Any thoughts here on WAF solutions -- Azure FD/WAF vs CloudFlare vs ???

I'm not a fan of cloudflare because they have to take control of your DNS. We have too many instances where a WAF is acting up and we need to swing DNS over to bypass it. If cloudflare goes down, you can't do that. We currently use EdgeCast CDN/WAF, no complaints, but it's not a super smart WAF.

I'm hearing that Sophos offers a good VM option, anyone tried their solution?

What is your use case? Scale considerations? regulatory environment etc? Budget?

@Ross Hendrickson I can't tell if your question is rhetorical, I know I need to do my own research to assess suitability; I'm just looking for success stories to narrow the list. We have a SaaS offering in Azure with lots of public-facing interfaces that presently use Front Door/Azure WAF. I'm finding it limiting, both for reporting and analysis and for rapid response, so I'm seeing whether there's a better choice that would ease the overhead and pain of incident response. We are a SOC2 compliant and are working towards IEEE-whatever certification soon. We have more money than person-time at the moment, and want the best solution to minimize overhead, both in cost and person time.

Hey hey Any teleport users here? Running on everything ourselves (i.e not Teleport Cloud), on AWS with the usual HA architecture on ASG EC2 instances. Their upgrade process is abysmal when you are running auth-servers yourself, their suggested process is quite manual: - scale down the auth-server ASGs to one instance, - upgrade the binary, let it finish any migrations, - wait for it startup - no documented health-checks, but I've found some in their code - scale up the Auth ASG, rinse-repeat for all auth severs - then proceed to do the rest on all other components (which may live in different AWS accounts) in a similar fashion The fun part is catering for the ASGs in different accounts (and to ensure that all components are actually updated - but only after the auth servers have completed) ATM my plan is to have a CI pipeline in place which: - runs an ansible playbook which does the scaling, upgrading and waiting on the auth servers - builds a new packer AMI with the new version of teleport (used by all components in all the accounts) - this will ensure that the upgrade persists even after a scaling event - deploy a TF pipeline which uses the new AMI (in every account where teleport components run) Any better ideas?

Hi! Today we are launching a free open source audit logs to help devs integrate this security feature into their products. Your feedback is much appreciated 🙏 https://www.producthunt.com/posts/open-source-audit-logs-by-boxyhq

Hi there! At Mia-Platform we are protecting our customers using an open source product we launched some time ago; we have been using it in production for more than a year now and it's proving a really nice solution. I honestly believe it can help other products and companies as well, of course any feedback is welcome! 🙂 Check out Rönd: https://github.com/rond-authz/rond

Hi all! I’m pleased to share a project we’ve been working on for the past 2 years with my team and that we Open Source today, a code security scanning tool (SAST). It allows you to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). Essentially, it provides built-in rules against a common set of security risks and vulnerabilities (OWASP Top 10), here are some practical examples: • Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics environments. • Usage of weak encryption libraries or misusage of encryption algorithms. • Unencrypted incoming and outgoing communication (HTTP, FTP, SMTP) of sensitive information. • Hard-coded secrets and tokens. • And many more! If you are SOC2 or ISO27001, there are good chances you are already using a SAST solution, it could be a good replacement, and hopefully a better one. If you’re not, it might be an opportunity to improve your application’s security. We currently support JavaScript and Ruby stacks, but more will follow. Let us know what you think and how we can improve it! https://github.com/Bearer/bearer

We (Bearer.com) are hosting a Security Leaders Wine Tasting event in Paris Tuesday 4th of April (near République) 🍷🧸 There are already some great people from Doctolib, Pygment, DataDog or Vestiaire Collective joining us, if you’d like to be part of it, please let me know, we are always happy to make more room!

Checking with the group here on self signed certs vs wildcard certs for public facing sub-domains. What is the preference and what is industry standard in terms of security?

If anyone’s interested, I’m doing a free container security 101 workshop this Thursday. It’s hands-on https://www.linkedin.com/posts/jonzeolla_docker-cosign-sbom-activity-7052387348000468992-Racs

Hey everyone! I'm thrilled to share that my talk on Security at scale: Achieving security with multiple deployments per day in the Impact track Feel free to ask me anything either here or as an IM, especially from 12 - 2PM EST time

Hey Folks, I’m thrilled to share our journey towards Continuous Security Audits at Dgraph Labs Inc. In our blog post, we delve into how we detect and remediate potential Security Issues within our offerings. Our new setup integrates a selection of toolsets and aids in “Improved Visibility” and “Faster Security Issue Resolution” for our organization (and our esteemed customers). Within a concise timeframe (~3 months), we’ve successfully addressed over 2k+ security issues with this, significantly bolstering our SOC2 compliance endeavors. Learn more about our Security Landscape, Layers, Tools in our blog post. https://www.sudhishkr.com/posts/20230609_how-we-fixed-2kplus-security-issues/

Hey everyone. I’m new to the conversation. I am trying to understand how important security is to platform teams - or is is an afterthought like DevOps?