da Agency

Best practices to protect your organization against ransomware threats

Ransomware, a form of malware that encrypts a user’s or organization’s most important files or data rendering them unreadable, isn’t a novel threat in the world of computer security. These destructive, financially-motivated attacks where cybercriminals demand payment to decrypt data and restore access have been studied and documented for many years. Today’s reality shows us that these attacks have become more pervasive, impacting essential services like healthcareor pumping gasoline. Yet despite attempts to stop this threat, ransomware continues to impact organizations across all industries, significantly disrupting business processes and critical national infrastructure services and leaving many organizations looking to better protect themselves. Organizations that continue to rely on legacy systems are especially vulnerable to ransomware threats, as these systems may not be regularly patched and maintained. For more than 20 years Google has been operating securely in the cloud, using our modern technology stack to provide a more defensible environment that we can protect at scale. We strive to make our security innovations available in our platforms and products for customers to use as well. This underpins our work to be the industry’s most trusted cloud, and while the threat of ransomware isn’t new, our responsibility to help protect you from existing or emerging threats never changes. In this post, we share guidance on how organizations can increase their resilience to ransomware and how some of our Cloud products and services can help.Develop a comprehensive, defensive security posture to protect against ransomwareRobust protection against ransomware (and many other threats) requires multiple layers of defense. The National Institute of Standards and Technology (NIST) outlines five main functions in the Cybersecurity Framework that serve as the primary pillars for a successful and comprehensive cybersecurity program in any public or private sector organization. Below are the recommendations from NIST and examples of how our Cloud technologies can help address ransomware threats:Pillar #1 – Identify: Develop an understanding of what cybersecurity risks you need to manage for the scope of your assets, systems, data, people, and capabilities. In the case of ransomware, this covers which systems or processes are most likely to be targeted in a ransomware attack, and what the business impact would be if specific systems were rendered inoperable. This will help prioritize and focus efforts to manage risks. Our CISO Guide to Security Transformation whitepaper outlines steps for a risk-informed, rather than risk-avoidance, approach to security with the cloud. A risk-informed approach can help you address the most important security risks, instead of addressing the risks that you already know how to mitigate. Cloud service providers make this risk-informed approach easier and more efficient for you by developing and maintaining many of the controls and tools that you need to mitigate modern security threats. Services like Cloud Asset Inventory provide a mechanism to discover, monitor, and analyze all your assets in one place for tasks like IT ops, security analytics, auditing, and governance. Pillar #2 – Protect: Create safeguards to ensure delivery of critical services and business processes to limit or contain the impact of a potential cybersecurity incident or attack. In the case of ransomware, these safeguards may include frameworks like zero trust that protect and strongly authenticate user access and device integrity, segment environments, authenticate executables, reduce phishing risk, filter spam and malware, integrate endpoint protection, patch consistently and provide continuous controls assurance. Some examples of products and strategies to involve in this step include: A cloud-native, inherently secure email platform: Email is at the heart of many ransomware attacks. It can be exploited to phish credentials for illegitimate network access and/or to distribute ransomware binaries directly. Advanced phishing and malware protection in Gmail provides controls to quarantine emails, defends against anomalous attachment types, and protects from inbound spoofing emails. Security Sandbox detects the presence of previously unknown malware in attachments. As a result, Gmail prevents more than 99.9 percent of spam, phishing, and malware from reaching users’ inboxes. Unlike frequently-exploited legacy on-premises email systems, Gmail is continually and automatically updated with the latest security improvements and protections to help keep your organization’s email safe.Strong protection against account takeovers: Compromised accounts allow ransomware operators to gain a foothold in victim organizations, perform reconnaissance, get unauthorized access to data and install malicious binaries. Google’s Advanced Protection Program provides the strongest defense against account takeovers and has yet to see a user that participates in the program be successfully phished. Further, Google Cloud employs many layers of machine learning systems for anomaly detection to differentiate between safe and anomalous user activity across browsers, devices, application logins, and other usage events.  Zero trust access controls that limit attacker access and lateral movement: BeyondCorp Enterprise provides a turnkey solution for implementing zero trust access to your key business applications and resources. In a zero trust access model, authorized users are granted point-in-time access to individual apps, not the entire corporate network, and permissions are continuously evaluated to determine if access is still valid. This prevents the lateral movement across the network that ransomware attackers rely on to hunt for sensitive data and spread infections. BeyondCorp’s protections can even be applied to RDP access to resources, one of the most common ways that ransomware attackers gain and maintain access to insecure legacy Windows Server environments. Enterprise threat protections for Chrome: Leveraging Google Safe Browsing technology, Chrome warns users of millions of malware downloads each week. Threat protection in BeyondCorp Enterprise delivered through Chrome can prevent infections from previously unknown malware including ransomware, with real-time URL checks and deep scanning of files.Malicious download warnings to alert users in ChromeEndpoints designed for security: Chromebooks are designed to protect against phishing and ransomware attacks with a low on-device footprint, read-only, constantly invisibly updating Operating System, sandboxing, verified boot, Safe Browsing and Titan-C security chips. Rollout of ChromeOS devices for users who work primarily in a browser can reduce an organization’s attack surface, such as relying too much on legacy Windows devices, which have been found to often be vulnerable to attacks.Pillar #3 – Detect: Define continuous ways to monitor your organization and identify potential cybersecurity events or incidents. In the case of ransomware, this may include watching for intrusion attempts, deploying Data Loss Prevention (DLP) solutions to detect exfiltration of sensitive data from your organization, and scanning for early signs of ransomware execution and propagation.  The ability to spot and stop malicious activity associated with ransomware as early as possible is key to preventing business disruptions. Chronicle is a threat detection solution that identifies threats, including ransomware, at unparalleled speed and scale. Google Cloud Threat Intelligence for Chronicle surfaces highly actionable threats based on Google’s collective insight and research into Internet-based threats. Threat Intel for Chronicle allows you to focus on real threats in the environment and accelerate your response time.DLP technologies are also useful in helping detect data that could be appealing to ransomware operators. With data discovery capabilities like Cloud DLP, you can detect sensitive data that’s accessible to the public when it should not be and detect access credentials in exposed code. Pillar #4 – Respond: Activate an incident response program within your organization that can help contain the impact of a security (in this case, ransomware) event.  During a ransomware attack or security incident, it’s critical to secure your communications both internally to your teams and externally to your partners and customers. Many organizations with legacy Office deployments have shifted to Google Workspace because it offers a more standardized and secure online collaboration suite, and in the event of a security incident, a new instance can quickly be stood up to provide a separate, secure environment for response actions.Pillar #5 – Recover: Build a cyber resilience program and back-up strategy to prepare for how you can restore core systems or assets affected by a security (in this case, ransomware) incident. This is a critical function for supporting recovery timelines and lessening the impact of a cyber event so you can get back to operating your business. Immediately after a ransomware attack, a safe point-in-time backup image that is known not to be infected must be identified. Actifio GO provides scalable and efficient incremental data protection and a unique near-instant recovery capability for data. This near-instant recovery facilitates identifying a clean restore point quickly, enabling resumption of business functions rapidly. Actifio GO is infrastructure-agnostic and can protect applications on-premises and in the cloud. In Google Workspace, if files on your computer were infected with malware but you sync them to Google Drive, you may be able to recover those files. Additionally, ensuring that you have a strong risk transfer program in place, like our Risk Protection Program, is a critical element of a comprehensive approach to managing cyber risk. Key ransomware prevention and mitigation considerations for business and IT leadersAs you plan for a comprehensive defense posture against ransomware threats, here are some key questions to consider:Does your organization have a ransomware plan, and what does it entail? Remember to demand a strong partnership with your cloud providers based on a shared understanding of risk and security objectives. How are you defending your organization’s data, systems and employees against malware? Are your organization’s systems up to date and patched continuously? Are you watching for data exfiltration or other irregularities? What is your comprehensive zero trust approach, especially strongly authenticating my employees when they access information? Are you taking the right back ups to high assurance immutable locations and testing that they are working properly? This should include testing that does a periodic restore of key assets and data. What drills are you conducting to battle-test your organization’s risk management and response to cyber events or incidents? Ransomware attacks will continue to evolve Recently, ransomware groups have evolved their tactics to include stealing data prior to it being encrypted, with the threat of extorting this data through leaks. Additionally, some ransomware operators have used the threat of distributed-denial-of-service (DDoS) attacks against victim organizations as an attempt to further compel them to pay ransoms. DDoS attacks can also serve as a distraction, occupying security teams while attackers seek to accomplish other objectives such as data exfiltration or encryption of business-critical data. By deploying Google Cloud Armor — which can scale to absorb massive DDoS attacks— you can help protect services deployed in Google Cloud, other clouds, or on-premise against DDoS attacks.Protecting against ransomware is a critical issue for all organizations, and these questions and best practices are only the start of building a mature and resilient cybersecurity posture.  It’s important to remember that you can’t focus on a single piece of defense; you need a comprehensive cybersecurity program that enables you to identify, prevent, detect, respond, and recover from threats. Above all, you need a range of solutions from a battle-tested and highly-resilient cloud platform that works across these elements in an integrated way with your business. To learn more about how Google Cloud can help you implement a comprehensive cybersecurity program to protect against threats like ransomware and more, visit our Google Cloud Security Best Practices Center.
Quelle: Google Cloud Platform

da Agency

Anthos in depth: All the posts in our hybrid and multicloud development series

Every company is trying to get better business outcomes through software. We created Kubernetes to maximize productivity of our own developers, and open sourced it to help others achieve the same. To make Kubernetes more production ready, we created Google Kubernetes Engine (GKE) as the best way to consume Kubernetes as a reliable, secure and fully managed service. A few years later we introduced Anthos, a managed platform designed to simplify the management of Kubernetes clusters on any public or private cloud by extending a GKE-like experience along with our best open-source frameworks, with a Google Cloud backed control plane for consistent management of services in distributed environments.Anthos extends Google Cloud services and engineering practices to your environments so you can modernize apps faster and establish operational consistency across them. It can be used for all application deployments, both legacy as well as cloud-native, running on your existing virtual machines (VMs) and bare metal servers, while offering a service-centric view of all your environments. But what does that mean for your business, and how can Anthos be used to support your IT strategy? Over the last year, we created a series of blog posts to help you get started and get the most from Anthos. We’ve pulled them together here so you can read all the posts in one place or bookmark them for later.How Anthos supports your multicloud needs from day oneMost enterprises that run in the cloud have already spent a significant amount of effort automating, operationalizing, and securing their environment. Many have spent years investing in a single cloud provider. Yet today, the ability to run workloads on multiple cloud providers is becoming increasingly important.In this post, you’ll learn more about how Anthos makes multicloud easier with a consistent development experience regardless of the environment and by helping you consolidate operations across on-premises, Google Cloud, and other public clouds (starting with AWS).Related ArticleHow Anthos supports your multicloud needs from day oneAnthos features and capabilities make multicloud not only possible, but desirable.Read Article3 keys to multicloud success you’ll find in Anthos 1.7Beyond simply letting you run apps in on-prem and in different clouds, we’ve noticed that successful multicloud implementations share characteristics that enable higher-level benefits for both developers and operators. To do multicloud right, you need to: Establish a strong “anchor” to a single cloud provider Create a consistent operator experienceStandardize software deployment for developers We recently released Anthos 1.7, our run-anywhere Kubernetes platform that’s connected to Google Cloud, delivering an array of capabilities that make multicloud more accessible and sustainable. Read this post to get a deeper look at how our latest Anthos release tracks to a successful multicloud deployment.Related Article3 keys to multicloud success you’ll find in Anthos 1.7The new Anthos 1.7 lets you do a whole lot more than just run in multiple clouds.Read ArticleAnthos in depth: Application modernization isn’t easy, but we can make it easierMigrating and modernizing your application and moving to the cloud can be a really fun and interesting challenge. You can learn a lot through looking at solutions and architectures. But, If anyone tells you that migrating applications is “easy,” you probably stop listening immediately. The tools might be easy to use, but application migration is never instant, never just a clean one-and-done kind of adventure. It can be daunting to even know what tools to try out. We can make it easier for you and help you experiment. In this post, we cover the top four Google Cloud tips on how to make your migration journey a bit easier that you (probably) didn’t know about.Related ArticleApplication modernization isn’t easy. But we can make it easier.Migrating and modernizing applications and moving to the cloud can be a fun and interesting challenge, but it’s seldom “easy”. Here are f…Read ArticleAnthos on bare metal, now GA, puts you back in controlAnthos on bare metal opens up new possibilities for how you run your workloads, and where. Some of you want to run Anthos on your existing virtualized infrastructure, but others want to eliminate the dependency on a hypervisor layer, to modernize applications while reducing costs. For example, you may consider migrating VM-based apps to containers, and you might decide to run them at the edge on resource-constrained hardware.This in-depth post explores the Anthos bare-metal deployment option and how it enables you to modernize your applications while reducing costs, improving performance, and unlocking new use cases for edge computing. Let’s dive into the specifics of Anthos on bare metal and also share technical details for how to get started.Related ArticleAnthos on bare metal, now GA, puts you back in controlRunning Anthos on bare metal removes the overhead of a hypervisor layer, bringing new kinds of applications to the platform.Read ArticleHands-on with Anthos on bare metalAnthos on bare metal is a deployment option to run Anthos on physical servers, deployed on an operating system provided by you, without a hypervisor layer. Anthos on bare metal will ship with built-in networking, lifecycle management, diagnostics, health checks, logging, and monitoring. Additionally it will support CentOS, Red Hat Enterprise Linux (RHEL), and Ubuntu—all validated by Google.In this technical blog post, learn how to install Anthos on bare metal (ABM), covering the necessary prerequisites, the installation process, and using Google Cloud operations capabilities to inspect the health of the deployed cluster.Related ArticleHands-on with Anthos on bare metalIn this blog post I take you through my experience of deploying Anthos on Bare Metal in my home lab.Read ArticleAnthos in depth: Toward a service-based architectureIn theory, service-based architectures like microservices increase development release velocity with minimum disruption. But in practice, teams often face unforeseen challenges with complexity and operational efficiency that pressure them to adopt modern deployment and management practices better suited to these architectures. Read this post to get a deeper look at how Anthos Service Mesh can help you better understand your services, set high-level policies to control services, and secure inter-service communication without making changes to existing application code.Related ArticleAnthos in depth: Toward a service-based architectureExploring how Anthos Service Mesh improves security, visibility and traffic management.Read ArticleAnthos in depth: Transforming your legacy Java applicationsLegacy applications are holding back business initiatives and the business processes that rely on them. While new apps may be cloud-native, most existing applications are still large monolithic apps—and the majority of those are written in Java. To help, Google Cloud has developed guidelines for modernizing Java applications to deliver immediate operational cost savings, reduced dependencies on proprietary software, and increased delivery speed. Read this post to understand why Anthos is a key part of that path and how it can be used to modernize existing Java apps with containerized microservices alongside VMs.Related ArticleAnthos in depth: Transforming your legacy Java applicationsHow to modernize legacy Java applications with AnthosRead ArticleCongrats, you bought Anthos! Now what?With so many possibilities with Anthos, it might be challenging to know where to start. Don’t worry, we’ve got you covered. Once you have your new application platform in place, there are some things you can do to immediately get value and gain momentum. This post provides our top six suggestions for how to hit the ground running day one with Anthos.Related ArticleCongrats, you bought Anthos! Now what?Deploying a new cloud application platform like Anthos is a big step. Here are some things you can do to help jumpstart adoption.Read ArticleGetting startedAnthos helps companies reap the full benefits of the latest cloud-native technologies like Kubernetes, serverless, and service mesh—without being held back by legacy investments or fear of vendor lock-in. Learn more about how Anthos can help you on your modernization journey by downloading the Anthos under the hood ebook, or get started now in the Anthos Sandbox.Related ArticleIntroducing the Anthos Developer Sandbox—free with a Google accountThe new Anthos Developer Sandbox spins up all the tools you need to learn how to develop for the Anthos platform.Read Article
Quelle: Google Cloud Platform

da Agency

Keep your budgets flexible with configurable budget periods

TL;DR – Automation makes managing budgets easier and the Budget API now supports configurable budget time periods for even more flexibility!As if I wasn’t going to re-use this template for a terrible Python jokeEven though we just walked through some of the basics of using the Budget API, there’s a new feature that’s worth checking out: the ability to set custom time periods on budgets. Here’s a refresher on how budgets work if you’d like one. By default, budgets work on a monthly basis, so they reset on the first of each month. This is pretty convenient for most use cases, but might not work for you if your finances work on different periods. Regardless of what your timing needs are, let’s look at two new ways to work with your budgets!Calendar periodsWith this new update, you can change the general time period that a budget looks at. There are three options here:Monthly: the default for budgets, starting on the first day of each month and ending on the last day of each month (January 1st through January 31st, for example)Quarterly: an even split of the year into four quarters starting on January 1st, April 1st, July 1st, and October 1stYearly: the whole year, starting with January 1stSince budgets are typically repeated, these new options give you additional options for what the time period should look like. Each budget has its own period that it covers, so you can mix budgets of different time periods together for more customizable reporting!These time periods also affect the budget amounts (more info under the Amount section here) if you’re using the dynamic “last period’s spend” rather than a fixed amount. So, if you’re working with a quarterly budget and it’s currently Q2 (April 1 – June 30th), the last period’s spend amount would be based on Q1 (January 1st – March 31st). This works the same way for yearly budgets, so you can easily track your spending year over year. Let’s see what this looks like using the API!Here’s our new function for creating a budget (and here’s a link to the documentation if you want to see more information about the different properties):Adding a calendar period is pretty straightforward, since it’s just passing an ENUM into the budget filter. Here’s the part where the filter is set:andNow we can pass in budgets.CalendarPeriod.MONTH (or .YEAR or .QUARTER) in order to set the calendar period for this budget. We’ve also updated the function that lists budgets to include more information about the budget, so if we create a new budget and list it:The output will look like this:Custom periodsPicking the calendar periods is great, but what if you need something a bit more custom? For example, maybe you want to set a budget for that ever-popular holiday season, or for a week where you’re rolling out a new product? Custom periods (as the name might imply) can help you with those by giving you the option to set custom start and end dates. So if you’re rolling out that new product on August 18th, you could create a budget with a start date of 2021-08-15 and an end date of 2021-08-25 (or whatever else you want) to track spending during just that period. Combined with all the other filters, there’s quite a bit of granularity!These custom period budgets work a bit differently than the typical calendar period budgets, though:Custom period budgets do not repeat. These budgets are only useful for the time period specified so you’ll have to create multiple budgets to cover each of the time periods you want to know more aboutSince they don’t repeat, you can’t use the “last period’s spend” setting for amount, which makes sense because there’s no last period!The start date must be after January 1st 2017. I’m not really sure who this would affect but now you knowAnd the end date is actually optional. If you don’t provide one, the budget will track all the usage after the start date with no end in sightWith all of that out of the way, let’s look at how to actually create these custom period budgets! The same create_budget function works, and here’s the part that actually sets the start and end dates:Since a budget can’t have a calendar period and a custom period, this will create the budget with one or the other and pass in the properties through the budget filter. So when we run the code:The output will be:One more thingIt’s worth noting that any budgets created with a custom time period won’t show up in the UI. For now, these budgets will have to be managed through the API only. This code should hopefully help you get started with managing them and getting ready for when they’ll be available in the console at some point in the near futureTM. Also here’s the updated list_budget code:In the meantime, you can check out the client library and the documentation for more details. Happy budgeting!Related ArticleAutomate your budgeting with the Billing Budgets APIBudgets are ideal for visibility into your costs but they can become tedious to manually update. Using the Billing Budgets API you can au…Read Article
Quelle: Google Cloud Platform

da Agency

AWS License Manager bietet jetzt Berichte zur Verlaufsnutzung von Lizenzen

AWS License Manager ermöglicht es Ihnen jetzt, regelmäßige Snapshots Ihrer Lizenznutzung über alle Ihre AWS-Konten hinweg zu erstellen und diese Berichte direkt in Ihrem S3-Bucket zu speichern. Mit diesen Berichten können Sie Ihre bisherige Lizenznutzung nachverfolgen, die Compliance verwalten und die Ausgaben für Lizenzen reduzieren, indem Sie die maximale Lizenznutzung berücksichtigen. Sie können die Häufigkeit der Berichtserstellung je nach Ihren Anforderungen an das Tracking von Lizenzen aktivieren, deaktivieren und ändern. 
Quelle: aws.amazon.com

da Agency

AWS Database Migration Service unterstützt jetzt Apache Kafka TLS und Authentifizierung

AWS Database Migration Service (AWS DMS) hat seine Integrität und Vertraulichkeit der sicheren Kommunikation auf selbstverwaltete Apache Kafka- und Amazon MSK-Endpunkte erweitert. Unter Verwendung von AWS DMS mit verbesserter Sicherheit-der-Transportebene-Authentifizierung und -Verschlüsselung (TLS) können Sie jetzt SSL-Verschlüsselung und -Authentifizierung oder SASL-SSL verwenden, um Kafka-Endpunktverbindungen zu sichern. Diese Sicherheitserweiterung adressiert den steigenden Bedarf an Cloud-Sicherheit und verbessert die Sicherheit von AWS DMS.  
Quelle: aws.amazon.com

da Agency

AWS kündigt AWS App Runner an

Amazon Web Services, Inc. (AWS), ein Unternehmen von Amazon.com (NASDAQ: AMZN), gibt die allgemeine Verfügbarkeit von AWS App Runner bekannt. Dabei handelt es sich um einen vollständig verwalteten Container-Anwendungsservice, der es Kunden ohne vorherige Container- oder Infrastrukturerfahrung ermöglicht, containerisierte Webanwendungen und APIs mit nur wenigen Klicks zu erstellen, bereitzustellen und auszuführen. Kunden stellen einfach den Quellcode, ein Container-Image oder eine Deployment-Pipeline zur Verfügung, und App Runner baut die Webanwendung automatisch auf und stellt sie bereit, sorgt für Load Balancing, skaliert bei Bedarf und überwacht den Zustand der Anwendung.
Quelle: aws.amazon.com

da Agency

Bekanntgabe der allgemeinen Verfügbarkeit von AWS IoT Core Device Advisor

AWS IoT Core Device Advisor, eine vollständig verwaltete Cloud-basierte Testfunktion zur Validierung von IoT-Geräten, ist jetzt allgemein in den Regionen us-east-1, us-west-2, eu-west-1 und ap-northeast-1 verfügbar. Jetzt können Entwickler vorgefertigte Tests verwenden, die von Device Advisor bereitgestellt werden, um zu validieren, dass ihre IoT-Geräte bewährte Methoden für zuverlässige und sichere Konnektivität mit AWS IoT Core implementieren. Die vorgefertigten Tests von Device Advisor helfen Entwicklern, ihre Gerätesoftware schnell gegen die bewährten Methoden für die Verwendung von TLS, MQTT, Device Shadow, und IoT-Jobs zu validieren und dadurch die Kosten und den Zeitaufwand für die Entwicklung, das Testen und die Bereitstellung zu reduzieren.
Quelle: aws.amazon.com

da Agency

Amazon EKS und EKS Distro unterstützen jetzt Kubernetes Version 1.20

Kubernetes entwickelt sich angesichts häufigen Funktions-Releases und Fehlerbehebungen sehr schnell. Zu den Highlights von Kubernetes 1.20 gehören RuntimeClass und Process ID Limits, die den stabilen Status erreichen, API Priority und Fairness, die standardmäßig aktiviert sind, und kubectl debug, das den Beta-Status erreicht hat. Weitere Informationen zu Kubernetes in Version 1.20 finden Sie in den Versionshinweisen für das Kubernetes-Projekt.  
Quelle: aws.amazon.com