Introduction So, you've deployed Tetragon and you're seeing the kernel-level security events it produces. You can see every process execution, every network connection, every file access. This is a goldmine of security data. But it immediately leads to the next big question: where do you put...
Introduction Finally - attack path analysis has arrived in AWS. 🎯 While GCP and Azure have long offered attack path analysis, AWS was suspiciously quiet. That silence is finally over. With Security Hub v2, AWS is finally bringing modern risk-based prioritization to its native ecosystem - not just listing misconfigurations, but...
Introduction While building Lambda-based automation for patch management and security hardening, I frequently ran into a frustrating problem: some EC2 instances failed during software installation or SSM command execution. Usually the root cause was that the instance wasn’t a Managed Instance in SSM. An EC2 instance must be managed...
The Challenge of Security Visibility in the Past Back in the day, we followed best practices to configure our services securely. However, there was always the question: Did we actually configure everything correctly? Even if we used tools to identify misconfigurations, they rarely provided a comprehensive view across all services,...
Introduction In AWS, roles have become an essential part of securely granting permissions to services without the need for manual key management. Traditionally, in legacy systems or on-premises environments, services like virtual machines would rely on static access keys or service accounts for authentication. But with AWS roles were introduced...
Introduction Imagine you’re responsible for securing an AWS environment with dozens or even hundreds of accounts. Each account has its own users, permissions, and workloads. One day, you find out that a compromised IAM key in a sandbox account was used to exfiltrate data from an S3 bucket. The...
