The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.
In this blog post you’ll learn how to set up image vulnerability scanning for AWS CodePipeline and AWS CodeBuild using Sysdig Secure DevOps Platform. AWS provides several tools for DevOps teams: CodeCommit for version control, CodeBuild for building and testing code, and CodeDeploy for automatic code deployment. The block on top of all these tools is CodePipeline that allows them to visualize and automate these different stages.
As container adoption in AWS takes off, ECR scanning is the first step towards delivering continuous security and compliance. You need to ensure you are scanning your images pulled from AWS ECR for both vulnerabilities and misconfigurations so that you don’t push applications running on AWS that are exploitable.
Cloud teams are increasingly adopting AWS container services to deliver applications faster at scale. Along with the roll out of cloud native architectures with containers and orchestration, what’s needed to stay on top of the security, performance and health of applications and infrastructure has shifted. At Sysdig, we’ve worked with Amazon to provide tools and integrations that help secure your Cloud Native workloads deployed across all AWS container services.
We recently launched Elastic Security, combining the threat hunting and analytics tools from Elastic SIEM with the prevention and response features of Elastic Endpoint Security. This combined solution focuses on detecting and flexibly responding to security threats, with machine learning providing core capabilities for real-time protections, detections, and interactive hunting. But why are machine learning tools so important in information security? How is machine learning being applied?
Back on September 4th, we filed a lawsuit against floragunn GmbH, the makers of Search Guard, a security plugin for Elasticsearch and Kibana, for a multi-year pattern of copying our proprietary code. After filing the claim, we have continued to investigate floragunn’s actions. Today, we have updated our lawsuit in two important ways. First, we have identified additional copying by floragunn with respect to the separate, proprietary code base for our Kibana product.
With the growing complexity and velocity of security threats in dynamic, cloud-native environments, it’s more important than ever for security teams to have the same visibility into their infrastructure, network, and applications that developers and operations do. Conversely, as developers and operations become responsible for securing their services, they need their monitoring platform to help surface possible threats.
