There’s a growing trend spreading through many different organizations in which automated and advanced security features are being developed, capabilities which were previously in the realm of more traditional security vendors.

There’s now more security in more places than ever before, with much of it owing to infrastructure and software-as-a-service providers. We can use this trend to learn lessons on what we can be doing to add more security everywhere.

In my last blog post, I discussed AWS GuardDuty. GuardDuty uses threat intelligencemachine learning and anomaly detection to deliver agent-less security findings across a variety of AWS services. Amazon, which grew from a book seller to a hosting company, is now giving you the advanced security features to detect hackers in your network or abuse of your resources all without installing any additional tools or software. This is a completely cloud-native network threat intelligence security solution baked right into your infrastructure.

Of course, not to be outdone, Microsoft has quite a few security features built into Azure. Notably, one of the features of Azure Active Directory is the ability to identify risky sign-ins. Using a combination of threat intelligence and user behavior analysis, Azure Active Directory can log, further scrutinize, and deny sign-ins which fail a risk policy. This type of intelligence would previously have only been found in yet another installation, software for user, and entity behavior analytics.

The infrastructure providers have a lot of surface area to cover, but software-as-a-service players can automate a lot for you as well. One of my favorite examples of this is Github. Github is a software-as-a-service provider of the popular “git” version control system, most commonly used for storing program source code. GitHub provides security alerts for vulnerabilities in source code dependencies and even instructions on how to (Read more...)