We've recently ingested AWS data into our Cloud Security Module. I want to ask if anyone know of any way to trigger a test detection in Cloud Security? I haven't found a method yet - aside from simulating an actual attack. Also, if you have any suggestions for cool queries - especially the ones you run daily - that would be great. submitted by /u/CyberHaki [link] [comments]
Hey Everyone, I have an interview coming up next week for a cloud security engineer role that sounds more analytical. It involves investigating alerts and incidents within the cloud infrastructure for the financial company. Also, the engineering aspect seems to come in for implementing and deploying security measures in the production environments. Another thing I would like to add is that I am very familiar with AWS, but they rely on GCP, which I am not as familiar with. I was wondering, for...
arXiv:2510.00452v1 Announce Type: new Abstract: Large Language Models (LLMs) have gained prominence in domains including cloud security and forensics. Yet cloud forensic investigations still rely on manual analysis, making them time-consuming and error-prone. LLMs can mimic human reasoning, offering a pathway to automating cloud log analysis. To address this, we introduce the Cloud Investigation Automation Framework (CIAF), an ontology-driven framework that systematically investigates cloud...
submitted by /u/Pale_War8200 [link] [comments]
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid
The SaaS Security Capability Framework, released by the CSA's SaaS Working Group provides an industry-standard set of baselines, customer-facing security controls for SaaS platforms. submitted by /u/CybrSecHTX [link] [comments]
Unified cloud security without compromise, delivering commercial features to sensitive government systems
arXiv:2507.21094v2 Announce Type: replace Abstract: In recent years, cloud security has emerged as a primary concern for enterprises due to the increasing trend of migrating internal infrastructure and applications to cloud environments. This shift is driven by the desire to reduce the high costs and maintenance fees associated with traditional on-premise infrastructure. By leveraging cloud capacities such as high availability and scalability, companies can achieve greater operational...
Hello guys, I wanted a help from you all, Technical Support Cloud/Security - Apprenticeship program Is this role good for starting of my career in cyber security or cloud security This is the job description not much detail. Job Description Engineering graduate with at least 60% CGPA, no backlogs Good communication skills, aptitude and attitude Willing to work on service desk projects Willing to work in shifts Willing to be part of apprenticeship program Work from office all 5 days submitted by...
submitted by /u/BradW-CS [link] [comments]
My company is looking at cloud security platforms and we're down to Wiz and CrowdStrike. Budget isn't really the issue but we need something that actually catches stuff without drowning us in false positives Anyone here used both? From what I can tell Wiz is more cloud-native but CrowdStrike has that whole endpoint thing going for it too. Our infrastructure is mostly AWS with some Azure mixed in Really need something that integrates well and doesn't require a PhD to configure. The last solution...
arXiv:2509.15653v1 Announce Type: new Abstract: Quantum Computing (QC) introduces a transformative threat to digital security, with the potential to compromise widely deployed classical cryptographic systems. This survey offers a comprehensive and systematic examination of quantumsafe security for Cloud Computing (CC), focusing on the vulnerabilities, transition strategies, and mitigation mechanisms required to secure cloud infrastructures in the quantum era. We evaluated the landscape of...
Over the past decade, the Cloud Security Alliance has been at the forefront of helping organizations navigate the cloud's risks and opportunities. As we now enter the generative AI era, the challenge is even greater: security teams must enable innovation while ensuring that developers select trustworthy models and implement the right guardrails from the start. This is where RiskRubric.ai comes in - a systematic methodology to quantify AI model risk across six pillars of trust: Transparen
Amazon Web Services (AWS) successfully completed an onboarding audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, and 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. EY CertifyPoint auditors conducted the audit and reissued the certificates on August 13, 2025. The objective of the audit was to enable
Announcing the public preview of Wiz's in-house Incident Response service - empowering customers to investigate, contain, and resolve cyber incidents with confidence
Currently in cloud sec and plan to stay in it for the foreseeable future. I have a few vendor specific certs but is there a cert equivalent to CISSP but focused more on cloud security? Or just go for CISSP? submitted by /u/jaydee288 [link] [comments]
My company offered to sponsor one SANS course, and I can choose between: SEC540: Cloud Security and DevSecOps Automation SEC510: Public Cloud Security (AWS, Azure, GCP) SEC549: Enterprise Cloud Security Architecture SEC401: Security Essentials My main goal is to advance in my career. I have no previous certifications, and I am new in the field. Has anyone here taken these courses? Which one would you recommend as the best starting point for, and why? submitted by /u/Educational-Ship6451 [link]...
For those working in cloud security and pentesting - what's the toughest part when it comes to dealing with cloud misconfigurations? Many tools seem to handle detection and exploitation separately, which can create extra work for security teams. Have you experienced this gap in your work? What do you think would make the process smoother? submitted by /u/yarkhan02 [link] [comments]
It's the second Tuesday of September, and Microsoft has rolled out its latest security updates. Microsoft's September 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for September 2025 In this
