Rich Carpenter - InfoSec -

Amazon Security Lake is now generally available

June 19, 2023June 19, 2023Rich Carpenter

Amazon Security Lake is now generally available.

Amazon Security Lake builds a Security centric data lake from integrated and custom data sources across accounts and regions in a common open framework called the ‘Open Cybersecurity Security Framework’. This fully managed service takes care of all the undifferentiated heavy lifting of setting up all the AWS data sources, carrying out the Extract, Transform and Load (ETL) operations to convert the data from its original format to the OCSF format, setting up the underlying S3 storage and associated data retention and storage policies. It comes with a 15 day free trial for all AWS Accounts.

For more information about what the service might be able to do for you and your organisation take a listen to episode 595 of the AWS Podcast where Himanshu Verma, Worldwide Specialist for AWS Security Services talks about what this Service is about and how to get started.

AWS Security Hub is now available in the Asia Pacific (Melbourne) Region

May 26, 2023May 26, 2023Rich Carpenter

AWS have recently announced the availability of Security Hub in the Asia Pacific Region.

You can now use Security Hub to centrally view and manage the security posture of your AWS accounts in this Region and take advantage of more than 110 security controls to automatically check your environment against security industry standards and best practices.

For more information and links to documentation head over to the AWS Announcement

AWS Security Hub launches 4 new security best practice controls for (NIST) SP 800-53

April 7, 2023May 26, 2023Rich Carpenter

AWS Security Hub has released 4 new controls for its National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 standard. These controls conduct fully-automatic security checks against Elastic Load Balancing (ELB), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Redshift, and Amazon Simple Storage Service (Amazon S3). To use these controls, you should first turn on the NIST standard. If you are already using the standard and have Security Hub set to automatically turn on new controls, these new controls will run without having to take any additional action.

With this release, Security Hub now supports up to 257 security controls to automatically check your security posture in AWS.

For more information about the new controls and the AWS Services which are included head over to the AWS announcement.

Subscribing to AWS Security Hub announcements using CloudFormation

November 11, 2022November 11, 2022Rich Carpenter

The AWS Security Hub team launched announcements for Security Hub features via an SNS topic in August 2022. The team now publishes announcements to stay up to date with feature releases. To receive these announcements all you need to do is subscribe to the AWS Security Hub SNS topic in your preferred region.

Running cfn_nag on windows inside vscode

November 8, 2022November 8, 2022Rich Carpenter

In an effort to move shift Security ‘further left’ in a software development lifecycle, testing for security misconfigurations is critical. Detecting these misconfigurations earlier reduces the amount of time and effort required to fix any issues downstream and increases the velocity and release cadence by removing the potential need to apply these fixes later.

Tools such as cfn_nag look for patterns in CloudFormation templates that may indicate insecure infrastructure. Providing tools to developers enables them to run these tests locally, identifying and resolving any findings before committing the Infrastructure-as-code to source control.

Enabling Security Hub cross-Region aggregation with CloudFormation

November 3, 2022November 3, 2022Rich Carpenter

AWS Security Hub allows you to designate an aggregation Region and link some or all Regions to that aggregation Region. Ideally we would configure cross-Region aggregation using Infrastructure-as-code. Here I walk through the CloudFormation template to deploy this configuration.

AWS CSPM Platform – Visibility

October 13, 2022October 26, 2022Rich Carpenter

In this post I’ll cover how we get a comprehensive view of our security posture across all our AWS accounts.

AWS CSPM Platform – What and Why

October 12, 2022October 13, 2022Rich Carpenter

In this first part of a series of articles discussing ‘How to build a Cloud Security Posture Management platform for AWS’ we’ll cover what one is , why we should use one and how they work.

Enabling AWS Config Trusted Service using PowerShell

December 18, 2019October 5, 2020Rich Carpenter

As part of a series of posts regarding enabling AWS Config for your AWS Organisation, this post looks at how we can Enable the AWS Config Trusted Service for our Organisation. Enabling this service gives us more control over what AWS Config can access by using the Service Linked Role which will be covered in a future post.

Obtaining AzureAD GUID and Tenant Name

October 10, 2019October 10, 2019Rich Carpenter

Ocassionaly you may find yourself in the need to obtain the Tenant GUID or Tenant Name for your AzureAD environment, but these details can be tricky to find. You can get this information using PowerShell.

Rich Carpenter – InfoSec

AWS Audit Tools