Darkbit blog

Cloud security insights, reviews, and demos for cloud-native teams and organizations.

Announcement

A Ruby Performance Experiment for the Modern Cloud - AWS Recon

Is Ruby too slow to be taken seriously in modern, fast-paced, enterprise-scale cloud environments? According to Twitter, StackOverflow, and all the cool kids except this one, the answer seems to be “Yes!” Surely the right tool these days would be Node, Go, Rust, or even Python. Nothing fast is built with Ruby, right? Let’s find out…

Josh Larsen

18 min read

Article

Prioritizing Cloud Risk Requires Context to be Effective

Cloud security configuration scanning tools and similar approaches offer great insight at the technical level and are a foundational component of a risk assessment strategy. Prioritizing risk mitigation based on that low level output alone misses something critical (pun intended): organizational context.

Brad Geesaman

9 min read

Announcement

MKIT - Managed Kubernetes Inspection Tool

Introducing MKIT, a free, open-source tool that provides security-conscious Kubernetes cluster administrators a quick and easy way to assess several common misconfigurations of the cluster itself and the workloads running inside.

Brad Geesaman

2 min read

Article

Advanced Persistence Threats - The Future of Kubernetes Attacks

“What would happen if an attacker understood Kubernetes better than your operations team?” That was the core question that Ian Coldwater and I posed to each other, and it became clear that the research in this area is underexplored. Last week at RSA Conference 2020 we had the honor of presenting our thoughts on what attackers would do, how they might do it, and how they might try to avoid detection. We look forward to presenting an even more advanced version of this talk at KubeCon EU 2020.

Brad Geesaman

3 min read

Article

Simple DLP for AWS S3

When discussing the risk S3 buckets pose to organizations, the majority of the discussion is around public buckets and inadvertently exposing access. While this is certainly a common threat vector, it can be addressed in a number of policy-driven ways. Blocking the ability to accidentally expose buckets at the organization or account level is much more practical now, and probably a more scalable and sound approach than trying to implement a reactive solution.

Josh Larsen

10 min read

Article

NSA Guidance on Mitigating Cloud Vulnerabilities

The National Security Agency (NSA) today published guidance aimed at “organizational leadership and technical staff”, outlining practical ways organizations can mitigate the most common cloud vulnerabilities. In this post, we’ll highlight the key elements of the NSA’s guidance for convenient reference. The full report is linked below.

Josh Larsen

5 min read