CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Sysdig announced the addition of cloud security monitoring functionality to the Falco open source software project.
The new Amazon Web Services (AWS) CloudTrail plug-in provides real-time detection of unexpected behavior and configuration changes, intrusions, and data theft in AWS cloud services using Falco rules. The Falco community developed this extension with Sysdig based on a new plug-in framework that allows anyone to extend Falco to capture data from additional sources beyond Linux system calls and Kubernetes audit logs. As organizations manage critical data across multiple clouds, they need consistent threat detection across their distributed environments. Additional plug-ins will allow organizations to use a consistent threat detection language and close security gaps by using consistent policies for workloads and infrastructure. In addition, more than twenty new out-of-the-box policies supporting compliance frameworks were released.
Falco, a cloud-native runtime security project, is the de facto detection engine for containers and Kubernetes with over thirty million downloads. Created by Sysdig and contributed to the CNCF, Falco is an Incubation-level hosted project. The new plug-in capability and framework have been contributed by the Falco community and Sysdig to the project over the last few months. As of today, the AWS CloudTrail plug-in is available for use in preview mode and contributors can build new plug-ins on the framework.
Today, security teams are forced to export AWS CloudTrail logs into a data lake or security information and event management (SIEM) for processing, and then search for threats and changes to configurations that can indicate a risk. This approach adds delay in identifying risks, as well as cost and complexity.
Falco inspects cloud logs using a streaming approach, applying the rules to the logs in real time and immediately alerting on issues, without the need to make an additional copy of the data. This approach complements static cloud security posture management by continually checking for unexpected changes to configurations and permissions that can increase risk. In addition, it acts as a modern intrusion detection system (IDS), detecting threats based on unusual behavior that can indicate a threat.
Cloud and security teams struggle with an ever-growing list of tools to master and manage. Falco provides a single tool for threat detection across container and cloud environments, reducing complexity by reducing the number of tools in the stack. Users can use the same rule language to create consistent policies for workloads and infrastructure, removing security gaps. Because there is a shortage of talent in both cybersecurity and DevOps, reducing the learning curve by using consistent tools for threat detection is critical.
Users can get started immediately using out-of-the-box rules contributed by the community that map to compliance frameworks and best practices. They can also create custom rules to meet their specific needs using standard YAML code.
The plug-in capability for Falco creates the foundation for contributions that will extend support to other cloud environments and operating systems. The AWS CloudTrail plug-in and additional out-of-the-box rules are immediately available to try in preview form on the Falco GitHub site. Falco users and contributors can access pre-release documentation now. The official release is planned in the upcoming months.
“Now Falco can detect threats across containers and AWS cloud services using a streaming approach,'' said Loris Degioanni, Founder and CTO, Sysdig, “Users can immediately alert on indications of lateral movement without the cost and complexity of copying logs.”
Industry News
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
Pegasystems announced the general availability of Pega Infinity ’24.1™.
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
Postman announced its acquisition of Orbit, the community growth platform for developer companies.
Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.
Automation Anywhere announced an expanded partnership with Google Cloud to leverage the combined power of generative AI and its own specialized, generative AI automation models to give companies a powerful solution to optimize and transform their business.
Jetic announced the release of Jetlets, a low-code and no-code block template, that allows users to easily build any technically advanced integration use case, typically not covered by alternative integration platforms.
Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.
Buildkite signed a multi-year strategic collaboration agreement (SCA) with Amazon Web Services (AWS), the world's most comprehensive and broadly adopted cloud, to accelerate delivery of cloud-native applications across multiple industries, including digital native, financial services, retail or any enterprise undergoing digital transformation.
AppViewX announced new functionality in the AppViewX CERT+ certificate lifecycle management automation product that helps organizations prepare for Google’s proposed 90-day TLS certificate validity policy.
Rocket Software is addressing the growing demand for integrated security, compliance, and automation in software development with its latest release of Rocket® DevOps, formerly known as Aldon®.