Muaj ntau qhov kev pab qhib qhov chaw ntxiv rau cov kev daws teeb meem kev nyab xeeb ib txwm muaj uas cov tuam txhab huab tau muab.
Nov yog ib qho piv txwv ntawm yim qhov zoo tshaj plaws qhib qhov chaw huab kev ruaj ntseg technologies.
AWS, Microsoft, thiab Google tsuas yog ob peb lub tuam txhab huab uas muab ntau yam kev nyab xeeb hauv ib txwm muaj. Txawm hais tias cov thev naus laus zis no yuav pab tau zoo, lawv tsis tuaj yeem ua rau txhua tus neeg xav tau. Cov pab pawg IT nquag pom qhov tsis sib xws hauv lawv lub peev xwm los tsim kev nyab xeeb thiab tswj kev ua haujlwm ntawm tag nrho cov platforms no thaum huab kev loj hlob zuj zus. Thaum kawg, nws yog nyob ntawm tus neeg siv los kaw cov khoob no. Qhib qhov chaw huab kev ruaj ntseg technologies muaj txiaj ntsig zoo rau cov xwm txheej zoo li no.
Kev siv dav dav siv dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav dav thoob ntiaj teb koom siab, kis las kis las ncaws pob, kis las ncaws pob, ncaws pob ncaws pob, ncaws pob ncaws pob ncaws pob, ncaws pob ncaws pob ncaws pob, ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob ncaws pob thoob ntiaj teb Pab pawg pib cov haujlwm no los daws qee qhov kev xav tau uas tsis tau ntsib los ntawm cov cuab yeej thiab cov kev pabcuam uas twb muaj lawm, thiab lawv qhib qhov software zoo li no hauv kev cia siab tias nws yuav muaj txiaj ntsig zoo rau lwm lub lag luam thiab. Txawm hais tias nws tsis yog tag nrho suav nrog, daim ntawv teev npe ntawm qhov zoo tshaj plaws qhib qhov kev nyab xeeb huab kev daws teeb meem ntawm GitHub yog qhov chaw zoo pib. Ntau ntawm lawv tau sib xws nrog lwm qhov chaw huab, thaum lwm tus tau tsim kom muaj kev ua haujlwm nrog AWS, huab cua nrov tshaj plaws. Saib ntawm cov thev naus laus zis kev nyab xeeb no rau qhov xwm txheej teb, kev sim ua kom pom tseeb, thiab pom kev pom.
Huab Tus Saib Xyuas
Kev tswj hwm ntawm AWS, Microsoft Azure, thiab Google Cloud Platform (GCP) ib puag ncig yog ua tiav nrog kev pab los ntawm Cloud Custodian, lub cav tsis muaj kev cai lij choj. Nrog kev tshaj tawm thiab kev txheeb xyuas sib sau ua ke, nws muab ob peb txoj hauv kev ua raws li cov tuam txhab lag luam ua haujlwm rau hauv ib lub platform. Koj tuaj yeem tsim cov cai siv Cloud Custodian uas sib piv ib puag ncig rau kev nyab xeeb thiab kev ua raws li cov txheej txheem rau kev txhim kho tus nqi. Hom thiab pab pawg ntawm cov peev txheej los kuaj xyuas, nrog rau cov kev nqis tes ua los ntawm cov peev txheej no, tau qhia hauv Cloud Custodian cov cai, uas tau teev tseg hauv YAML. Piv txwv li, koj tuaj yeem tsim ib txoj cai uas ua rau lub thoob encryption muaj rau txhua lub thoob Amazon S3. Txhawm rau txiav txim siab txog cov cai, koj tuaj yeem ua ke Cloud Custodian nrog serverless runtimes thiab cov kev pabcuam huab. Thaum xub thawj tsim thiab tsim muaj raws li qhov chaw pub dawb los ntawm
Cartography
Lub ntsiab kos ntawm no yog Infrastructure maps uas yog tsim los ntawm cartography. Qhov no tsis siv neeg graphing cuab tam muab ib tug pom kev sawv cev ntawm kev sib txuas ntawm koj huab infrastructure Cheebtsam. Qhov no tuaj yeem ua rau pawg neeg pom kev nyab xeeb tag nrho. Siv cov cuab yeej no los tsim cov ntaub ntawv cuab yeej cuab tam, txheeb xyuas qhov muaj peev xwm tawm tsam vectors, thiab txheeb xyuas cov hauv kev txhim kho kev ruaj ntseg. Cov kws tshaj lij ntawm Lyft tsim cov duab kos duab, uas siv cov ntaub ntawv Neo4j. Nws txhawb ntau yam kev pabcuam AWS, G Suite, thiab Google Cloud Platform.
Diffy
Ib qho cuab yeej nrov triage cuab tam rau digital forensics thiab qhov teeb meem teb yog hu ua Diffy (DFIR). Koj pab pawg DFIR lub luag haujlwm yog txhawm rau tshawb xyuas koj cov cuab yeej cuab tam rau cov pov thawj uas tus neeg tawm tsam tau tso tseg tom qab koj ib puag ncig tau raug tawm tsam lossis raug nyiag lawm. Qhov no yuav xav tau kev mob siab rau tes. Lub cav sib txawv muab los ntawm Diffy qhia txog qhov tsis zoo, cov tshuab virtual, thiab lwm yam kev pabcuam. Txhawm rau pab pawg DFIR txheeb xyuas qhov chaw ntawm cov neeg tawm tsam, Diffy yuav qhia rau lawv txog cov peev txheej twg tau ua qhov tsis zoo. Diffy tseem nyob rau hauv nws cov theem pib ntawm kev txhim kho thiab tam sim no tsuas yog txhawb nqa Linux piv txwv ntawm AWS, txawm li cas los xij nws cov plugin architecture tuaj yeem ua rau lwm cov huab. Pawg Neeg Saib Xyuas Kev Ruaj Ntseg thiab Teb Chaws ntawm Netflix tau tsim Diffy, uas tau sau rau hauv Python.
Git- secrets
Qhov kev txhim kho kev ruaj ntseg no hu ua Git-secrets txwv koj los ntawm kev khaws cov ntaub ntawv zais cia nrog rau lwm cov ntaub ntawv rhiab hauv koj qhov chaw khaws cia Git. Ib qho kev cog lus lossis ua cov lus uas haum rau ib qho ntawm koj qhov kev npaj ua ntej, txwv tsis pub cov qauv qhia raug tsis lees paub tom qab luam theej duab. Git-secrets tau tsim nrog AWS hauv siab. Nws tau tsim los ntawm AWS Labs, uas tseem yog lub luag haujlwm rau kev saib xyuas qhov project.
OSSEC
OSSEC yog lub platform kev ruaj ntseg uas ua ke nrog kev soj ntsuam xyuas, kev ruaj ntseg ntaub ntawv thiab tswj kev tshwm sim, thiab tus tswv tsev-raws li kev nkag mus nrhiav pom. Koj tuaj yeem siv qhov no ntawm huab-raws li VMs txawm tias nws tau tsim los rau kev tiv thaiv ntawm thaj chaw. Platform's adaptability yog ib qho ntawm nws qhov zoo. Ib puag ncig ntawm AWS, Azure, thiab GCP tuaj yeem siv nws. Tsis tas li ntawd, nws txhawb ntau yam OSes, suav nrog Windows, Linux, Mac OS X, thiab Solaris. Ntxiv nrog rau tus neeg saib xyuas thiab tsis muaj kev saib xyuas, OSSEC muaj lub hauv paus tswj hwm tus neeg rau zaub mov rau kev taug qab cov cai hla ntau lub platform. OSSEC cov yam ntxwv tseem ceeb suav nrog: Txhua cov ntaub ntawv lossis cov npe hloov pauv ntawm koj lub cev yuav raug kuaj xyuas los ntawm kev saib xyuas cov ntaub ntawv, uas yuav ceeb toom rau koj. Kev tshuaj xyuas lub cav sib sau ua ke, tshuaj xyuas, thiab ceeb toom rau koj txog kev coj cwj pwm txawv txawv los ntawm tag nrho cov cav hauv qhov system.
Rootkit nrhiav kom paub, uas ceeb toom koj yog tias koj lub cev tau txais kev hloov pauv zoo li rootkit. Thaum pom muaj kev cuam tshuam tshwj xeeb, OSSEC tuaj yeem teb tau zoo thiab ua tam sim ntawd. OSSEC Foundation saib xyuas kev saib xyuas ntawm OSSEC.
GoPhish
rau phish simulation simulation, Gophish yog qhov kev pab cuam qhib uas tso cai rau xa emails, taug qab lawv, thiab txiav txim siab pes tsawg tus neeg tau txais nyem qhov txuas hauv koj cov email phony. Thiab koj tuaj yeem saib tag nrho lawv cov txheeb cais. Nws muab cov pab pawg liab ntau txoj kev tawm tsam nrog rau cov email tsis tu ncua, emails nrog cov ntawv txuas, thiab txawm tias RubberDuckies los ntsuas lub cev thiab kev ruaj ntseg digital. Tam sim no tshaj 36 phishing cov qauv no muaj los ntawm cov zej zog. Ib qho AWS-raws li kev faib ua ntej-loaded nrog cov qauv thiab ruaj ntseg rau CIS cov qauv yog tswj hwm los ntawm HailBytes no.
prowler
Prowler yog cov cuab yeej hais kom ua rau AWS uas ntsuas koj cov kev tsim kho vaj tse hauv kev sib piv rau cov qauv tsim rau AWS los ntawm Center for Internet Security nrog rau GDPR thiab HIPAA kev tshuaj xyuas. Koj muaj kev xaiv los tshuaj xyuas koj cov txheej txheem tiav lossis ib qho AWS profile lossis cheeb tsam. Prowler muaj peev xwm ua tiav ntau qhov kev tshuaj xyuas ib zaug thiab xa cov ntawv ceeb toom hauv hom xws li CSV, JSON, thiab HTML. Tsis tas li ntawd, AWS Security Hub suav nrog. Toni de la Fuente, tus kws paub txog kev ruaj ntseg Amazon uas tseem koom nrog txoj haujlwm tu, tsim Prowler.
Kev Ruaj Ntseg Monkey
Hauv AWS, GCP, thiab OpenStack chaw, Kev Ruaj Ntseg Monkey yog cov cuab yeej saib xyuas uas ua rau pom qhov kev hloov kho txoj cai thiab teeb tsa tsis muaj zog. Piv txwv li, Security Monkey hauv AWS ceeb toom rau koj thaum twg S3 thoob nrog rau pawg kev ruaj ntseg raug tsim lossis tshem tawm, saib xyuas koj cov yuam sij AWS Identity & Access Management, thiab ua ob peb lwm txoj haujlwm saib xyuas. Netflix tsim Kev Ruaj Ntseg Monkey, txawm tias nws tsuas yog muab cov teeb meem me me kho raws li tam sim no. AWS Config thiab Google Cloud Assets Inventory yog cov neeg muag khoom hloov pauv.
Txhawm rau pom cov cuab yeej qhib ntau dua ntawm AWS, mus saib peb HailBytes ' AWS marketplace offerings here.
