Blog: Cloud Security

Cloud Security Cloud Security Auditing With Steampipe Read More
June 25, 2021 -

This post talks about how we use different tools to accomplish different tasks in a cloud security context, zooming in on Steampipe as a tool that should make it very easy to prepare for and meet audit requirements. Cloud Security Auditing There are a couple of different things that we think of when we think […]

Read More
Cloud Security Cloud Security In Real Life Read More
September 19, 2019 -

We’re doing a fair number of cloud security assessments. This post will talk a bit about what we have found and some common ideas that seem to apply across them. Cloud Security Assessment Process When we do work with a client to help them secure their cloud environment, let’s just talk about AWS for now, […]

Read More
Cloud Security Exploring CloudTrail Read More
March 25, 2019 -

We had a customer ask us to dig for some indicators of compromise in their AWS account. We are already using our JASP tool to help them to check security configurations in general, so we took the opportunity to formalize some of what we’re doing into a tool which we plan to open source once […]

Read More
Cloud Security JASP Check Deep Dive: Redshift Read More
November 30, 2018 -

Redshift is Amazon’s data warehousing solution.  Here’s how they describe it on its promo page: Redshift delivers ten times faster performance than other data warehouses by using machine learning, massively parallel query execution, and columnar storage on high-performance disk. You can setup and deploy a new data warehouse in minutes, and run queries across petabytes […]

Read More
Cloud Security JASP Check Deep Dive: S3 Read More
November 8, 2018 -

It is very common to find Amazon S3 buckets misconfigured. We found one in a pen test this week. We find them frequently.  The most common things we see with S3 buckets is that people leave them open to the world and don’t encrypt them.  The one we found this week also let us delete […]

Read More
Cloud Security JASP Meta: November 2018 Edition Read More
November 6, 2018 -

Building JASP has been a really interesting experience for all of us at Jemurai.  This post captures some of what I think we’re seeing and learning right now. We bootstrapped.  Lots of people think raising venture capital for an idea is the best way to build and grow.  We still bootstrapped.  That means we paid for […]

Read More
Cloud Security JASP Check Deep Dive: ECR Read More
October 31, 2018 -

As we build JASP, we’re brainstorming and learning about security (so far, primarily in AWS).  This is the first in a series of “Check Deep Dive” posts that talk about things we are checking for in JASP.  It seems like an interesting area to share information.  Incidentally, we’re also going to post more meta posts […]

Read More
Cloud Security JASP Dashboards Read More
October 30, 2018 -

JASP is a platform for security automation.  We currently focus on monitoring AWS environments for potential security issues. Throughout September and October, we have been refining JASP dashboards.  The goal is to give user’s the simplest possible summary view of how they are doing.  We wanted to help convey a sense of how a user’s […]

Read More
Cloud Security JASP 1.1 Read More
August 22, 2018 -

In case you haven’t seen it, we’ve made some awesome progress in our JASP tool. We added more advanced scoring and a “The One Thing™” screen which captures the one thing you should go fix. With 1.1 we’re adding Reporting capabilities, including slice and dice by AWS service, date introduced, etc. Updated product web site: https://jasp.cloud […]

Read More
Cloud Security JASP 1.0.3 Read More
June 8, 2018 -

Today we’re publicly releasing version 1.0.3 of JASP, our cloud security automation tool:  https://jasp.jemurai.com. We think of it as “we’ll watch your back in the cloud“.   We currently work in AWS and check for common security issues across EC2, S3, and RDS and many other services.  You can sign up on the website and get […]

Read More
Menu
Menu
© 2019-2022 Jemurai. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram