|
|
|
|
|
|
by drodgers
700 days ago
|
|
|
I couldn't have said it better myself. The actual product could be much better, but I actually think AWS is perfectly placed to run network and host intrusion detection; they can hook into the hardware when needed, they can instrument all the routers and switches, they can correlate patterns across many clients, all while not opening up the monitored systems to a third party over the internet. > they introduce their own attack surface on hosts I think this is a hugely underrated problem. Installing a kernel module with an internet-connected control plane is not a great way to improve security (especially when that control plane is run by a third party who might — hypothetically — push code updates through a server which accepts the password "solarwinds123"). |
|
|