View this email in your browser
Release Date: 20/10/2019 | Issue: 8
"The Cloud Security Reading List" is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape, hand curated by Marco Lancini.

Knowing how difficult it is to stay up to date with all the different news and releases occurring in this industry, I hope this will be helpful for other people who are particularly interested in this corner of the security scenario.

This week's articles

  • Introducing Twilio's SOCless: Automated Security Runbooks Twilio just released SOCless, a serverless framework built to help organizations easily automate their incident response and operations processes, so to respond to threats quickly and at scale. The idea behind SOCless is to have security teams focusing on designing their runbooks, while SOCless executes them both quickly and effectively in response to threats.
  • How Dropbox Security builds tools for threat detection and incident response This week has been strong on incident detetcion and alerting apparently, with also the Dropbox Detection and Response Team (DART) discussing their alerting and response pipeline, which uses Kafka, Python and Jupyter notebooks to create new tools. Alertbox was the first project built to start cutting down their triage time. The goal was to move the DART's alert response runbooks into code, and have them execute before even beginning the triage process.
  • What's Next for Vault and Kubernetes Hashicorp is considering releasing a plugin for Kubernetes designed to mount Vault secrets in a Pod. Injecting Vault secrets into Pods via a sidecar will enable more automatic access to secrets within the context of applications that don’t have native Vault logic built-in. This will allow applications to only concern themselves with finding a secret at a filesystem path, rather than managing the auth tokens and other mechanisms for direct interaction with Vault.
  • Beyond The Security Team This is the transcript of the keynote Julien Vehent delivered at DevSecCon Seattle in September 2019. Julien talks about his really interesting journey within the security industry, and describes how you should really get the security team closer to your organization.
  • How the scorecard works This is a post from Chris Farris which I didn't appreciate enough when it was first published (but I'm redeeming myself now). The post describes a process to perform inventory and generate scorecards on an hourly basis using the basic building block of AWS, as well as announcing the release of Antiope, an Inventory and Compliance Framework for AWS. I'm very curious to see how this approach could be adapted to GCP.
  • Security Program Tactics. A thread. When starting or reinvigorating a security program, focus on a small number of meta-objectives that can have sustained outsize effects - as well as diving into the immediate and very specific things that need improving. 
  • The AWS SecurityAudit policy received some new privileges In case you didn't know, Scott Piper continuously scans for modifications of the AWS managed policies.
  • Amazon CloudWatch Anomaly Detection CloudWatch just announced Anomaly Detection, which aims to help avoiding manual configuration and experimentation, and can be used in conjunction with any standard or custom CloudWatch metric that has a discernible trend or pattern.
Copyright © 2019 The Cloud Security Reading List, All rights reserved.