informationsecurity   2103

« earlier    

US intel chiefs unanimous that Russia is targeting 2018 elections
The US Director of National Intelligence says that Russia and other foreign entities are ’“likely” to pursue more cyber attacks on American and European elections in an attempt to undermine democracy in coming elections, including the 2018 midterms. “Persistent and disruptive cyber operations will continue against the United States and our European allies using elections as opportunities to undermine democracy,” Dan Coats said Tuesday during an annual Senate Intelligence Committee hearing on threats.
digitalWarfare  digitalDemocracy  globalGameOfThrones  informationSecurity 
yesterday by joeybaker
Assembling A Container Security Program
Papers / Application, DevOps
Wed, January 04, 2017
Assembling A Container Security Program
By Adrian Lane

Our paper, Assembling a Container Security Program, covers a broad range of topics around how to securely build, manage, and deploy containers. During our research we learned that issues often arise early in the software development or container assembly portion of the build process, so we cover much more than merely runtime security – the focus of most container security research. We also discovered that operations teams struggle with getting control over containers, so we also cover a number of questions regarding monitoring, auditing, and management.

To give you a flavor for the content, we cover the following:

IT and Security teams lack visibility into containers and have trouble validating them – both before placing them into production, and when running in production. Their peers on the development team are often disinterested in security, and cannot be bothered to provide reports and metrics. This is essentially the same problem we have for application security in general: the people responsible for the code are not incentivized to make security their problem, and the people who need to know what’s going on lack visibility.

Containers are scaring the hell out of security pros because of their lack of transparency. The burden of securing containers falls across Development, Operations, and Security teams – but these groups are not always certain how to tackle the issues. This research is intended to aid security practitioners, developers, and IT operations teams in selecting container security tools and approaches. We will not go into great detail on how to secure apps in general here – we are limiting ourselves to build, container management, deployment, platform, and runtime security issues that arise with the use of containers. We will focus on Docker as the dominant container model, but the vast majority of our security recommendations also apply to Cloud Foundry, Rocket, Google Pods, and the like.

If you worry about container security this is a good primer on all aspects of how code is built, bundled, containerized, and deployed. We would like to thank Aqua Security for licensing this research and participating in some of our initial discussions. As always, we welcome comments and suggestions. If you have questions, please feel free to email us, info at
securosis  security  container  docker  kubernetes  securitymonitoring  cybersecurity  cybersec  infosec  infosecurity  informationsecurity 
21 days ago by rdump
Securosis - Blog - Article
We help you secure your cloud deployments better and faster. Our field tested techniques and frameworks improve security and save costs without sacrificing agility
securosis  security  container  docker  kubernetes  securitymonitoring  cybersecurity  cybersec  infosec  infosecurity  informationsecurity 
21 days ago by rdump

« earlier    

related tags

analysis  apple  artificialintelligence  authoritarianism  aws  azure  bankindemnity  blockchain  blueteam  business  caldera  career  careerdevelopment  casteingthelowerclass  casteingthemiddleclass  censorship  cloud  computing  container  corporatecorruption  corporateincompetence  corporateindemnity  corruption  cryptography  cybersec  cybersecurity  deliberatepractice  dfir  digitaldemocracy  digitalwarfare  docker  education  elastic  elasticsearch  elk  endpoint  endpointmonitoring  endpointprotection  enterprise  expertperformance  forensics  gaming  globalgameofthrones  googlerapidresponse  governmentincompetence  governmentoverreach  grr  hacking  hacktivist  huawei  iaas  incidentresponse  informationobscurity  infosec  infosecurity  intel  intellectualproperty  iot  ir  judicialimpotence  kansa  kibana  kleptocracy  korea  kubernetes  legal  logging  logstash  machinelearning  memory  memorydumps  mems  mesopotamia  messaging  middleeast  mitre  networkandtelecoms  nsm  openstack  ott  powershell  privacy  purpleteam  ramforensics  redteam  research  rim  russia  saas  security  securitymonitoring  securitynegligence  securityoperationscenter  securitytesting  securitytheater  securosis  semiconductors  siem  skills  splunk  surveillancestate  sysinternals  sysmon  technology  testing  threatanalysis  threatintel  threatintelligence  totwitter  training  trumparistocracy  trumpincompetence  turkey  unittests  useristheproduct  volatility  where2.0  win  wireless 

Copy this bookmark: