The OpenSecOps newsletter provides updates on our open-source AWS security and operations platform. Subscribe for announcements about new features, security best practices, implementation tips, and community contributions. We'll share insights about our Foundation (AWS infrastructure best practices) and SOAR (security automation) components, along with practical guidance for deploying and managing secure cloud environments. This low-volume newsletter helps you stay informed about this project that reduces AWS setup from person-years to just days.

https://buttondown.com/opensecops

​The primary motivation behind our open source transition is straightforward: ensuring continuity and security for organisations that depend on these tools.

By open-sourcing our entire platform:

• Organisations will always have access to the source code running their security infrastructure
• The community can inspect, verify, and contribute to the security of the platform
• Long-term viability is guaranteed regardless of market conditions
• Security benefits from the collective expertise of the AWS community

Unlike many open source projects that prioritise rapid feature development, our approach is distinctly security-focused:
​

• Rigorous contribution guidelines that emphasise security above all else
• Stringent review process for all proposed changes
• Zero tolerance for security compromises in any contribution
• Controlled evolution to protect existing production deployments​​

This security-first governance model reflects the reality that OpenSecOps components are deployed in financial services and other security-sensitive environments where stability and security are non-negotiable requirements.

​Our complete platform is now open source, including:
​

• OpenSecOps Foundation: Our enterprise-grade AWS infrastructure implementation with centralised logging, SSO configuration, and stringent security best practices and protections
• OpenSecOps SOAR: Our security orchestration platform with automated incident response, forensic capabilities, automatic remediation of security issues, and AI-powered reporting
• Comprehensive Documentation: Installation guides, technical design specifications, and standard operating procedures
  
  

Everything is provided under the Mozilla Public License 2.0, offering both openness and appropriate protections. The MPL 2.0 licence was carefully chosen because it doesn't restrict users in how they implement or deploy the software, whilst ensuring that modifications to the original code remain open source. This means organisations can freely integrate OpenSecOps into their environments without licensing concerns or restrictions on their own proprietary systems.

The open source model offers the ideal path forward for these security platforms. It ensures transparency, continuity, and community engagement whilst maintaining the high security standards that our users require.

We believe that security tools should be accessible, transparent, and community-driven. By embracing open source, we're creating a foundation for more secure AWS environments across all organisations, regardless of size or industry.

Join us on this journey as we build a more secure cloud future together.

In the frenzied world of tech, where buzzwords are as common as overpriced lattes, "AI" has become the latest darling. But here's a sobering thought: recent polls suggest that touting AI use in products might actually be turning customers off. 

Why? For starters, GenAI, the current poster child of the AI world, is perceived as a young, unpredictable technology prone to hallucinations. Not exactly the qualities one wants in a cybersecurity setup.

Here's where it gets interesting. In the collective rush to either embrace or shun "AI", the industry has lumped together a veritable smorgasbord of technologies under one umbrella. Machine Learning, statistical methods, expert systems – all thrown into the same pot as GenAI and stirred with a healthy dose of hype.

This conflation is not just problematic; it's potentially dangerous. Machine Learning (ML), for instance, is the seasoned professional to GenAI's intern. It's been around the block, proven its mettle, and doesn't attempt to write poetry when asked to analyse network traffic.

Consider AWS's security suite. It's built on years of ML, statistical analysis, and logical reasoning. There are no GenAI hallucinations here. Just robust, battle-tested algorithms doing what they do best – keeping digital fortresses secure.

Now, let's talk about OpenSecOps SOAR. As AWS specialists, we've built it on top of AWS's security bedrock (pun intended), leveraging these tried-and-true AI methods. It's akin to having a team of veteran, hard-core AWS security experts working 24/7.

But OpenSecOps.org isn't Luddite. GenAI is used too – judiciously. Through AWS Bedrock and Claude 3.7 Sonnet, OpenSecOps SOAR harnesses GenAI's strengths for what it's good at: generating human-readable reports, educating developers, and summarising trends. Importantly, all data stays within AWS's walls. No wandering bits here.

The key is knowing when to use what. ML for the heavy lifting of security analysis? Absolutely. GenAI for turning that analysis into informative reports? Certainly. Numerical data precomputed for total accuracy using discrete, old-fashioned code? You bet. It's about using the right tool for the job, not jumping on the latest bandwagon.

So, the next time someone presents their "AI-powered" solution, inquire about which AI they mean. Is it the equivalent of a seasoned security professional or a chatty intern with a penchant for creative writing?

Effective cybersecurity isn't about chasing the latest fad. It's about leveraging proven technologies intelligently and using newer ones cautiously. Delegat isn't interested in riding the hype train. The focus is on keeping systems secure, using every tool at its disposal – hallucination-free.

​Do you remember the Log4j exploit? In late 2021, this vulnerability sent shockwaves through the IT industry, leaving organisations scrambling to assess their risk and implement protective measures. For weeks, IT security departments worked overtime, issuing directives and diverting significant resources to address the threat. The atmosphere was tense, with many companies operating in a state of heightened alert.

This scenario, unfortunately, is not uncommon in the world of cybersecurity. New vulnerabilities emerge regularly, often catching even the most prepared organisations off guard. The traditional response involves a flurry of activity: emergency meetings, hasty patch deployments, and anxious monitoring of systems. It's a reactive approach that, while necessary in many cases, can be both costly and disruptive.

​​But what if there were a way to stay ahead of these threats without the panic? Enter OpenSecOps SOAR. This system leverages the power of AWS's security suite to provide a proactive defence against even the most novel threats.

In the case of the Log4j vulnerability, AWS updated its GuardDuty detectors within a remarkably short timeframe. For organisations using OpenSecOps SOAR, this meant immediate protection without any manual intervention. The system would have automatically detected any exploit attempts, snapshotted affected servers for forensic analysis, and terminated compromised instances to prevent further damage.

This automated response isn't just about speed; it's about consistency and comprehensiveness. While human teams might miss indicators during a crisis, OpenSecOps SOAR's integration with AWS's machine learning-driven security tools ensures that no potential threat goes unnoticed.

Moreover, the system's ability to snapshot and terminate compromised servers in parallel is a game-changer. In a large-scale attack, this capability can significantly reduce the attack surface in minutes, a feat that would be  impossible for human teams to achieve.

​The benefits extend beyond immediate threat response. By automating these critical security functions, OpenSecOps SOAR frees up security personnel to focus on strategic initiatives rather than firefighting. It also provides peace of mind, knowing that your systems are protected against threats you haven't even anticipated yet.
​
​This approach to security aligns perfectly with the evolving nature of cyber threats. As attacks become more sophisticated and frequent, relying solely on human intervention becomes increasingly untenable. OpenSecOps SOAR, built on the robust foundation of AWS's security services, offers a way to stay ahead of the curve.

In essence, OpenSecOps SOAR transforms your security posture from reactive to proactive. It's not just about responding to threats; it's about being prepared for them before they even materialise. In a world where the next big vulnerability is always just around the corner, this level of readiness isn't just beneficial – it's essential.

​This is the typical monthly cost for running OpenSecOps SOAR.

How much are you paying for 24/7 security monitoring, automatic fixing of security flaws and complete incident handling with full engagement of the appropriate teams? And of course full weekly reports to all stakeholders.

Serverless is serverless. 

We see open source as a strength. It's no secret that part of our offerings is open source, written by us or other reputable developers. For instance, here's the new version of our serverless log aggregation system:

https://github.com/OpenSecOps-Org/Foundation-control-tower-log-aggregator

The log aggregator is part of OpenSecOps Foundation and will massage your AWS log files to cut your log file storage costs in half, amongst other things. 

Suppose you use it with our open-source multi-account log aggregator, (https://github.com/OpenSecOps-Org/Foundation-CloudWatch2S3). In that case, you have a complete solution for automatically collecting CloudWatch logs from all accounts in an AWS organization and storing them centrally in a consistent format and structure along with all system logs. 

Best of all, it costs you absolutely nothing.

You'll find all our open-source offerings here.

Why do we do this? Because we like to get the initial complexities out of the way so we can assist our clients with the architecture that really matters. Thus, OpenSecOps Foundation has no license fee; we only charge for the time it takes us to install it. Now that's a value proposition you might want to consider.

P.S.: Apart from our open source, you'll like our proprietary security aspects too, which include fully text-based configuration and a battle-tested system to prevent any escalation of privileges, amongst other things. Full details here.

Yesterday, AWS added 85 new security controls to AWS Security Hub in the form of a new security standard, the AWS Resource Tagging Standard, used to identify if any of your AWS Resources are missing tag keys required by your organisation.

This brings the number of security controls to 386.

Best of all, if you're using software built on Security Hub, such as OpenSecOps SOAR, these 85 new controls are supported out of the box. In OpenSecOps SOAR's case, this means you can set any tag requirement and be sure your teams will be ticketed and instructed to add the appropriate tag in every single case. With SLAs and escalation.

It also means you don't have to write any additional automation to ensure your infrastructure is tag compliant. It just works.

Nice. 

The announcement from AWS is here.