How it works: The DDoS solution monitors protected resources for an attack, emits log signals containing attacking source IP addresses to Microsoft Sentinel. This triggers Azure Firewall Remediation IP-Playbook. The firewall blocks the attacking source IP addresses
What is required: Configure analytics rules that define threshold for percent threshold and PPS threshold. Use the automation rule to trigger the playbook, which uses IP groups to block IPs. The groups are attached to rules. This integration enables faster response to L3 and L4 type attacks.
➝ AsyncEventsReceived measures total events successfully queued for processing.
➝ AsyncEventAge measures time between successful queuing and function invocation
➝ AsyncEventsDropped measures events dropped without successful execution.
➝ Software supply chain security will be top-of-mind
➝ Growth of APIs will increase the attack surface
➝ DevOps will lead to DevSecOps, with adoption of cloud-native security tools.
➝ Policy-as-Code and Open Policy Agent adoption will gain traction
➝ MTA supports large-scale Java app modernization and migration projects by providing line-by-line recommendations for your source code.
➝ Azure’s contributions include rulesets to provide guidance for configuring data sources, using Java Key Store and file systems
Must-read Analysis & Advice
➝ Wilco built developer training/upskilling platform service using Heroku’s free-tier
➝ Overlooked scale, app level authorization limitations
➝ Cryptojacking led to $10k bill from Heroku
➝ CTO shares why he would take the same approach again
Agenda: Google Cloud’s Kelsey Hightower, who anchored the discussion, based on this user query. Kicked it off by saying it is like running a db on a VM but Kubernetes on PostGres is not the same as Cloud SQL.
What others had to say:
➝ Kubernetes does not provide high availability for applications, it only provides automatic recovery.
➝ Traditional db were not designed with the assumption that machines will fail.
➝ So for proper scaling, backups and upgrades, you will need a Kubernetes expert who is also a db expert.
➝ What that means is having additional knowledge of stateful sets, and a domain-specific understanding of how kubernetes handles storage.
Conclusion: Most thought db on Kubernetes was not such a great idea.
Using session ID or access token breaks the least privilege principle, and exposes sensitive information beyond the organizational perimeter.
➝ Identity distribution enables continuous data verification by ensuring each service in an API performs informed authorization based on signed certificates or tokens.
➝ Securing all traffic, encrypting connections, using established standards, and token sharing techniques are a few approaches to identity distribution.
➝ Despite operating in a secured perimeter, compromise of a single service within a microservices architecture can offer an entry point into the entire application.
➝ Authenticating inter-service communications, and encrypting connections between services key to prevent unauthorized access
➝ Abstraction and transient nature of Kubernetes artifacts makes it difficult to differentiate cloud costs and shared resources.
➝ Facilitating conversations between finance and engineering teams, labeling and tagging resources, and leveraging the right tooling crucial to implement FinOps.
➝ Making it available through VM instances, cloud-native software stacks.
➝ Confidential computing specification Caliptra will offload assurance to hardware, Intel’s Project Amber will attest computing environments
Google Cloud adds multi-architecture support to fix the issue of deploying multi-architecture container images to Cloud Run.
Azure Application Gateway adds support for mTLS and online certificate status protocol. See when to use mTLS, and how to verify mTLS setup.
Amazon EC2 now lets you automatically rollback to undo the changes made by the Auto Scaling instance refresh feature when it fails.
Tech layoffs are not the end of the world. Non-tech companies advertising significantly more tech jobs.
Amazon CloudWatch adds support for extracting up to 1-second granularity from structured logs using Embedded Metric Format.