Halo Cloud Secure: A unified product

Vitaliy Geraymovych, Talli Somekh, and I founded CloudPassage in 2010. In those early days, cloud infrastructure was broadly dismissed as little more than a hosting environment for games, blogs, and experiments. The bulk of IaaS offers revolved around cloud servers…

Read More

Changes in the CIS controls and why you need to know

Have you heard of the top 20 Controls from the Center for Internet Security (CIS)? These are also known as the CIS common controls and they’re my favorite list of controls. Sure, PCI, NIST, CSA, SOX, FERPA, NERC, and HIPAA…

Read More

LIDS cross site scripting (XSS) for attack detection

Cross Site Scripting (XSS) is one of the most common application security vulnerabilities and it affects many web applications. XSS attacks occur when an attacker uses a web application to send malicious code (generally in the form of a browser…

Read More

Who’s responsible for security in AWS?

One of the biggest questions to be answered as enterprises migrate to AWS is, who’s responsible for security? The AWS shared responsibility model for security is a must-read for security and compliance practitioners starting their AWS journey. AWS does provide…

Read More

Using Intel’s Optane SSD storage to dive into Docker’s layers

Background: Containerization is a rapidly growing trend in application hosting infrastructure. There are a number of guiding principles and best practices for building container images (containerization’s analog for virtual-machine images). One guiding principle of containerization is building small, concise, single-concern…

Read More