Greg Carpenter’s Post

Traditional, on-prem network security approaches can fall short in today's distributed landscape. Zero Trust verifies every access attempt, granting least privilege. This AWS blog explores how SMBs can cost-effectively adopt Zero Trust to strengthen defenses.

Traditional, on-prem network security approaches can fall short in today's distributed landscape. Zero Trust verifies every access attempt, granting least privilege. This AWS blog explores how SMBs can cost-effectively adopt Zero Trust to strengthen defenses.

Traditional, on-prem network security approaches can fall short in today's distributed landscape. Zero Trust verifies every access attempt, granting least privilege. This AWS blog explores how SMBs can cost-effectively adopt Zero Trust to strengthen defenses.

"𝘞𝘦 𝘶𝘯𝘤𝘰𝘷𝘦𝘳𝘦𝘥 𝘢 𝘧𝘭𝘢𝘸 𝘵𝘩𝘢𝘵 𝘦𝘹𝘱𝘰𝘴𝘦𝘴 𝘢 𝘷𝘢𝘴𝘵 𝘯𝘶𝘮𝘣𝘦𝘳 𝘰𝘧 𝘢𝘱𝘱𝘭𝘪𝘤𝘢𝘵𝘪𝘰𝘯𝘴 𝘵𝘰 𝘱𝘰𝘵𝘦𝘯𝘵𝘪𝘢𝘭 𝘦𝘹𝘱𝘭𝘰𝘪𝘵𝘢𝘵𝘪𝘰𝘯 𝘶𝘯𝘭𝘦𝘴𝘴 𝘪𝘮𝘮𝘦𝘥𝘪𝘢𝘵𝘦 𝘢𝘤𝘵𝘪𝘰𝘯𝘴 𝘢𝘳𝘦 𝘵𝘢𝘬𝘦𝘯 𝘣𝘺 𝘥𝘦𝘷𝘦𝘭𝘰𝘱𝘦𝘳𝘴 𝘵𝘰 𝘴𝘦𝘤𝘶𝘳𝘦 𝘵𝘩𝘦𝘪𝘳 𝘤𝘰𝘥𝘦" Have you heard about ALBeast yet? Our research team at Miggo Security has uncovered a critical security vulnerability, dubbed #ALBeast, within the AWS Application Load Balancer (ALB) that could potentially expose countless applications to unauthorized access. This vulnerability bypasses authentication and authorization mechanisms, leaving sensitive data and systems at risk. After months of disclosures, collaboration with AWS and helping affected parties mitigate it, ALBeast is officially out. 𝐀 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐭𝐡𝐚𝐧𝐤𝐬 to my amazing team for the effort invested to secure vulnerable instances out there. Read about it in Forbes, and if you'd like to learn more about ALBeast and how to protect yourself, visit our technical blog! Both links in the first comment

𝐂𝐥𝐨𝐮𝐝 𝐈𝐧𝐟𝐫𝐚𝐬𝐭𝐫𝐮𝐜𝐮𝐭𝐫𝐞 𝐚𝐧𝐝 𝐄𝐧𝐭𝐢𝐭𝐥𝐞𝐦𝐞𝐧𝐭 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐂𝐈𝐄𝐌) is the gatekeeper of your cloud environment. It controls who can access what, ensuring only authorized individuals have the necessary permissions. Think of it as a sophisticated security system that monitors and manages access rights. 1. 𝑷𝒆𝒓𝒎𝒊𝒔𝒔𝒊𝒐𝒏 𝑨𝒏𝒂𝒍𝒚𝒔𝒊𝒔: Continuously examining access rights, even uncovering hidden permissions, to enforce the principle of least privilege. 2. 𝑺𝒆𝒓𝒗𝒊𝒄𝒆 𝑨𝒄𝒄𝒐𝒖𝒏𝒕 𝑶𝒗𝒆𝒓𝒔𝒊𝒈𝒉𝒕: Monitoring service accounts to prevent misuse and unauthorized access. By streamlining access control and identifying potential vulnerabilities, CIEM helps organizations protect their sensitive data and maintain a secure cloud environment. Read more about CIEM: https://lnkd.in/gdFx_Seh #security #securitycommandcenter #googlecloud #cloud #gcp #scc_enterprise #scc

Microsoft announces mandatory multi-factor authentication (MFA/2FA) for more secure Azure sign-ins https://lnkd.in/epwF2TgP #Authentication #Azure #Cloud #Cybersecurity #Microsoft #Microsoft365 #MicrosoftAuthenticator #PowerShell #Security #Word

🚨Imagine waking up to find your company’s confidential data on an unprotected public server. This is more common than you think! Over 22 billion records were exposed in 2021 due to data breaches. Learn how to safeguard your Microsoft 365 systems. 🛡️ #Microsoft365 #Cybersec #InfoSec https://lnkd.in/e_z8QmpE

Let’s build a scalable IDS and IPS solution using Suricata and AWS Gateway Load Balancer! 💪 When designing and implementing cloud architectures, prioritizing security is essential. Two critical tools for detecting and preventing malicious behavior are Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). IDS and IPS continuously monitor your network to identify potential incidents, log information, stop threats, and report them to security administrators. 🚫 One versatile detection engine that functions as both an IDS and an IPS is Suricata. Developed by the Open Information Security Foundation (OISF), Suricata is an open-source tool used by organizations of all sizes. In this blog post, our colleague Hendrik will demonstrate how to leverage Suricata with the AWS Gateway Load Balancer and Terraform to implement a highly available, scalable, and cost-effective IDS/IPS solution in AWS. This approach will enable you to monitor network traffic, detect threats, and block them before they reach your systems. 🛡 Learn more here ► https://lnkd.in/ehN7q-8B #AWS #Cloud #CloudComputing #IDS #IPS #Suricata #Terraform #security

Learn how dynamic secrets through HashiCorp #Vault-backed dynamic credentials redefines the usage of #Terraform. It's not just a secure method, it is the method to implement in your security roadmap.

Learn how dynamic secrets through HashiCorp #Vault-backed dynamic credentials redefines the usage of #Terraform. It's not just a secure method, it is the method to implement in your security roadmap.