- Published on
Security
- Published on
In the last article I looked at automating some of the tests available for Windows servers and desktops in the ACSC Essential Eight assessment guide. This article looks at how we can measure assessment activity - how often are we assessing systems, and are they passing the tests?- Published on
Recently the Australian Cyber Security Centre released an Essential Eight assessment guide. This article looks at automating some of the tests in the guide with Ansible.- Published on
Ansible provides a way to automate functional verification tests. This article looks at an improved approach to automating functional verification tests that I introduced in an earlier article.- Published on
Functional verification provides a way that we can attest to the configuration of a device or system, and verify compliance controls. This article looks at a functional verification approach using Ansible.- Published on
A quick look at the File Access Policy Analyzer, an open source tool simplifying application control implementation- Published on
RSA Conference 2022 again highlighted that many data breaches are due to unpatched systems. In this article I look at some of the technologies available to help organisations ensure that updates are applied across their hybrid cloud environments- Published on
Many organisations take the same approach to securing virtual machines, which I call 'Access & Agents'. While effective for virtual machines and other legacy infrastructure, this approach doesn't translate across to containers and Kubernetes, and this article looks at why.- Published on
Did you know that you can scan the internal OpenShift registry for security issues? Read on to find out how.- Published on
A quick guide on how to integrate a Kubernetes-native security platform with quay.io private repositories- Published on
Automation allows organisations to scale security workflows across hybrid cloud environments. In this article I take a closer look at automating application control, and how you can use Ansible roles to create reusable automation content.- Published on
What does it mean to be "Kubernetes-native"? And what does Kubernetes-native security look like?- Published on
Injecting integrity checks to application control processes is a winning security combination. Application control allows you to specify that only certain processes can execute on a system - but how do you know they are the right processes? How can you ensure that the code that you want to execute is the code that actually executes?- Published on
Application control seems to be one of those elusive security controls that organisations spend years chasing. How can we validate which processes are authorised to run on a system, and then enforce this?- Published on
Compliance evokes images of checking boxes. The real purpose of IT system compliance is risk migitation, and it probably just needs a better name