Links:
- Fake Amazon cloud service AWS InfiniDash quickly goes viral: https://siliconangle.com/2021/07/05/fake-amazon-cloud-service-aws-infinidash-quickly-goes-viral/
- 7 Unconventional Pieces of Password Wisdom: https://www.darkreading.com/application-security/7-unconventional-pieces-of-password-wisdom/d/d-id/1341400
- Pentagon Cancels Disputed JEDI Cloud Contract With Microsoft: https://www.usnews.com/news/business/articles/2021-07-06/pentagon-cancels-disputed-jedi-cloud-contract-with-microsoft
- SolarWinds Discloses Zero-Day Under Active Attack: https://beta.darkreading.com/threat-intelligence/solarwinds-discloses-zero-day-under-active-attack
- 98% of Infosec Pros Say Multi-Cloud Environments Create Additional Security Challenges, Reveals Survey: https://securityboulevard.com/2021/07/98-of-infosec-pros-say-multi-cloud-environments-create-additional-security-challenges-reveals-survey/
- Autonomous Security is Essential if the Edge is to Scale Properly: https://www.darkreading.com/endpoint/autonomous-security-is-essential-if-the-edge-is-to-scale-properly/a/d-id/1341391
- Digital Habits During Pandemic Have Lasting Impact: https://securityboulevard.com/2021/07/digital-habits-during-pandemic-have-lasting-impact/
- Are Security Attestations a Necessity for SaaS Businesses?: https://www.darkreading.com/risk/are-security-attestations-a-necessity-for-saas-businesses/a/d-id/1341426
- How to Improve Cybersecurity for Your Business?: https://www.ccsinet.com/blog/how-to-improve-cybersecurity-for-your-business/
- CISA Analysis Reveals Successful Attack Techniques of FY 2020: https://beta.darkreading.com/threat-intelligence/cisa-analysis-reveals-successful-attack-techniques-of-fy2020
- How Predictive AI will Change Cybersecurity in 2021: https://insidebigdata.com/2021/07/09/how-predictive-ai-will-change-cybersecurity-in-2021/
Transcript
Jesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.
Announcer: If your mean time to WTF for a security alert is more than a minute, it’s time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you’re building a secure business on AWS with compliance requirements, you don’t really have time to choose between antivirus or firewall companies to help you secure your stack. That’s why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That’s lacework.com.
Jesse: Last April, I went to a secret training camp. We studied the entire AWS functional objection orientation language services—or FOOLS—suite of tools and APIs. The first public rollout of AWS FOOLS-supported products is already an amazing success. AWS Infinidash took the internet by storm. This product is such an amazing way to quickly dash into production all your FOOLS-coded projects.
I’m looking forward to the UDB service, AWS Infinitdiscus, where you toss your data to the cloud, the automated problem-solving tool, AWS Infinihurdle, where you leap over virtual objects, and the non-ephemeral cloud-native microservice, AWS Infinimarathon, where you can run microservices for long-running batch jobs. Sadly, I suspect the all-in-one API product AWS Infinitriathlon won’t see the light of day because the project participants keep dropping out before it’s finished. I hope they finish someday. I feel like it’s a new day dawning with AWS FOOLS. This is a watershed moment as momentous as the day we discovered Agile over waterfall.
Meanwhile, in the news. Fake Amazon cloud service AWS InfiniDash quickly goes viral. [laugh]. This turned into a fantastic and fun internet meme that won’t be going away anytime soon. Also, everything I said above about AWS FOOLS is a joke. This is not real. I’m sure there will be reports about AWS FOOLS soon enough, now.
7 Unconventional Pieces of Password Wisdom. Passwords suck. We all know they suck. We all hate them. However, we will always need to memorize a few passwords. Set passwords you can remember but are hard to guess and make them as long as the site or application will allow. Passphrases are far superior, of course.
Pentagon Cancels Disputed JEDI Cloud Contract With Microsoft. If you wonder what happens when a trillion-dollar company takes you to court, just recall how AWS managed to kill this massive contract with Microsoft. Don’t tangle with AWS, Google, or Microsoft unless you know what you’re doing.
SolarWinds Discloses Zero-Day Under Active Attack. Okay, let’s be honest. If I gave you every urgent patch announcement, this whole publication would be a boring list of stuff to install. Be sure to watch your vendors for patches and everything else.
98% of Infosec Pros Say Multi-Cloud Environments Create Additional Security Challenges, Reveals Survey. Using more than one public or private cloud combined into one infrastructure or service delivery platform is difficult for IT, of course. For security, the tools used in one cloud stack are different than another cloud stack. This makes it hard to do a single comprehensive solution that works seamlessly between them all. Shift farther left on these things.