/tags/research/Recent content in Research on SecurosisHugoen-usThu, 09 Jan 2025 17:00:00 +0000/research/howto/security-invariants/Thu, 09 Jan 2025 17:00:00 +0000/research/howto/security-invariants/<p><em><strong>Note:</strong> This post has been revised to include the new capabilities released by AWS prior to re:Invent 2024.<br> You can also check out the re:Invent presentation we did with Securosis: &ldquo;Security invariants: From enterprise chaos to cloud order&rdquo; <a href="DEV401_Security-invariants-From-enterprise-chaos-to-cloud-order.pdf">slides</a> - <a href="https://www.youtube.com/watch?v=aljwG4N5a-0">video</a></em></p>/research/papers/the-universal-cloud-threat-model-for-cloud-native-security/Tue, 23 Apr 2024 00:00:00 +0000/research/papers/the-universal-cloud-threat-model-for-cloud-native-security/<p>The Universal Cloud Threat Model is a collaboration between <a href="https://www.primeharbor.com">PrimeHarbor Technologies</a> and Securosis. It is a <em>cloud-centric</em> threat model to help organizations focus security efforts on the most-common attacks most organizations will experience. The UCTM is designed as an adjunct to other threat models. From the introduction:</p>/research/papers/modernizing-secops-for-cloud/Fri, 23 Feb 2024 00:00:00 +0000/research/papers/modernizing-secops-for-cloud/<p>Security Operations, SecOps for short, has been one of the more difficult security domains to modernize for cloud. It requires a combination of new subject matter expertise, new technologies, process updates, and even a slightly different mindset. Cloud impacts SecOps in ways both obvious and subtle, and because most organizations still have datacenters and offices, teams need to add new skills and update operations while still supporting everything already on their plates. It’s a daunting challenge, but one that can be made much easier to tackle by distilling down, into the core of how cloud changes things, and taking lessons from the successes of early adopters.</p>