That's definitely aligned with what we see, we work with orgs where we're the next step after Guard Duty and some who already have more in place.
Certainly for the base usage, switching GuardDuty on can be a no brainer, as we touch on in the article - it's the additional SKUs where things a get a bit less clear.
Tracebit is on a mission to reduce the global mean time to detect and contain security incidents from months to minutes.
The two founders are building on their experience at Tessian to vastly improve an organisation’s cloud security (and beyond). On the back of a successful seed fundraise, we are looking to hire the first 5 engineers to join our founding team.
You'll be responsible for:
* Working across the entire tech stack (C#, .NET Core 8, Terraform, HTMX)
* Contributing to a scalable and secure architecture
* Working closely with the CTO and a team of exceptional engineers
You're a great fit if you:
* Have experience shipping software at scale
* Enjoy working in a fast-paced, early-stage startup environment
* A love of getting things done and having fun
Bonus points for:
* Experience in cloud security, ideally at a Product focused company and/or working with at least 1 of the public clouds (AWS, Azure, GCP, etc.)
On-site role (5 days a week) in Central London
Learn more and apply: tracebit.com/careers\
Exactly - this isn't going to open the door for someone but could add a ton of value to enumeration.
As we are very canary focused, we also think it's interesting to consider the implications of the recent research from Truffle Security w.r.t canary tokens (https://trufflesecurity.com/blog/canaries).
The initial text was ambiguous but the author has now clarified their answer in this thread. Do you really think they were happy with this? I actually think this might open other attack vectors.
I agree that the account number just by itself is not a secret, but there is a reason why all AWS demo videos mask the account number.
This is my attitude towards security disclosures. In this case, Amazon approved the disclosure. But even if they hadn't, it's better for the good guys and bad guys to know about problems when the alternative is only the bad guys knowing (or the bad guys and a few good guys at the affected company).
Tracebit lets security teams implement ‘assume breach’ with automated cloud based honeypots or canaries.
Off the back of a successful seed fundraise from Accel, we are actively hiring for smart people who get things done in the following positions:
On-site roles (5 days a week) in Central London.Learn more and apply: https://tracebit.com/careers