns to make hybrid cloud secure and redundant.