AWS ANALYTICS

Lightspin Launches Free AWS Cloud Security Tool to Reveal Publicly Exposed Cloud Assets on Any Domain

Lightspin | April 06, 2022

Lightspin_Launches_Free
Lightspin, the next-generation cloud security platform, today announced the first free AWS cloud security tool that scans any and all domains to reveal publicly exposed cloud assets.Recon.Cloud is a free AWS cloud threat intelligence resource that provides a clear view of any domain's current exposure from an attacker's perspective. Users will have vastly greater visibility into and increased transparency of their publicly exposed assets.

Attack surface management is a rising challenge of cloud migrations. Gartner predicts that, through 2025, 99% of breaches in cloud environments will come as a result of human error, such as misconfiguration of cloud roles, permissions, and policies. Existing subdomain enumeration tools do not provide the granular specifics for cloud environments. Unlike other tools, Recon.Cloud scans provide a full picture of an AWS environment with all AWS metadata accessible within the user interface. Users can then easily export their results via a JSON file or incorporate their findings into the Lightspin platform to see even more contextual risk within their broader attack surface.

With Recon.Cloud, we are helping to solve the issue of poor visibility in cloud environments. Recon.Cloud is specifically designed to focus on only the pertinent publicly exposed cloud assets in a domain. DevOps and red team members can use Lightspin's free and easy-to-use threat intelligence tool for an in-depth picture of their AWS environment with the option of exporting and analysis just one click away. It also allows security operations to scan targets for research or to better understand recent acquisitions during threat modeling."

Gafnit Amiga, Director of Security Research at Lightspin.


About Lightspin
Lightspin's next-gen cloud security posture management (CSPM) platform protects cloud and Kubernetes environments from build to runtime and simplifies cloud security for security and DevOps teams. Using advanced graph-based technology, Lightspin prioritizes risks across the cloud environment focusing security efforts on the critical issues that matter most. Lightspin serves Fortune 500 customers across the globe and is headquartered in Tel Aviv, Israel with offices in New York, NY.

Spotlight

Imagine that you are starting a family and you want to stay on top of your finances so you can manage your budget for your growing family. Because you have too many accounts for banking, loans, subscriptions, and bills to keep track of, you decide to sign up for a service that aggregates all your accounts in one place. When you register your account online, you follow the instructions carefully. You create a strong, unique password and set up multifactor authentication. You enter your bank account and loan information, home address, and other personal information. Your spouse also signs up, and you create a joint family account that combines your information.


Other News
CLOUD SECURITY

A More Efficient, Innovative and Greener 11.11 Runs Wholly on Alibaba Cloud

Alibaba Cloud | November 16, 2022

Alibaba Cloud, the digital technology and intelligence backbone of Alibaba Group, has once again excelled in its mission of supporting the group’s 11.11 Global Shopping Festival, thanks to its high-performance computing and innovative technology. Drawing on self-developed infrastructure upgrades, the group saw an 8% year-on-year saving in computing cost per resource unit from April 1 to November 11. “The breadth and depth of cloud technology deployment during this year’s 11.11 has once again showcased Alibaba’s best cloud and technology practice; be it through fundamental architecture like self-proprietary technology powering high-performance computing and database products, or consumer-facing XR (extended reality) and livestreaming technologies. We intend to continue applying these proven capabilities to even better serve our customers and help them to be more efficient, innovative and greener in their own digital transformation journeys,” Li Cheng, Chief Technology Officer (CTO) of Alibaba Group Doing more with less through cloud-native and serverless innovations This year’s 11.11 was powered by Alibaba Cloud’s dedicated processing unit for the Apsara Cloud operating system. The upgraded infrastructure system, significantly improved efficiency of computing, storage and network in data centers supporting the event, while also reducing network latency. For example, with this new upgrade supported by cloud-native technology, ordering, pre-sale balance payment and refunding could be launched simultaneously with an enhanced scalability and lower latency. During this year’s 11.11, the front page of Taobao, one of Alibaba’s e-commerce platforms, was upgraded by the latest serverless technology, allowing for automatic scaling with extreme elasticity based on actual workloads. Alibaba Cloud’s cloud-native database products also significantly expanded the capacity of consumers’ shopping carts by more than a double, from 120 items to 300. The ApsaraDB for Redis Enhanced Edition (Tair), a cloud-based in-memory database service for enterprises, supports new functions such as product grouping and sorting, enabling consumers to organize their shopping cart according to their own preferences. They could also make use of the ‘select’ function to enjoy cross-merchant discounts, to pre-order goods and use vouchers for a more rewarding shopping experience. Innovative technology delivers more immersive consumer experience A more immersive shopping experience was created this year thanks to Alibaba’s proprietary technology in supporting extended reality. Alibaba’s technology in 3D modeling leverages a neural radiance field (NeRF), a neural network technology for generating novel views of complex 3D scenes. During this year’s 11.11, it assisted luxurious retail and furniture brands, like Burberry, Estee Lauder and SK-II, to build virtual stores on the e-commerce platform Tmall. Through self-developed 3D renderings that realistically represent natural light, flames and natural flowing water, an outdoor nature scene was built for sportswear brands including Descente (Japan), to showcase its latest products in a vibrant and invigorating environment. Consumers can also view the products in three dimensions, enabling them to inspect details up close, or try on their chosen watches and accessories virtually thanks to AR technologies. Consumers are also free to arrange different items of furniture indoors, or tents for outdoor camping. Another new expressive interaction came from an XR-powered marketplace on Tmall and Taobao. Using the automatic 3D space creation technology from Alibaba’s research institute DAMO Academy, a virtual shopping street was built, featuring over 700 products from 70 brands including 30 internationally-recognized franchises, such as Sanrio’s iconic Hello Kitty, and Hollywood’s franchise Minions. Shoppers can choose their own avatars, check out the products and place them in their virtual shopping carts. During this year’s 12-day festival from October 31 to November 11, nearly 2 million packages were delivered by Xiaomanlv vehicles, Alibaba’s last-mile logistics vehicle. This is double the package delivery volume from the same period last year. The logistics robot was deployed in over 400 campuses across China, which has greatly reduced the time of queuing for package deliveries during peak hours. A greener 11.11 powered by clean energy In addition to its cloud computing solutions helping to reduce energy consumption, Alibaba Cloud’s five hyper-scale data centers across China also doubled the amount of clean energy used to support this year’s 11.11 compared to last year. More than 32 million kilowatt-hours of electricity used by Alibaba Cloud to support 11.11 this year came from renewable energy, up by 30% on a daily basis average compared to last year. Additionally, Alibaba Cloud's Heyuan data center, the cloud company’s largest hyper-scale data center in South China, now runs entirely on clean energy. Alibaba Cloud’s self-developed immersion cooling technology has reduced the energy consumption of the data centers, with power usage effectiveness (PUE) reaching as low as 1.09 - a world-leading level. Alibaba Cloud has also worked with Tmall to leverage the carbon management platform, Energy Expert. It provided online carbon footprint modeling, calculations and certifications for more than 40 brands in various sectors, including paper & pulp, food and personal care, to help them categorize low-carbon products, identify carbon emission resources and conduct informed sustainability practices to reduce carbon emissions. About Alibaba Cloud Established in 2009, Alibaba Cloud (www.alibabacloud.com) is the digital technology and intelligence backbone of Alibaba Group. It offers a complete suite of cloud services to customers worldwide, including elastic computing, database, storage, network virtualization services, large-scale computing, security, management and application services, big data analytics, a machine learning platform and IoT services. Alibaba maintained its position as the third leading public cloud IaaS service provider globally since 2018, according to IDC. Alibaba is the world’s third leading and Asia Pacific’s leading IaaS provider by revenue in U.S. dollars since 2018, according to Gartner.

Read More

CLOUD DEPLOYMENT MODELS

eSentire Announces Global Partnership with Lacework to Reduce Cloud Security Risk

eSentire | November 02, 2022

eSentire Inc., the Authority in Managed Detection and Response (MDR), announced today its global partnership with Lacework®, the data-driven cloud security company, advancing its protection of cloud workloads, containers, applications, and Kubernetes with 24/7 Multi-Signal MDR and Cloud Security Posture Management (CSPM) services, utilizing the Lacework Polygraph® Data Platform. eSentire is Lacework’s first global MDR partner. With 95% of organizations leveraging at least one cloud service1 and 70% running more than two containerized applications by 20232, security leaders must seek out partners who align cloud protection to each organization’s business strategy. Widespread adoption of cloud Infrastructure (IaaS), Platform (PaaS), and Software as a Service (SaaS) models demonstrate an undisputed business ambition to innovate and scale quickly. eSentire uniquely embraces the balance between business strategy and cloud security, delivering first and foremost on the mission to protect the risk in order to prevent business disruption. “eSentire understands that cloud security isn’t a journey to shift left for every organization. It’s about protecting what matters most to your business because a risk is a risk, no matter where your users and data reside, This partnership with Lacework demonstrates our commitment to driving the most proactive threat response outcomes forward on behalf of our global customer base. Our message to security leaders is that you’re in the cloud, and we’re all-in to protect you.” Rahul Bakshi, Chief Product Officer, eSentire Using machine learning, artificial intelligence, and cloud behavioral analytics, the Lacework Polygraph® Data Platform automatically learns and understands behaviors across an organization’s cloud environment. eSentire’s new partnership with Lacework expands its deep expertise across AWS, Azure and Google Cloud with further visibility, differentiated behavior-based threat detection, and context-rich insights to fuel its multi-signal investigations. From there, eSentire’s 24/7 SOC analysts and renowned Threat Response Unit (TRU) stop active threats before they spread to become business disrupting, with a Mean Time to Contain of less than 15 minutes. eSentire’s Cyber Risk Advisors act as an extension of the customer’s team, supporting their risk-based strategy with the contextual industry and business awareness required to provide actionable recommendations to improve cyber resilience across on-premise, cloud, and hybrid environments. Additional eSentire and Lacework mutual service benefits include: Identified and prioritized misconfigurations across the three major cloud providers – Azure, AWS, and Google Cloud Findings mapped against recognized industry frameworks, including HIPAA, CIS, and SOC 2 Complete multi-signal threat investigation visibility within eSentire’s Atlas Insight Portal Detection, investigation, and containment of threats to virtual machine (VM) workloads and containers up to 10x faster A 342% return on investment, 100:1 alert reduction, and 80% faster investigation capability “As threats continue to increase in speed and sophistication, customers are looking for security solutions which can help them continue to innovate quickly with the confidence they’re prioritizing security and compliance,” said Brian Lanigan, VP, Worldwide Channels and Alliances, Lacework. “Together with eSentire, we’re delivering a fully managed solution that provides complete cloud detection, investigation, and proactive threat response. This puts the customer’s protection at the forefront, mitigating cloud security risks with transparent visibility and co-management capabilities.” eSentire MDR for Cloud and Cloud Security Posture Management protection with Lacework is available now. eSentire and Lacework will be hosting an executive fireside chat on Thursday, December 7, 2022, with industry experts Tia Hopkins (Field CTO and Chief Cyber Risk Strategist, eSentire) and Erin K. Banks (Senior Director of Product Marketing, Partners & Alliances, Lacework) entitled: Risk is Risk - Is Cloud Security The Journey or The Destination? To register and participate in this engaging conversation, visit: mdr.esentire.com/lacework. About eSentire eSentire, Inc. is the Authority in Managed Detection and Response, protecting the critical data and applications of 1,500+ organizations in 80+ countries, representing 35 industries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts, Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services.

Read More

CLOUD SECURITY

SqlDBM and Inergy Announce Partnership, Looking at Cloud as the Future of Data

SqlDBM | November 24, 2022

SqlDBM - Online Data Modeling Tool announced their partnership with Inergy, a leading provider of BI and Analytics solutions based in the Netherlands. Henceforth, Inergy will collaborate with SqlDBM as a Silver Partner, aligning on digital exposure and cloud adoption strategy. SqlDBM, itself a cloud-based SaaS database modeling platform, has witnessed firsthand the transformative power that the cloud drives for scalability and ease of use. Inergy, with over two decades of BI experience, is likewise committed to helping its customers embrace cloud-based solutions. Both SqlDBM and Inergy are official Snowflake Partners and see this synergy as a natural fit. “The Inergy-SqlDBM partnership is a powerful combination. Data environments across platforms and channels have become increasingly complex, so the tools and consultants which deal with them must evolve to meet this challenge. We believe our common understanding of cloud solutions will be pivotal in leading the industry towards the future of the cloud,” Anna Abramova, Head of Growth at SqlDBM Inergy is also a Gold Microsoft Partner, with employees certified in Azure, one of SqlDBM’s most widely-supported databases. Both companies see the cloud as the logical next step in BI and data warehousing. They will henceforth collaborate to make sure their customers are well equipped to leverage the possibilities that cloud computing has to offer. About SqlDBM SqlDBM’s mission is to provide a modern cloud-based modeling solution that enables customers to layout or create their business warehouse without writing a single line of code. SqlDBM supports leading cloud-based database providers like Snowflake, Azure Synapse, Redshift, and on-premise solutions like Postgres and SQL Server. Using an online visual interface, users can diagram their entire database through reverse engineering, create new objects, make changes, and add properties without writing SQL. SqlDBM provides additional features that facilitate data governance, data discovery (data dictionary), DevOps and CI/CD, and communication between business and technical users. About Inergy Inergy helps organizations get more returns from their core business and business processes by generating insight from all the information they may have. Inergy does not shy away from ambitious projects or demanding clients. Thanks to their many years of experience and thorough knowledge of business processes and technology, Inergy works quickly for result-oriented solutions. And thanks to those same years of experience, Inergy has developed a keen eye for innovative BI techniques and solutions that can help any business.

Read More

CLOUD SECURITY

Micro Focus Introduces HCMX FinOps Express to Optimize Cloud Spend

Micro Focus | December 12, 2022

Micro Focus today announced the release of Hybrid Cloud Management X (HCMX) FinOps Express at the Gartner IT Infrastructure, Operations & Cloud Strategies Conference (IOCS), taking place this week in Las Vegas. With about $500 billion being spent on cloud infrastructure annually, this new SaaS release is designed for financial management of cloud investments to reduce surprise bills and optimize cloud spend. "Among many reasons that organizations move workloads to the cloud is to reduce data center costs, but many organizations do not realize the full potential of savings due to inefficient management of cloud operations, HCMX FinOps Express provides CIOs the ability to optimize and operate their cloud in an agile and controlled manner, while involving all the necessary stakeholders." Travis Greene, Senior Director of ITOM Product Marketing at Micro Focus HCMX FinOps Express helps organizations to: View spend across clouds – Gain a complete, unified view of your cloud spend with AWS, Azure and Google Cloud, including show-back, mapping cloud spend to projects, business units, and cost centers. Identify inefficiencies – Spot idle, oversized, or overprovisioned resources with reports that help identify spending spikes and inefficiencies. Build a budget – Take advantage of the built-in module for budgeting that provides an additional layer of financial responsibility across engineering and other teams. Save with AI-assisted recommendations – Utilize AI to auto-generate recommendations for reservation planning that can help lower cloud rates and save as much as 72 percent. Implement self-service guardrails – Proactively prevent costly surprises by consolidating offerings from major cloud vendors into a single catalog and excluding costly or non-compliant options while implementing spending limits. HCMX FinOps Express is a part of HCMX, which also includes capabilities for multi-cloud design and provisioning, policy-based compliance, and lifecycle hybrid cloud service orchestration. As cloud migrations and digital transformation continue to drive strategic business change, Micro Focus HCMX FinOps Express is one of the ways Micro Focus helps customers support cost-effective migrations, optimize cloud spend and ultimately lower the total cost of ownership for IT. HCMX FinOps Express is available now. In addition to today's announcement, Micro Focus will provide additional information when Travis Greene presents "3 Ways to Tame Your Cloud Costs with FinOps" at Gartner IOCS on Thursday, at 11:45 a.m. PST in San Polo 3505. About Micro Focus Micro Focus is one of the world's largest enterprise software providers, focused on solving the IT dilemma how to balance today's needs with tomorrow's opportunities. We deliver mission-critical technology that helps tens of thousands of customers worldwide manage core IT elements of their business. Strengthened by our strategic services and support organizations, and an extensive partner network, our broad set of technologies for security, IT operations, application delivery, governance, modernization, and analytics provides the innovative solutions organizations need to run and transform at the same time.

Read More

Spotlight

Imagine that you are starting a family and you want to stay on top of your finances so you can manage your budget for your growing family. Because you have too many accounts for banking, loans, subscriptions, and bills to keep track of, you decide to sign up for a service that aggregates all your accounts in one place. When you register your account online, you follow the instructions carefully. You create a strong, unique password and set up multifactor authentication. You enter your bank account and loan information, home address, and other personal information. Your spouse also signs up, and you create a joint family account that combines your information.

Resources