Rami McCarthy’s Post

As a former user of AWS GuardDuty I want to recommend this read by Rami McCarthy. GuardDuty is a good start to detect threats in your AWS environment but isn’t a holistic solution. And as this article shows there are a few shortcomings and other caveats to consider. Happy read

🚀 𝗘𝗹𝗲𝘃𝗮𝘁𝗲 𝗬𝗼𝘂𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 𝗚𝗮𝗺𝗲 𝘄𝗶𝘁𝗵 𝗔𝗺𝗮𝘇𝗼𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗟𝗮𝗸𝗲!🚀 Ready for a game-changer in your security incident response strategy? Your arsenal is about to get a major upgrade with #AmazonSecurityLake. This duo of articles will transform how you tackle security threats: 𝗧𝗵𝗲 𝗙𝗼𝘂𝗻𝗱𝗮𝘁𝗶𝗼𝗻: Amazon Security Lake – the bulwark that consolidates your data into a singular, impenetrable hub. 𝗧𝗵𝗲 𝗔𝗰𝗰𝗲𝗹𝗲𝗿𝗮𝘁𝗶𝗼𝗻: Unleash rapid response strategies that put you ahead of cyber adversaries. Two of the biggest advantages: 𝗖𝗲𝗻𝘁𝗿𝗮𝗹𝗶𝘇𝗲𝗱 𝗗𝗮𝘁𝗮 𝗛𝗮𝘃𝗲𝗻: Gather all your security data into one fortified, easily accessible repository. 𝗦𝘁𝗿𝗲𝗮𝗺𝗹𝗶𝗻𝗲𝗱 𝗪𝗼𝗿𝗸𝗳𝗹𝗼𝘄: Cut through the noise with a system that's built for speed and precision. 𝗠𝗮𝘀𝘁𝗲𝗿𝗶𝗻𝗴 𝘁𝗵𝗲 𝗔𝗿𝘁 𝗼𝗳 𝗖𝘆𝗯𝗲𝗿 𝗗𝗲𝗳𝗲𝗻𝘀𝗲! No more playing catch-up. Amazon Security Lake equips you to predict, prepare, and pulverize security threats. 💥🛡️ ⤵ Dive deeper into the topic with the following two articles⤵ https://t.ly/KBH5s https://t.ly/gxKf3 #AWS #cloudcomputing #valanticSTI #cloud #security #cyberdefense

protect yourAWS Lambda URL origins by using CloudFront Origin Access Control (OAC) to only allow access from designated CloudFront distributions.  With this launch, you can now use CloudFront OAC to authenticate access to Lambda function URLs from your designated CF distributions. OAC uses AWS Signature Version 4 (SigV4), allowing customers to block unintended users from directly accessing the function URLs. This improves the security posture because the potential threat surface of the URL endpoint is reduced. https://lnkd.in/d7F-3BqM

Here is a Forbes article on what AWS is doing in the internet space to catch bad actors and protect customers and their data. https://lnkd.in/g2A5njjV

#Technology #Tech #Infrastructure #DataArchitecture #DataDriven #DataEngineering Cloudflare, Google and AWS Disclose HTTP/2 Zero-Day Vulnerability: On October 10th, Cloudflare, Google, and AWS disclosed a novel zero-day vulnerability attack known as the 'HTTP/2 Rapid Reset.' This attack exploits a weakness in the HTTP/2 protocol to generate enormous Distributed Denial of Service (DDoS) attacks, up to almost 400 million requests per second (rps). By Renato Losio #DataIntelligence #DataArchitect #DataEngineer

#Technology #Tech #Infrastructure #DataArchitecture #DataDriven #DataEngineering Cloudflare, Google and AWS Disclose HTTP/2 Zero-Day Vulnerability: On October 10th, Cloudflare, Google, and AWS disclosed a novel zero-day vulnerability attack known as the 'HTTP/2 Rapid Reset.' This attack exploits a weakness in the HTTP/2 protocol to generate enormous Distributed Denial of Service (DDoS) attacks, up to almost 400 million requests per second (rps). By Renato Losio #DataIntelligence #DataArchitect #DataEngineer

🚀 Unlock the Power of Centralized Security with Amazon Security Lake 🚀 In an era where cyber threats are evolving faster than ever, the need for a unified security approach is paramount. Enter Amazon Security Lake, a groundbreaking service designed to centralize and streamline security data across your entire digital ecosystem. 🔍 Why Amazon Security Lake? Centralized Security Data: Security Lake brings together data from AWS environments, SaaS providers, on-premises systems, and other cloud sources, all into a single, purpose-built data lake. This integration spans across multiple AWS Regions, providing a holistic view of your security landscape. Optimized Data Management: Efficiently manage and store massive volumes of security data, optimizing query performance to ensure that your security insights are always up-to-date and actionable. Data Normalization: The service standardizes your security data into an open format, making it easier to manage and analyze across multicloud and hybrid environments. This normalization simplifies the complexities of dealing with disparate data sources, enabling seamless security operations. Advanced Analytics: With Amazon Security Lake, you retain full control and ownership of your data while having the flexibility to use your preferred analytics tools. Whether you're conducting threat hunting, compliance monitoring, or incident response, Security Lake empowers you with the insights needed to protect your digital assets effectively. Near Real-Time Visibility: Gain a near real-time view of your security posture, allowing you to respond to threats faster and more efficiently. This comprehensive visibility is crucial for maintaining the integrity of your workloads, applications, and data. 🌟 Empower Your Security Team: By centralizing and standardizing security data, Amazon Security Lake transforms how organizations approach cybersecurity. It enables your security team to focus on what truly matters—protecting your business and staying ahead of emerging threats. Ready to elevate your security strategy? Dive deeper into Amazon Security Lake and see how it can revolutionize your approach to cybersecurity.

Microsoft made Copilot for Security, the very first AI assistant for Security Operations, available today. It's a powerful SecOps tool that can help you keep your team's workload in check. If you're interested, you can add this service to your Azure environment. Be warned, though, it's not inexpensive! The pricing starts at approximately $3000 monthly for one compute unit, though Microsoft recommends starting at 3 (roughly $9000). This is a high initial investment. However, suppose security is strategically vital for your company, and every minute counts or your team is overloaded and needs to do things faster and more accurately (pretty much a given these days). In that case, you can quantify the value now. Check out the full report of the Copilot economic study to learn more about how this service can enable your Security Operations team! https://lnkd.in/e3knb_PC #SecOps #MicrosoftSecurity ProArch #Azure #SecurityAI

Post 3 🔒 Protecting APIs: Throttling for Defense Against Denial of Service 🛠️ Issue: Encountered a critical challenge with an API endpoint facing Denial of Service (DoS) attacks due to excessive requests, leading to processing issues. 🔍 Root Cause: Lack of throttling mechanisms left the API vulnerable to abuse, overwhelming its capacity to handle incoming traffic. 🔧 Fix: Implemented throttling in AWS API Gateway at specific resource and method levels, setting limits on requests per second and burst concurrency. Steps:- Go to stage >> Select resource >> Select Method >> Edit >> Enable Throttling. 📊 Results: Throttling now ensures more secure and reliable API operations. When request thresholds are surpassed, AWS API Gateway responds with a 429 status code, signaling throttling due to excessive requests. 🎓 Learning: Importance of proactive security measures, such as throttling, to safeguard APIs against DoS attacks and maintain service integrity. #APIManagement #Security #AWS #Throttling #DoSProtection #TechSecurity #aws #apigateway

Have you considered using Lambda Function URL and decided against it for security reasons? I have attempted to create one in my internal AWS account, and was flagged for security purposes because the http endpoint was open to the public. I figured, I can secure it like a S3 bucket and make the endpoint accessible only via CloudFront. But I was wrong. Not a limitation any longer… use OAC! https://lnkd.in/g3ym4Riv