Gilad David Maayan

In this post, learn how to move closer to a robust DevSecOps process that can identify and remediate software vulnerabilities immediately as they happen.

Learn more about CloudOps and essential tools in your CloudOps strategy.

Application mapping helps developers understand the impact of changes in different components of an application by aiding in troubleshooting, testing, and deployment.

SOCs are an essential component of an organization's security infrastructure, responsible for monitoring, detecting, and responding to cyber threats.

Modern network security takes a layered approach to protect the many edges of the network and network perimeter. Explore basics and risks of network security.

Let's review Kubernetes Lens and consider five great tools that can serve as alternatives.

This article will introduce the concept of model drift and discuss three strategies for overcoming it in computer vision models.

This article explains the basics of application dependency mapping, its importance in cloud environments and covers four critical best practices.

Learn the basics of DatasetGAN and how to set up a powerful GPU compute instance in AWS, install prerequisites for DatasetGAN, and more.

When an organization implements the DevSecOps model, it provides the operations and development teams with tools and processes to help them make security decisions.

In addition to zero trust, using appropriate tooling like SASE can help secure an organization’s IT infrastructure from threats posed by third-party access.

Explore the basics of open source security and examine several best practices you can use to prevent open source risks.

This tutorial will show you how to create an HTML file with a form and wire the form to a Node.js component. We'll run the Node.js server on a local machine.

In this article, learn the basics of Kubernetes performance and explore several best practices you can use to tune the performance of cluster resources.

Google Cloud, Azure, and AWS offer hundreds of different products, with their own service structures, technologies, and pricing models. Let's compare them here.

This article explores how through three-component APIs, you can access most, if not all, aspects of Dailymotion.

Image Source: Pixabay What Is Incident Response? Incident response involves responding to potential threats, such as unauthorized access to a corporate network. An event can be a sign of a breach or a false positive. However, it still requires investigation to determine the appropriate response. The goal of incident response is to detect and remediate attacks quickly. Organizations use incident response to minimize risks, respond promptly, and prevent breaches. An incident response plan is generally considered the first line of defense and, ideally, the last if it helps you prevent a breach or quickly block an attack. Here are the three main components of incident response: Incident response plan—a clear and concise plan that outlines how the organization responds to each type of security threat, providing detailed instructions and definitions of roles and responsibilities. Incident response team—security experts that work in-house or externally as third parties hired to protect the organization against various security threats. Incident response technology—supports the team in detecting, blocking, and analyzing threats. Some incident response solutions can also intelligently respond to threats. NIST Incident Response Steps The National Institute of Standards and Technology (NIST) drafted the Incident Handling Guide with guidelines for incident responders. Here are the four phases for incident handling outlined by NIST: Preparation—the incident response team must have a well established incident response plan indicating who is responsible for each part of incident response and how to deal with specific types of incidents. Detection and analysis—the cyber incident response team detects cyber incidents and collects relevant data, analyzing that data. They document and prioritize the incident when necessary before informing the appropriate authorities. Containment, eradication, and recovery—following an incident, the cyber incident response team must create and implement strategies to stop the attack, remove the threat and begin the recovery process. Post-incident activity—once an organization successfully resolves an incident, the team should go back to the first step and prepare for the next incident. Knowledge gained from each incident should inform the next preparation process, helping add new information or fine-tune processes. The NIST incident response guide suggests that preparing for incidents is an organization’s best defense. What is Zero Trust? Zero trust is a new approach to cybersecurity that secures an organization by doing away with implicit trust and continuously authenticating each stage of digital interaction. The “never trust, always verify” model informs the zero trust approach. This process works according to the premise that any user, resource, or asset is untrustworthy. Zero trust encompasses a set of principles, initiatives, policies, architecture, and frameworks. Here are characteristics of zero trust networks (ZTN): ZTN is an end-to-end functional solution that involves zero trust technology, policies, and systems designed to manage security. ZTNs are architected to manage security related to identities, credentials, identities, operations, access, hosting environment, endpoints, and infrastructure. A zero trust network deployment can have components that are cloud-based or on-premise. With a zero trust model, an organization must continually evaluate and authenticate all users before providing them with access to sensitive organizational data. Zero Trust and Incident Response Incident response is a critical organizational process used to detect cyber attacks and respond to them in a timely manner, preventing or minimizing damage to the organization. Zero trust networks provide new capabilities for incident responders. In the past, a security incident would require detailed investigation just to understand where the network was breached and how. In a zero trust environment, detailed information is available about suspicious access requests, and which individual user or device was involved in the incident. The following principles can guide incident response in a zero trust environment: Assume breach—the corporate network and insiders are not trusted. Focus on deterring violations and limiting incident damage for attackers already inside the network perimeter. Monitor identities, devices, applications, and data—a zero-trust network provides detailed information about these four elements with regard to any user request. When incident responders discover an incident, they can relate to the specific entities, applications and data involved. React to any anomaly—in a traditional network, incident responders received thousands of alerts, most of which were false positives. However, in a zero-trust environment alerts are much more focused and indicate a violation of network access rules, so they are more likely to indicate a real incident. Automated response—in a zero-trust environment, it is critical to put in place automatic detection and mitigation. Systems like zero trust network access (ZTNA) can detect anomalous access requests and automatically change network segmentation rules to protect sensitive systems. Automated response should provide a first line of defense, and deeper investigation can be carried out by human security teams. In a world of zero trust, security incidents will still happen. No technology can magically eliminate security threats. However, narrowing down the domain of trust will reduce the involvement of multiple resources in a single event. In other words, when an incident occurs, the smaller the trust area, the lesser the risk that other systems face. This enables faster detection, more efficient response, and greater confidence that a threat has really been eradicated. Conclusion In this article, I explained the basics of incident response and zero trust and explained how the zero trust revolution will impact how we defend computing systems: Assume breach mentality—an incident response process must take into account that attackers are already inside the secured perimeter. Visibility of devices and applications—in order to respond to security incidents, security teams must have complete visibility of the devices accessing corporate systems, and what applications, data or capabilities they are using. Continuous verification—the network must be able to continuously verify access attempts and any anomaly in verifications should be treated as a security incident. Automated response—in a zero trust environment, automated remediation is key to incident response, but it must be combined with human oversight and identification of root cause. I hope this will be useful as you adapt your organization’s security processes to a new zero trust environment.

In this article, I will explain how you can use Amazon Macie to automatically classify sensitive data in S3 with a quick tutorial for beginners to use Amazon Macie

It's easy to muddle over the specifics of AWS' storage options. So here, we cover AWS S3, EBS, and EFS to see when to use which one.

In this article, we discuss how to make React Native apps responsive with Flexbox, aspect ratios, and Facebook's Dimesions API.

In this article, we break down some fundamental concepts behind Endpoint Detection and Response from 2010 to now.

Don't stop at just optimizing your website. Take a look at how your streaming media could benefit from a boost.

Amazon Web Services advertises four principles that guide their pricing strategy - pay as you go, pay less by using more, save when you reserve, and their free tier. These principles provide immense benefits and efficiencies for thousands of organizations, which has driven AWS’s stellar growth. But there are downsides as well. In this article we'll review the five principles and provide a grain of salt you should consider before hooking into the Amazon machine. Principle #1: Pay as You Go The Principle: This is the main idea behind AWS - instead of buying or building costly infrastructure, rent it. AWS is dedicated to turning your CapEx expenses into OpEx. It also provides extreme flexibility - you can order 1,000 machines for an hour and then stop them and pay only for those 1,000 machine hours. The Good: It’s why organizations started moving to the cloud. Pay per use is great because it eliminates overcapacity and wasted computing resources. The Bad: Flexibility comes at a cost. If you want to really “pay as you go”, you’ll have to settle for Amazon’s On-Demand Pricing, which becomes quite expensive even for small workloads, when used for ongoing server deployments. Truth be told, most servers don’t have huge peaks or troughs in their usage - and running them on dedicated hosting or on-prem will be a lot cheaper than on Amazon. Principle #2: Pay Less by Using More The Principle: AWS provides volume discounts. Amazon S3 and many other services offer tiered pricing, and Amazon EC2 offers volume discounts for users who spend more than $500,000 in upfront costs. Amazon also provides a plethora of services and options for most use cases, allowing you to switch to a service that meets your need at a lower cost. For example, there are several AWS backup options including the AWS Backup service and storage services like S3, Glacier, EBS, EFS, etc. Organizations can move data between these storage services to gain efficiencies. The Good: Sophisticated users of AWS can save a lot by dynamically moving workloads between services and creating economies of scale. The Bad: This principle is also one of the hidden reasons for Amazon’s enormous complexity. True - you can create a tiered storage strategy and save 90% or more in many cases. But do your engineers or IT staff know the intricacies of each data service, and have the know-how to detect the relevant events and store data selectively into different data stores? Amazon provides the tools to do all this. But it requires time and expertise which by itself costs organizations serious money. Principle #3: Save When You Reserve The Principle: At the core of AWS is its compute service, Amazon EC2. EC2 machine instances are substantially discounted (on the order of 30-50%) if you reserve an instance for 1-3 years in advance. Another option is to use “spot instances” - machine instances that happen to be available at a given time, and will be taken away from you when another user demands them. Switching loads dynamically between spot instances, and helping Amazon manage their demand, can give you even bigger discounts. The Good: Amazon provides a lot of price flexibility. You can significantly cut costs by committing to 1 years or more - it’s possible to do this selectively for some workloads, while using others on demand. The spot instances option is a creative one, which lets anyone with expertise, and the time to architect a spot instances solution, shave 60% off costs. The Bad: Committing to a machine instance for 1 to 3 years on the cloud might sound like an oxymoron. Organizations are moving to the cloud to get computing resources on demand. A long-term financial commitment flies in the face of this flexibility. Many AWS users take on-demand prices as a given, and pay the price of flexibility. Principle #4: Free Usage Tier The Principle: Amazon grants 1 year of free usage with generous quotas for many of its services, to reduce risk and encourage cloud adoption. This was a primary way AWS gained its initial market share in the early years. The Free Tier Grants (as of the time of this writing) 1 year of usage with 750 hours of EC2 instances, 750 hours of RDS usage (can run managed databases like MySQL), 5 GB on S3, 1 million requests on the cool serverless delivery platform Lambda, 50 GB storage on CloudFront (delivery network), 5GB on EFS (file storage), 30GB on EBS (block storage), 750 hours of ElasticSearch, and more. The Bad: The free tier has helped many organizations and technologists get “hooked” on Amazon’s offerings - it is a showcase of the astounding depth, breadth and technical excellence of their service profile. Amazon provides - and encourages - an enormous amount of sophistication within its ecosystem. It provides power, but power brings with it responsibility, overhead and a high cost of skills. Very often, organizations select AWS by default because it is a market leader and the option most well known by their teams. I can’t say the free tier is bad, but it has creatd an unfair advantage vs. other cloud offerings, which have their own strengths. Wrap Up AWS is great, but it is also a business and has established pricing that safeguards its interests. Carefully consider the benefits and tradeoffs of the Amazon pricing philosophy before entering a large-scale engagement. If you're already heavily engaged, plan your cloud consumption 1-2 years ahead and see if other cloud platforms - such as Azure or Google Cloud Platform - can give Amazon a run for its money.

Take a look at what each of the three leading cloud vendors has to offer for backup and data storage.

There are plenty of performance tests out there that are just plain not worth your time. We explore seven such tests in this article.