Tool Release – Principal Mapper v1.1.0 Update

Principal Mapper, or PMapper, is a tool and library for in-depth analysis with AWS Identity and Access Management, as well as AWS Organizations. PMapper stores data about AWS accounts and organizations, then provides options to query, visualize, and analyze that data. The library, written in Python, enables users to extend PMapper's functionality for other use-cases. … Continue reading Tool Release – Principal Mapper v1.1.0 Update

Securing Google Cloud Platform – Ten best practices

Introduction At NCC Group, we routinely assess the configuration of our clients’ cloud environments. These reviews aim to ensure that the environments are in line with security best practice and provide appropriate protection for sensitive information and resources. Google Cloud Platform (GCP) has grown steadily since 2011 – both in features and in adoption. This … Continue reading Securing Google Cloud Platform – Ten best practices

Introducing Azucar

Conducting a thorough Azure security build review or Azure security assessment can be difficult. Clicking through the Azure Ibiza [1] portal to review the details on many of its services, including, but not limited to, Azure Active Directory (Azure AD), resource groups, virtual machines, storage accounts, databases, database servers and other services isn’t always feasible. … Continue reading Introducing Azucar

CloudWatch: Amazon Web Services & Shellshock

Introduction As more of our services move to rented virtual servers, applying centralised protective monitoring becomes more of a challenge. Offerings such as Assuria’s Cloud Security Suite and Splunk’s Storm show the demand for elastic and easily configurable monitoring that can be deployed on cloud provisioned infrastructure. Amazon has responded to these services by creating … Continue reading CloudWatch: Amazon Web Services & Shellshock