Forem: Eddiesegal

A Gentle Introduction to Incident Response

Eddiesegal — Sun, 14 Jun 2020 17:30:13 +0000

An incident response plan can identify vulnerabilities, and detect and respond to security incidents. The goal of an incident response plan is to facilitate and standardize effective response to incidents and reduce potential damage. In this article, you will learn what is incident response, incident response steps and what components are critical to include in the plan.

What Is an Incident Response Plan?

Incident response refers to the actions you take when a cyber attack occurs, and during events of data loss or service outage. Without a solid incident response plan, you are likely to suffer the full effects of a data loss incident These incidents can lead to loss of customer data, intellectual property, trade secrets, and the resulting compliance fines. An incident response plan usually consists of a set of guidelines and instructions for responding to security incidents.

An incident response plan enables you to detect issues as fast as possible and minimize damages. A well-developed incident response strategy prevents cyber-criminals from attacking your system and stealing or manipulating your assets.

6 Incident Response Steps

An efficient incident response plan should include the following steps.

1. Preparation
The preparation stage includes the review and assessment of the underlying security policy of your systems. Assess your potential risks and prioritize security issues. Identify the most sensitive assets, and define the most important incidents your team should focus on.

Prepare documentation that clearly states the roles, responsibilities and processes, and create a brief communication plan. However, note that planning is not enough. You also have to hire CIRST members and train them. Make sure they have access to all relevant tools, and systems they need to identify and respond to incidents.

2. Identification
The incident response team has to effectively identify anomalies in the normal behavior of organizational systems. The team also has to find out if those anomalies represent real security threats.

The team should immediately gather additional evidence, decide on severity and type, and document every action when they discover a potential incident. Proper documentation enables companies to prosecute attackers in court by providing answers to questions like Who, What, Where, Why, and How.

3. Containment
The immediate goal after a security incident identification is to prevent additional damage from occurring. This includes:

Short term containment—simple actions like isolation of a network segment that is under attack, or shutting down hacked servers and moving the traffic to backup servers.
Long term containment—creating new clean systems, and preparing to bring them online in the recovery stage, while implementing temporary fixes on affected systems in production.

4. Eradication
The team must find the main reason for the attack and prevent similar attacks in the future. For instance, if the authentication system was the root cause of the attack, you have to replace it with a stronger authentication mechanism. Any exploited vulnerability should be immediately patched.

5. Recovery
Incident response teams have to carefully bring affected production systems back online to prevent additional incidents. Teams need to decide from which date and time to restore operations, how to verify and test that the affected systems are back to normal, and how long to monitor the systems to ensure activity is back to normal.

6. Learning
The objective of this step is to document things that you could not document during the incident response process. You also need to identify the full scope of the incident with further investigation of how it was eradicated and contained, how the system was recovered, and incident response actions that require improvement. Teams should perform this phase no later than two weeks from the end of the incident, to ensure information is fresh.

Considerations for Incident Response Planning

An effective incident response plan should include the following elements:

Consistent testing—security teams must test the incident response plan before actually using it. Teams should conduct a planned or unplanned security drills. You should run through the plan and identify weak spots to ensure that the team is ready for a real incident.
Senior management support—support from management enables you to recruit the most qualified members for your incident response team. The right kind of support enables you to create processes and information flows for effective incident management.
Balance between detail and flexibility—the plan has to include specific, actionable incident response steps. However, creating rigid processes leads to complex processes and prevents flexibility in unexpected scenarios. You should create a detailed plan but allow a certain degree of flexibility to support different incidents. Frequent updates of the plan can also help with flexibility. You should review the plan approximately every six months to update the plan with new security issues and attacks that can affect your organization.
Define your stakeholders—the plan should define who should care and be involved in a security incident. This can change depending on the incident type and the targeted organizational resources. Stakeholders could include senior management, department managers, customers, and legal partners.
Clear communication—the plan should clearly define the communication channels of the incident response team. The team has to know what channels to use to transfer information. This part is often overlooked in incident response plans. For instance, the plan should describe what level of detail you can communicate to senior management, IT management, to affected customers, to affected departments, and to the press.
A simple plan—incident teams are not likely to follow a complicated plan in real time, even if the plan is very well thought out. Keep details, procedures and steps to a minimum. A simple plan ensures that the team can process and apply the steps as they enter the “fog of war”. ## Conclusion Cyber criminals use advanced technology and social engineering to hack systems, networks, and devices. They deploy bots, use Artificial Intelligence (AI) to imitate human behavior, and trick users into revealing information. Differentiating between regular user behavior and malicious activity is getting harder because hackers always improve their techniques.

Organizations must always update their incident response plans to ensure the safety of their systems and networks. Additional technologies like threat intelligence and UEBA can help keep organizations protected even during zero-day attacks.

JAMstack for Marketing: Building Fast and Secure Websites

Eddiesegal — Tue, 26 May 2020 05:39:26 +0000

Today’s web users expect fast and secure websites. They cannot tolerate long page load times, and they value the privacy and security of their sensitive and financial information. To ensure positive user experience and brand authority, you can leverage modern web development approaches like JAMstack.

What Is JAMstack?

The term JAMstack was introduced by Mathias Biilmann to describe a modern web development approach based on reusable Application Programming Interfaces (APIs), client-side JavaScript, and prebuilt markup.

JAMstack enables front-end developers to build apps without using a back-end server. A back-end server consists of three things—a database, server and application. Instead of back-end technologies, developers use APIs to enable connections from front-end frameworks. This approach saves a lot of time and effort.

The “JAM” in JAMstack stands for JavaScript, APIs, and Markup:

JavaScript—is running entirely on the client-side. As a result, the client-side can handle any dynamic programming during the request or response.
APIs—all database actions or server-side functions are transformed into reusable APIs. You can access those APIs with third-party services or custom-built tools over HTTPS with JavaScript.
Markup—JAMstack uses prebuilt markup templates at build time.

Marketers can leverage JAMstack to build static websites instead of dynamic. A static website consists of HTML files that represent an actual website page. Static websites do not use any server technologies, and most of the back-end functionality takes place in the user's browser.

The static nature of a JAMstack makes scaling easy and causes little to no operational overhead. In addition, JAMstack improves security since static websites are taking databases out of the equation. As a result, hackers cannot use database vulnerabilities attacks like SQL injections.

Moving Away from Traditional CMS and Plugins

For a long time, marketers have used Content Management Systems (CMS) like Wordpress or Drupal to manage website content. Traditional CMS provide marketers the autonomy to manage sites with plugins, add-ons, and other user-friendly features.

WordPress loads plugins only when a user is about to browse a website. This process affects load speed and performance. As a result, plugins and page builders can seriously affect user experience and overall performance of dynamic websites managed by a traditional CMS.

Moving away from the concept of plugins and adopting JAMstack does not mean you have to know how to code like a front-end developer or give up functionality. You can still achieve the same results with dedicated services and tools like headless CMS.

Leveraging the Power of JAMstack with Headless CMS

The front-end and back-end in traditional CMS like WordPress are tightly locked together. As a result, non-technical users can create, manage, and publish content in a single interface. However, developers have to spend more time on delivering sophisticated content to a wide variety of devices.

Headless CMS separates front-end tasks—like presentation—from back-end content tasks—like storage and management. Developers can build front-end applications without any back-end restrictions by using APIs. Headless CMS enable marketers to generate content from multiple front-ends making it a perfect match for JAMstack websites.

Benefits of Headless CMS

Marketers use CMS to manage website content. When managing a JAMstack website with Headless CMS, marketers gain the below benefits.

1. Create content only once
Marketers can create content once while enabling developers to display it on any device. This means more time for building engaging user experience and less time spent on administration.

2. Enhanced user experience
The client-side just renders content, it does not need to communicate with the back-end system. As a result, the website design feels more responsive, fast, and consistent.

3. No back-end restrictions
Developers can build user experience functionalities by using tools they know without any restrictions and then deliver content using APIs.

Disadvantages of a Headless CMS

Headless CMS is not a magic bullet to fix all your content challenges. They can come with some major issues that you need to consider.

Marketers cannot use What You See Is What You Get (WYSIWYG)
A WYSIWYG editor enables you to see the result of how the content will look like while it is being created. Marketers do not have this option in headless CMS, since there are no front-end functionalities.

No real-time communication
Headless CMS does not provide the option to send customer data from the front-end to the back-end in real-time. As a result, you cannot run content analytics activities or personalize user experiences. Personalization is a fundamental requirement in modern websites. Personalization means using data analytics to meet individual user needs.

Pros & Cons of JAMstack for Marketers

There are more JamStack benefits for marketing professionals besides using it instead of a traditional CMS.

JAMstack benefits:

Improved technical skills—when launching a JAMstack website, marketers often find themselves working with code every day. As a result, you can manage, and optimize the content more easily after the launch.
A better understanding of the site structure—when working with JAMstack, marketers are exposed to the building process of the site structure. This leads to a better understanding and communication between dev, design and marketing teams.
Simultaneous development and content workflow—marketers can see the iterative content improvements being made instantly by developers.

JAMstack downsides:

Longer delivery times—delivery of new marketing material can take longer compared to traditional methods like CDN. It depends on your stack and your team. Sometimes marketers need to wait for the development team to address their needs.
New technology—often comes with exciting bugs or issues that can take a while to resolve.
Technical challenge—there may still be parts of the site that based entirely on code. You need to edit content and metadata in multiple places.

Tips for a Successful JAMstack Website Launch

Launch of a JAMstack website requires close collaboration with developers. Developers need to know exactly what functionality you want to build into the website. You need to be clear about what content and data you expect to push into your static site with headless CMS.

Most likely you will need to integrate your website with analytics services and tools. Each JAMstack website may have a different way of integration. Therefore, you need to have a concrete plan from the start, so nothing gets lost.

Conclusion

The marketing stack becomes more complex when things like website speed and performance influence user experience. JAMstack and headless CMS are effective methods for quick website deployment.

Keep in mind that JAMstack requires technical skills and seamless collaboration between marketers and development teams. You will also need to integrate with analytics tools, and do away with real-time analysis.

If you’re considering adopting JAMstack, assess your situation critically and plan in advance. JAMstack can be ideal for marketers managing content websites that require simple analytics, but it might not work for eShops that need real-time personalization.

Hopefully, this article has helped you gain a better understanding of JAMstack, and whether it’ll be a good fit for you or any of your projects.

Top 5 Open-Source Incident Response Tools

Eddiesegal — Thu, 16 Apr 2020 11:08:25 +0000

In the overall field of cybersecurity, incident response is the strategy that covers how teams, organizations, and tools respond to security events. Typically, you use an incident response plan (IRP) to outline the practices and resources used during cyber security events. While there is much to be said about the composition of an IRP, this article focuses on incident response tooling, including an overview of different IR tools and a review of top open source solutions.

What Is Incident Response?

Incident response (IR) is a strategy you can use to respond to and recover from security incidents. It includes procedures and processes for detecting, identifying, halting, and recovering from an incident. It also typically includes steps to protect your systems from future attacks by applying knowledge gained during response.

Incident response is performed via an incident response team using an incident response plan. The primary goals of both team and plan include reducing the:

Number of affected systems and users in an incident
Length and depth of attack
Amount of damage inflicted by an attack
Length of recovery time
Cost of remediation and recovery

Types of Incident Response Tools

When implementing your incident response strategy, there are a variety of tools you can incorporate. These tools can help your teams respond faster and more effectively to most incident types. Many tools can also help you automate monitoring and responses, allowing you to better optimize your resources.

Below is a breakdown of the most commonly used tools:

IR tool type	Tool description	Examples of tools
System information and event management (SIEM)	SIEM solutions are used to collect and aggregate data from logs created by applications, host systems, and network and security tools. These solutions analyze and correlate data to provide insight into system and network events. Solutions can help teams identify, investigate, and track possible incidents.	Exabeam, AlienVault OSSIM, QRadar, USM, ESM
Intrusion detection system (IDS)	IDS monitors your network and systems for suspicious activity or known threats. Often, these tools use a combination of behavior baselines and attack signatures to identify events. These tools can then feed attack information to SIEMs for centralization.	Snort, Suricata, BroIDS, OSSEC
Netflow analyzer	Netflow analyzers evaluate network traffic internally and across your perimeter. These tools enable you to track activity as it travels across your network, including protocols used and assets accessed.	Ntop, NfSen, Nfdump
Vulnerability scanner	Vulnerability scanners enable you to assess your systems for known issues and vulnerabilities. For example, out-of-date software or misconfigurations. These tools can provide you with an inventory of your risks and recommendations for remediating issues.	OpenVAS
Availability monitoring	Availability monitoring tools help you monitor your networks to identify the status of applications or devices. These tools can help you identify drops in performance or device failures early on to limit the impact on your systems and services.	Nagios
Web proxy	Web proxies enable you to control what websites are accessed through your network and to log what connections are made. These tools can help you track threats that stem from HTTP connections.	Squid Proxy, IPFire

Top Open-Source Incident Response Tools

Depending on the level of protection you need and the amount of in-house expertise you have, there are numerous open-source tools you can use. Below are five of the top tools you should consider.

GRR Rapid Response

GRR Rapid Response is an incident response framework, developed by Google, that you can use to investigate incidents and collect forensic evidence. It is composed of a client, deployed on the systems you want to investigate, and a server that provides a web-based GUI and API endpoint. GRR Rapid Response is designed to enable you to perform forensic analyses at scale and can operate on hundreds of thousands of machines.

Features of GRR Rapid Response include:

Client libraries in Python, Go, and PowerShell
Data export in a variety of formats
Automated scheduling capabilities
Asynchronous messaging for scalability

AlienVault OSSIM

AlienVault OSSIM is a SIEM that was recently incorporated into AT&T’s cybersecurity offerings. It incorporates information from the AlienVault® Open Threat Exchange® (OTX™) to ensure that your system is protected with the latest threat information.

You can use AlienVault OSSIM on-premises or in virtual environments, such as the cloud. However, the open-source version can only be deployed on a single server. If you want to federate servers, you can upgrade to the paid version.

Features of AlienVault OSSIM include:

Asset discovery
Vulnerability assessments
Intrusion detection
Behavior monitoring
Event correlation

Malware Information Sharing Platform (MISP)

MISP is a threat intelligence sharing platform you can use to gather, store, correlate, and share threat intelligence. This includes indicators of compromise (IoCs), vulnerability information, financial fraud data, and counter-terrorism information. The purpose behind MISP is to enable organizations to help each other more accurately identify threats and develop methods for detecting threats sooner.

Features of MISP include:

Database of IoCs
Automated correlation engines
Flexible data model
Intuitive user interface
Ability to export and import data in a variety of formats

TheHive

TheHive is a four in one incident response platform that integrates with MISP. It is designed to enable security teams to collaborate in real-time, monitor systems from a central dashboard, and automate responses. TheHive incorporates another tool, Cortex, that enables you to analyze and automate the collection of network observables. For example, IP addresses, URLs, or hashes.

Features of TheHive include:

Integrated analysis engine
Integrated threat intelligence platform
Authentication support
Case and alert management capabilities
Custom dashboards and reporting

Cyphon

Cyphon is an incident management and response platform that you can use to collect, process, and triage event data. It can collect data from a wide range of sources, including endpoint agents, IDS solutions, packets, vulnerability scanners, and cloud APIs. To use Cyphon, you need to be able to host a Docker container as the platform is designed as a set of microservices.

Features of Cyphon include:

Data aggregation
Centralized dashboard
Custom alerting with push notifications
Event prioritization
Response tracking

Conclusion

As digital transformation continues to sweep over the globe, more data makes its way into the digital sphere. This is cause for celebration for hackers, who enjoy an increase in the resource they can steal, ransom, sell, and mine for crypto purposes. However, not every attack needs to result in a breach.

With the help of incident response tooling, you can ensure that your devices, systems, and networks are monitored continuously. You can set up your IR tools to alert you during an incident, so you can respond swiftly, counter the attack, and prevent a breach on your systems. For efficient response, be sure to centralize controls, and configure alerts with as less false positives as possible.

Top 7 AWS EFS Performance Tuning Tips

Eddiesegal — Sun, 05 Apr 2020 05:20:34 +0000

AWS Elastic File System (EFS) is a scalable, cloud-based file system that you can use in AWS. It is designed for Linux-based applications. You can use it as a stand-alone file system, in combination with on-premises resources, or with other AWS services, such as EC2. In this article, you will learn seven techniques for optimizing EFS performance.

How EFS Works

EFS is based on the NFSv4 file system structure protocol. This mirrors most on-premises structures and enables you to smoothly and simply migrate files. When using EFS, you can choose between Standard Access and Infrequent Access.

Standard access is designed for frequently accessed items and provides low-latency access. Infrequent Access is designed for long-term storage and data that isn’t often needed. It provides lower-cost storage in exchange for higher-latency.

EFS does not require storage provisioning, allowing you to scale as needed. It is a pay-for-use service.

Key features of EFS include:

Shared storage—you can simultaneously access files from up to 1000 EC2 instances across multiple regions and availability zones (AZs). You can also access files from offsite via AWS Direct Connect or virtual private network (VPN).
Scalable performance—IOPS and throughput scale with usage and number of attached instances, up to 500k IOPS and 10 GB/s throughput. Scaling is automatic, ensuring that performance matches size and that you aren’t paying for unnecessary resources.
Security and compliance—you can protect EFS with existing security infrastructures, including Identity and Access Management (IAM) and virtual private cloud (VPC) security groups. You can also define individual file permissions using POSIX. The service includes built-in compliance for common regulatory standards, including SOC, PCI DSS, and HIPAA.

Top 7 AWS EFS Performance Tuning Tips

EFS is designed to optimize performance capabilities for you. However, there are some additional steps you can take to ensure that you are really getting the best possible performance. Below are a few tips that can help.

Choose Your Performance Mode

EFS does not use instances. Instead, I/O limits are determined by the performance mode you choose to use. Your options are General Performance and Max I/O. General Performance provides high-scalability and low-latency while Max I/O can scale to higher throughput in exchange for higher-latency.

Regardless of which option you choose, storage volumes start at .5MB/s baseline throughput and include 7.2 minutes of 100MB/s burst credits. The only way to permanently increase your throughput is to increase your file system size.

While you can wait until the size increases naturally, you can also force this growth by writing dummy data to your system. This data can be used to force your limit to whatever you need and can be overwritten as you add live data. If you use this method, be sure not to include dummy data in backups to avoid paying for wasted resources.

Enable Asynchronous Write

Unless you have a pressing need for synchronously writing to your file system, you should enable the asynchronous write feature. This feature enables you to buffer pending write operations onto EC2 instances. This buffering helps you eliminate the need for a round trip between your client and EFS for each write operation. Shorter trips equal lower latency and faster operations.

Monitor With Metrics

You can and should monitor your EFS resources using AWS CloudWatch metrics. CloudWatch is a service that automatically collects metrics data for you. You can access this data from the AWS console, CLI, or via API.

Use metrics data to stay up-to-date on the performance of your system and to alert yourself to any drops in performance or bottlenecks. If you do see performance issues, you can use the metrics data that CloudWatch provides to identify the problem and correct it.

In particular, be sure to watch your burst credits metric. Burst credits are used to temporarily boost performance during times of high traffic. If you run out you will see a sudden, steep drop in performance.

Separate Operations by Latency

Depending on the workloads you are running, you may benefit from separating latency-sensitive operations from those that are not. Doing so provides you with separate throughput caps and burst credits for each volume created.

Separating your operations also enables you to set different performance modes if needed. While this often cannot provide the same performance as you would see from locally mounted files, it can provide more consistent performance.

Avoid App Code

EFS not designed to be used for managing codebases or deploying applications. It cannot provide the read volume or speed needed for these operations. Rather, it is designed for massively shared storage, containing exported data files, asynchronous logs, and media assets. If you need to run applications, particularly in production, you are better off sticking to containers or local file systems.

Select Proper Mount Options

Most users do not need to adjust the default mount options set by AWS. However, if you have benchmarks and tests showing that you can get better performance from changes, you can adjust as needed. If you do take this option, make sure that you mount your file system using the DNS name. This ensures that your data is mounted in the same AZ as your EC2 instances.

With EFS, you can use NFS version 4.0 or 4.1. NFSv4.1 typically provides higher performance so use this version whenever possible. Additionally, you can increase the size of your NFS client’s read/write buffer to further increase speeds.

Use Lifecycle Management Policies

Lifecycle management policies are designed to help you tier your storage to reduce costs. These policies enable you to automatically move files between Standard and Infrequent Access tiers based on file access.

To create lifecycle policies, you can use the EFS console. During policy creation, you can specify parameters for movement, including the number of access requests and time since last access. When policies are triggered, files are moved transparently to users and remain easily accessible from any location.

Conclusion

EFS is a useful file system, but like all AWS services, it needs configuration and fine-tuning for optimal results and cost-savings. The most obvious, but often missed, optimization opportunity is the performance mode configuration. You can actually choose your own mode, and ensure that you’re using the mode that serves your project best.

Hopefully, the tips in this article can help you refine EFS until you get the results you're interested in. Be sure to continue experimenting with optimization techniques. Maintenance is a long-lasting marathon that requires continuous monitoring and dynamic optimization.

Kubernetes as a Service: What Does it Actually Mean?

Eddiesegal — Sun, 15 Mar 2020 15:25:32 +0000

Kubernetes (K8S) is an open-source platform that orchestrates container deployments. K8S was developed by Google engineers to orchestrate containers on an enterprise scale. Kubernetes is currently the most popular container orchestration platform.

Kubernetes features include service discovery, automated rollbacks, secrets and configuration management, load balancing and more. This article reviews the importance of Kubernetes as a Service (KaaS), and popular companies that provide KaaS.

What Is Kubernetes As a Service (KaaS)?

KaaS is a service offered by third-party providers that take over responsibility for some or all of the work involved in a successful set-up and operation of Kubernetes. KaaS can refer to anything from hosting and operations to dedicated support.

Kubernetes provides many benefits like scalability, self-recovery, detached credential configuration, progressive application deployment, workload management, and batch execution. However, these features usually require manual configuration. KaaS solutions can handle configuration for you, or at least guide you through the decision-making process.

KaaS solutions provide the necessary tools to automate tasks like scaling, updates, monitoring and load-balancing. KaaS services that include Kubernetes hosting can also handle the configuration and maintenance of your infrastructure.

Kubernetes As a Service: Features and Benefits

A small error during the implementation of in-house Kubernetes can remain undetected until production time. The result is often delayed deliveries due to troubleshooting. Delayed deliveries undermine the main reason for Kubernetes adoption—fast deliveries.

Continuous Integration and Continuous Delivery (CI/CD)
Organizations have to set up CI/CD pipelines in addition to a working Kubernetes platform. As a result, IT teams need to set up, implement, and manage many different services at the same time. KaaS services can take charge of your Kubernetes management and maintenance. Managed services constantly monitor K8S clusters and display metrics on a dashboard to ensure the health of clusters.

Monitoring
In-house Kubernetes requires the entire team to constantly ensure the security and availability of the platform. The natural solution for this situation is monitoring. However, setting up a monitoring service can be more daunting than the initial configuration of the platform. This is a huge time drain, even before the team can resolve their issues. KaaS services can efficiently monitor all your clusters and provide a real-time view of the clusters’ health. They can also try to resolve issues automatically.

Troubleshooting
Developers need the Kubernetes platform to be highly available. Any error can delay the delivery of a product. KaaS solutions help deliver higher quality services with real-time alerts for issues requiring developers' attention. Managed services should also update Kubernetes versions across all environments and try to resolve issues automatically.

Kubernetes control plane
The control plane is a central component of the cluster that is responsible for communication with other worker nodes. The control plane consists of a master node that controls the cluster, along with data about the cluster’s state and configuration.

KaaS solutions should be responsible for the operation and management tasks of the control plane. Managed Kubernetes services should deploy a Kubernetes control panel quickly and enable developers to easily plug their different environments.

Top Kubernetes as a Service Platforms

There is an increasing number of platforms available depending on your needs. The below list reviews the most popular KaaS vendors.

Google Kubernetes Engine (GKE)
GKE is one of the most popular managed platforms since Kubernetes was created by Google engineers for in-house container orchestration. GKE is designed for use on Google Cloud, as well as on hybrid environments. GKE runs on the Container-Optimized OS operating system.

GKE features include automatic repair of stopped applications, master nodes management, IP range reservation, the ability to configure private container registries, and integrated logging and monitoring via Stackdriver. GKE also offers high availability, auto-scaling, and automatic updates.

The GKE platform enables you to create private image repositories via an integrated image builder, transfer microservices with minimal configuration changes, and manage access rights and authentication through an integrated console.

AWS Elastic Container Service for Kubernetes (Amazon EKS)
Amazon EKS is a Kubernetes specific expansion of Elastic Container Service (ECS). EKS is built to run containers on EC2 instances across multiple AWS availability zones.

EKS includes automatic updating, built-in security and encryption, and integration with CloudTrail for auditing, CloudWatch for logging, and AWS Identity and Access Management (IAM) for access permissions. The service is highly-available, you just need to provision worker nodes and connect them to EKS endpoints. The drawback of EKS is that it currently cannot support hybrid cloud configurations.

Platform9
Platform9 is an enterprise-grade Kubernetes as a service provider. Platform9 can work on any public cloud platform, on VMware, and on-premises. The solution enables you to focus on developing applications, instead of wasting time on infrastructure upgrades, monitoring, and management.

Platform9 offers high-availability across multiple availability zones so you can operate without any downtime. Platform9 enables you to manage multiple clusters and their services with an easy to use dashboard.

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS) is a fully managed solution for running containers on the Azure cloud platform. You can provision a cluster on Azure using a command line, web console, Terraform or Azure resource manager. You can also leverage the Azure traffic manager to route application requests to the nearest data centers for a quick response.

OpenShift
OpenShift is an open-source platform that can run on any public cloud. OpeShift offers both lightweight and enterprise versions. You can run OpenShift entirely in the cloud with pre-designed container templates. You can host OpenShift on a public cloud as a managed private cluster, or as a private Platform as a Service (PaaS) in private clouds or data centers.

OpenShift includes a software-defined network with an image library of prepackaged applications, domain routing, built-in security, and built-in monitoring with Grafana and Prometheus. You can manage OpenShift through a CLI tool or a unified console and also connect it to different Integrated Development Environments (IDEs).

Conclusion

Kubernetes provides many benefits, including batch processing, workload management, self-healing, scalability, and progressive application deployment. However, small companies or companies with insufficient technical expertise can have some difficulties when adopting Kubernetes. KaaS solutions can help you leverage Kubernetes benefits regardless of your expertise level or company size.

Amplify AWS: Serverless Backends Using Angular, React, or Vue

Eddiesegal — Fri, 06 Dec 2019 06:58:31 +0000

Serverless functions and architectures are becoming increasingly popular. Some of the largest organizations around, including Netflix and Reuters, have already implemented serverless. Every major cloud provider has functionality for them, from AWS to Oracle.

As serverless grows in popularity, tools for helping you create apps using these functions are increasingly available. AWS Amplify is one such tool. This article provides an overview of what Amplify is, as well as a brief tutorial on how to deploy a serverless function using React and Amplify.

What Is Amplify?

Amplify is a free framework for building scalable mobile and web apps using a serverless backend. A serverless backend is an infrastructure used to host serverless applications. Serverless applications are apps based on event driven functions that use client-side logic with external services. These applications use API calls to invoke functions from client applications, other functions, or cloud services.

Amplify includes a library of functions and utilities, a toolchain, ready to use UI components, and a Command Line Interface (CLI). It is designed to allow developers to focus on front-end rather than back-end development. This framework is most useful if you want to create simple applications with few dependencies. It is provided as an alternative to AWS Serverless Framework and Serverless Application Model (SAM).

The Amplify framework includes features for:

Real-time data retrieval and storage — via AWS AppSync and a REST or GraphQL API. APIs query databases stored in EBS volumes.
Authentication — via Amazon Cognito. Enables users to sign up/in to app with name, email, and phone number.
Real-time analytics — includes session data, in-app metrics, and authentication data.
Chatbots — via Amazon Lex chatbot. Only available with Vue.
AR and VR — incorporates Amazon Sumerian scenes for 3D user experience.

Amplify supports use of React/React Native, Angular, Ionic, and Vue.

Create and Deploy a Serverless Function in React Using Amplify

This tutorial will show you how to create a serverless function that calls to another API. You can invoke a function like this from an HTTP endpoint, from the AWS SDK, or from a cloud service event. In this tutorial the function is invoked by HTTP. This tutorial is abbreviated from a more in-depth tutorial by Nadir Dabit.

Create a Client Application
You’ll use this application to make requests to your serverless application. You can use Create React App to quickly create a single-page application for this purpose.

Install and Configure the Amplify CLI
To get started, you need to install and configure the Amplify CLI.

npm install -g @aws-amplify/cli
amplify configure

Initialize a New Project
Next, you need to connect your app at an AWS backend. This step needs to be performed at the beginning of each project.

amplify init

Create your Lambda Function
You need to create your function and provision resources for its use.

amplify add api

? Please select from one of the below mentioned services REST
? Provide a friendly name for your resource to be used as a label for this category in the project shibaapi
? Provide a path (e.g., /items) /pictures
? Choose a Lambda source ❯ Create a new Lambda function
? Provide a friendly name for your resource to be used as a label for this category in the project: shibafunction
? Provide the AWS Lambda function name: shibafunction
? Choose the function template that you want to use: Serverless express function
? Do you want to edit the local lambda function now? n
? Restrict API access n
? Do you want to add another path? n

Create your Resources
This step deploys your function but won’t yet call the Shiba API. You first need to modify your function to call the API.

amplify push

Verify Requests are Forwarded Correctly
You can do this by either directly working with the function or with the serverless express framework. You can see the base code for your function by accessing: “amplify/backend/function/shibafunction/src/index.js”.

To use serverless express, use the following code:

// amplify/backend/function/shibafunction/src/index.js

const awsServerlessExpress = require('aws-serverless-express');
const app = require('./app');

const server = awsServerlessExpress.createServer(app);

exports.handler = (event, context) => {
console.log(EVENT: ${JSON.stringify(event)});
awsServerlessExpress.proxy(server, event, context);
);

Customize the Function

First, you need to install axios so you can make HTTP requests. Axios is a promise based HTTP client, meaning it allows you to make and account for asynchronous requests.

//amplify/backend/function/shibafunction/src

yarn add axios

# or

npm install axios

Next, you need to update the function to call the API.

Finally, you need to update the backend with amplify push. You need to perform this step after making any changes to the function.

Invoke the Endpoint in Your Client App
You need to call the function in your client app once the function is ready. Once you’re done, be sure to test your code.

Conclusion

Serverless functions might not replace traditional applications. However, these functions are incredibly useful for creating simple applications. The relative ease and speed with which serverless applications can be created and deployed is a huge draw for many developers and organizations.

Hopefully, after reading this article you feel better prepared to create serverless applications of your own. If you’re not already an AWS cloud subscriber, you can still try this tutorial out using their free tiers.

7 Open-Source Tools for Securing Your Code

Eddiesegal — Fri, 15 Nov 2019 08:20:15 +0000

In the last few years, some of the largest data breaches have been due to vulnerabilities in source code. From the Equifax breach to the notorious Facebook’s breach that exposed the private data of almost 87 million users. These breaches may have been prevented or at least minimized had the code in their applications been secured from the start.

In this article, you’ll learn what secure coding is. You’ll also be introduced to some tools that can help you secure your own code as well as that of your applications.

What Is Secure Coding?

Secure coding is the process of developing code in a way that ensures security and eliminates vulnerabilities. It requires language-specific knowledge of exploitable issues. It also requires an understanding of vulnerabilities associated with host environments and integrations.

Secure code is the first line of defense against attacks. While you might not be able to control all of the variables that can lead to vulnerabilities in your environments or integrations, you do have control over your source code. The fewer vulnerabilities you include, the more secure you and your users are.

As teams adopt DevSecOps methodologies, the use of secure coding practices is becoming a requirement for many developers. Eliminating vulnerabilities in code during development is cheaper and often easier than patching issues in production.

7 Open-Source Tools for Secure Coding

There are a wide variety of open-source tools available to help you develop and ensure secure coding practices. The tools below can be used in a variety of environments and languages. However, there are language-specific tools you can use that might be able to give you more specific recommendations for your applications.

Juice Shop
Juice Shop is a training tool created by the Open Web Application Security Project (OWASP). It is an intentionally vulnerable web application that includes examples of common vulnerabilities.
Code Warrior
Code Warrior is a tool you can use to perform manual code review and static analysis. You can use it with Linux, BSD, and MacOS. Code Warrior works through your web browser on your localhost using HTTP with TLS.
Code Warrior supports multiple languages, including C, C#, Java, PHP, Ruby, and JavaScript. It includes built-in rules to cover known secure coding standards. You can also create custom rules.
Arachni
Arachni is a fully automated Dynamic Application Security Testing (DAST) tool that you can use to scan websites and applications. It works using asynchronous HTTP requests and you can use it on all major operating systems.
Arachni is commercially supported but free for most use cases. Arachni includes features for detecting cross-site scripting, code injections, file inclusions, and data scraping. It also includes an integrated browser environment and a REST API. You can extend its functionality through a variety of plug-ins and modules.
Wapiti
Wapiti is a DAST tool you can use to scan your web applications. You use it through a command-line interface. It works by attempting to inject payloads into forms and scripts. It supports GET and POST methods of attack.
Wapiti includes features for fuzzing, performing brute force attacks, detecting file disclosures, and using a variety of authentication methods. Fuzzing is when you provide various types of invalid, unexpected, or random inputs to check how an application responds.
Dependency Track
Dependency Track is a tool that enables you to keep track of third-party components in your applications. It works for applications you’ve developed as well as those you’re using. You can use it on-premise or as a web application. It is integrated with vulnerability databases, such as the National Vulnerability Database (NVD), Sonatype OSS Index, and VulnDB. Dependency Track includes features for centralized tracking, integration with Active Directory and LDAP, and notifications via webhooks. It can also provide impact analyses of vulnerabilities and out of data components.
Metasploit Framework
Metasploit is a penetration testing framework that enables you to automate attack testing. Using Metasploit, you can attempt specific exploitation of issues with built-in or custom payloads. You use it via a command-line interface. It works on both Windows and Linux.

Metasploit includes modules that function as encoders, shellcode, post-exploitation code, and listeners. It comes already integrated with Kali, a popular pentesting Linux distribution.
SonarQube
SonarQube is a tool you can use to expose vulnerabilities in code and measure your source code quality. It ranks vulnerabilities according to severity. You use it via an interactive GUI that is beginner-friendly. It is written in Java but can be used with over 20 common languages.
SonarQube includes features for analyzing pull requests, code branch tracking, and project timeline visualization. You can integrate it with continuous integration tools like Jenkins.

Conclusion

In the past, developers were not necessarily responsible for ensuring that their code was secure from the start. Security was the responsibility of security teams. This is often no longer the case and security is now a shared responsibility.

If you’re not used to standards of secure coding, it can seem overwhelming at first. Luckily, there is an abundance of tools and resources available to help you learn and practice secure coding standards. With a little patience and dedication, secure coding should become second nature. Hopefully, the tools covered here can help get you started.

Deception Technology for Endpoint Security

Eddiesegal — Fri, 13 Sep 2019 14:43:47 +0000

Deception Technology (DT) deflects the attention of threat actors from real assets to fake assets, thus protecting network, systems, and files. Read on to learn what deception technology is and how you can apply it for endpoint security.

What Is Deception Technology?

Deception technology is comprised of a set of security tools and techniques designed to prevent threat actors from breaching the security parameter. This technology works by using decoys to deflect the attackers’ attention and delay or prevent them from reaching their target.

The decoys look like genuine digital assets and can be deployed in real or emulated systems. They decoys serve as bait, attracting and tricking the attackers into thinking they breached a real asset.

Deception technology complements cybersecurity solutions, such as security information and event management (SIEM) systems. Deception technology can integrate log data from the organization’s SIEM system, and provide you with threat alerts. Some advanced deception systems can communicate with the attacker’s command and control (C&C) to gather more information about the attacker’s methods and the tools he is using.

Deception technology can help you protect your assets from the following attacks:

Credential theft—when an attacker tries to lift username and passwords from Online Analytics Processing (OLAP) directories.
Lateral movement—when an attacker tries to access other parts of the network that were off-limits until then.
Attacks on directory systems—can be user directories or file directories.
Man-in-the-middle—an attacker intercepts and modifies communications between two parties without their knowledge.

How Deception Technology Works

During the early days of deception, deploying decoys required a lot of manual work. It wasn’t practical for large and distributed environments. Nowadays, deception technology is an integral part of endpoint protection solutions, threat detection, and incident response platforms.

Deception technology can help security teams detect and identify attackers as soon as a breach has occurred. This significantly reduces the time an attacker can lurk undetected in your network.

Deception technology offers a different way to deal with stealth attacks, deviating them from the target. The attacker has fewer opportunities to perform lateral movements, mapping the entire infrastructure and producing further damage.

Challenges of Endpoint Security

Cybersecurity teams can easily overlook attacks as they become more sophisticated. For example, if an attacker entered a network by stealing user credentials, it can remain undetected. The rise in IoT devices means that practically any gadget can be connected. Here are two specific IoT devices that are especially vulnerable to attacks:

Industry devices - such as sensors or real-time location devices for shipment tracking, including those used in manufacturing. Most manufacturing companies get the technical support Supervisory Control and Data Acquisition (SCADA) infrastructure through a third-party, increasing the risk of attacks. An effective solution for manufacturing networks requires being easy to install and maintain while avoiding affecting operations.
General IoT devices - such as those used in healthcare or smart air conditioning and security systems. Attackers can steal Personal Identifiable Information (PII) data, or deploy ransomware in medical systems, thus risking the lives of thousands of people.

Application of Deception Technology for Endpoint Security

Attackers usually enter a network through the endpoints. While deception technology cannot stop an attacker to enter, it helps minimize the damage they cause. This makes deception technology a good supporting technology for an endpoint security platform.

One of the main risks an organization faces is that of an infiltrator navigating and conducting reconnaissance inside their network unnoticed. According to a report by Ponemon Institute, dwell time could last on average 191 days before getting detected.

Using deception technology produces a way to get the attackers to disclose their location. The security team deploys fake assets that mimic real assets. The decoys lure the attacker into thinking they are attacking the real thing. These fake assets trigger an alert when attacked, while at the same time giving up the attacker’s location.

Deception Technology Features for Endpoint Security

Deception technology helps distract the attackers away from valuable assets. You can reduce an attacker's dwelling time by including the time for detection and remediation. Deception technology can help you Improve incident response by generating accurate and prioritized alerts, thus eliminating alert fatigue.

Some deception technology solutions provide deep forensic and adversary intelligence. You can use this type of intelligence to learn about the tactics, techniques, and procedures (TTPs) of attackers. You can also supplement security by deploying decoys around critical assets in the event of an attack.

Wrap Up

Deception technology provides an alternative way to address the problem of an attacker dwelling in the network. While it does not prevent attacks from taking place, it buys time for security teams to respond. At the end of the day, deception technology effectively turns the tables on attackers shifting the power into the security system

Features of Azure Backup You Should Know About

Eddiesegal — Thu, 29 Aug 2019 11:21:59 +0000

Image by Comfreak from Pixabay

If you live in the 21st century, you know that you need to back up your work. Still, there are still many companies that do not have an adequate disaster recovery strategy in place. The effects of a severe data loss on a business are enormous, and most small and medium businesses that suffer a significant data loss will end up closing down.

It all starts with poor backup practices. The most effective backup system involves using a cloud, this means backing up your data with a third party. While this reduces some of your control over your data, the benefits far outweigh the shortfalls.

Backing up your data to a cloud is cost-effective, secure, and scalable. Azure Backup is one of the most popular backup solutions on the market. In this article, we will explore five features that you should probably know about Azure Backup so that you can take full advantage of their backup solution.

Features of Azure Backup You Should Explore

Complementary solutions

When it comes to disaster recovery, you want to make sure all your bases are covered. Azure backup provides you with two complementary backup solutions: Azure Backup and Azure Site Recovery. Their backup scopes are slightly different, providing a combination of complementary backup systems.

Azure Backup backs up your data from your VM as well as from your on-premise servers. This backup system is best for backing up detailed data, rather than your entire machine. For example, if you want to backup transaction data for compliance reasons, then Azure Backup would be the right tool.

Azure Site Recovery, on the other hand, is also used to backup VM and on-premise servers, but basically copies the whole machine to another location. Should a disaster occur, you can failover to the secondary machine then failback to the original once it becomes operational again.

Restore your entire machine or individual files

Azure Backup does not force you to restore the entire machine, you can choose to restore simply an individual file if you prefer. This provides you with substantial flexibility and can seriously reduce the backup time, as it is not always necessary to back up the entire machine.

Redundancy options

Azure Backup provides you with four different ways of backing up your data, depending on your needs and budget.

Locally-redundant storage (LRS) is the cheapest way to backup your data. In this storage system, your data is replicated three times but stored in the primary region. This means that should a natural disaster (like flood or fire) strike the data center, you have a higher risk of all the replicas of your data.

Zone-redundant storage (ZRS) is a good option for backing up data that requires high availability. This solution includes three replicas of your data being stored in the primary region, but in different storage clusters. Each cluster is in a different availability zone and is physically separate from the other clusters.

Geo-redundant storage (GRS) is more expensive than the other options, but also provides the most redundancy. With GRS your data is replicated locally to the primary region like with LRS. A second copy is also made to a secondary region, which is physically distant from the first data center. This is the safest option as it protects against any regional natural disasters. It is also the default setting for Azure Backups.

Security

Your data is one of your most valuable assets, and in today’s world, security is one of the top concerns. Azure Backup provides security at different levels. For the transmission and storage of data, Azure Backup uses encryption. Only you have the encryption passphrase (Azure does not have access to it), making sure that even in the extremely unlikely event that Azure is breached, your data would still be secure.

Azure requires authentication to make high-risk changes, preventing users without the required permissions from making changes related to backup. Azure will also notify you any time and an unusual change is made that could affect backups. Moreover, should the previous two safeguards be insufficient, any data that is deleted is stored by Azure for 14 days.

Multiple ways to backup

Azure Backup offers multiple ways of backing up your workloads so that you can do it in the most convenient way. The first way is through the Azure portal. You can easily access it from your browser and gives you a consolidated view of all your Azure services.

If you are technical savvy, you can also access Azure through a shell, such as PowerShell AZ. If you are directing Backup through the shells, you can use API calls and scripts to manage and schedule your backups, giving you greater control and freedom.

Conclusion

In today’s fast-paced, digitized environment, most of our work involves some type of data. Having a solid disaster recovery plan for this data can make the difference between businesses who fail and those who thrive. One data-loss disaster, such as a crashed server, can bring a company to its feet.

Backing up your work to a public cloud is one of the best ways to protect yourself from possible data loss, without having to break the bank or compromise on security. Azure Backup offers a secure and user-friendly backup solution. To take full advantage of Azure Backup, be sure to explore the features listed above.

Amazon Infrastructure Services: Build Your Budget for the Cloud

Eddiesegal — Wed, 31 Jul 2019 20:43:15 +0000

Image source: ctrl.blog

Amazon Web Services is one of the most established cloud providers around. AWS offers a variety of services that leverage its extensive network of virtualized servers. This brief guide covers the pricing options for the various AWS architectures available.

CloudFront Pricing

For regional data transfer out to Internet—starting at $0.085 per GB for the first 10 TB/month, down to $0.02 per GB for over 5 PB / month
For regional data transfer out to origin—$0.02 per GB flat
For HTTP requests—$0.0075 per 10,000 requests ### CloudWatch Pricing
For Amazon CloudWatch Dashboards, per dashboard per month—$3.00
For detailed monitoring of Amazon EC2 instances, per instance per month—starting at $2.10, down to $0.14 at 1-minute frequency
For custom metrics, per metric per month—$0.30 for first 10,000 metrics, down to $0.02 for over 1,000,000 metrics
For alarms, per alarm per month—$0.10, $0.20 extra for high-resolution alarms
For API Requests—$0.01 per 1,000 metrics requested or 1,000 API requests
For Amazon CloudWatch Logs—$0.50 per GB ingested, $0.03 per GB archived per month
For Vended Logs, per GB—starting from $0.50 for the first 10TB of vended log data ingested, down to $0.05 for over 50TB
For events, per million custom events generated—$1.00 ### Amazon Elastic Load Balancing (ELB) Pricing
For app load balancer—$0.0225 per Application Load Balancer-hour (or partial hour), $0.008 per LCU-hour (or partial hour)
For network load balancer—$0.0225 per Network Load Balancer-hour (or partial hour) $0.006 per LCU-hour (or partial hour)
For classic load balancer—$0.0225 per Network Load Balancer-hour (or partial hour) $0.006 per LCU-hour (or partial hour) ### Amazon Elastic Container Service (ECS) Pricing Amazon’s Elastic Container Service can be run via Amazon EC2 or Amazon Fargate. For EC2 tasks, you can use either bind mount host volumes or Docker-managed volumes, which integrate well with external AWS storage systems like EBS. I’ll use Fargate deployment as an example of ECS pricing.

AWS Fargate pricing is calculated based on the vCPU and memory resources, from the time you start to download your container image (docker pull) until your collection of containers (called a Task) terminates, with a minimum charge of 1 minute.

Pricing is based on requested vCPU and memory resources for the Task, both calculated independently and billed by the second:

For vCPU, per hour—$0.0506
For GB of memory, per hour—$0.0127 per hour ### Amazon Lambda Pricing Amazon’s serverless computing service counts a request each time it starts executing in response to an event notification or invoke call. You are charged for the total number of requests across all Lambda functions.

Duration is calculated from the time your code begins executing until it returns or otherwise terminates. The price depends on the amount of memory you allocate to your function:

For Requests—first 1 million requests free, thereafter $0.20 per 1 million requests
Duration—400,000 GB-seconds per month free, thereafter $0.00001667 per GB-second

Conclusion

In this post I covered the pricing scheme of Amazon’s infrastructure services:

Amazon CloudFront
Amazon CloudWatch
Amazon ELB
Amazon ECS
Amazon Lambda

This should help you choose the appropriate architecture for your needs and budget. However, the figures presented here are an estimate, and may differ based on your location, or change with time. To fully understand the long-term costs of using AWS infrastructure, you’ll have to trial it yourself.

Video Transcoding: Creating Content For the Future

Eddiesegal — Tue, 16 Jul 2019 20:42:12 +0000

Image Source: Pixabay

As our world becomes increasingly connected, we are consuming more and more media online. From YouTube to Netflix, streaming is all the rage. As this industry has boomed, quality is the most important factor for consumers.

According to a study conducted by IBM Cloud Video, when it comes to online streaming, buffering is the primary concern. While there is a large quantity of streamable content, the quality does not always meet consumer expectations. Video transcoding is the best way to deal with this issue.

What Is Video Transcoding?

Video transcoding is the conversion of video files from one format to another format, making it accessible to many different devices. In a perfect world, after making your video, you would upload the original file to the internet for the world to see. In reality, if you were to upload your original video, most viewers would not see much beyond the buffering reel.

Between visual data and audio data, video files contain a ton of information and watching them takes up substantial memory and bandwidth. For people to be able to see your video, a compressed version needs to be created.

Even compressing your video may not make it accessible to every device and platform. Someone watching your video from their office computer connected to the internet via cable will be able to process media that is heavier than his friend watching the same video from his smartphone connected to public wifi.

Transcoding is essential because it not only compresses the video, but it creates different versions so that it can be viewed on any screen.

Why Is Transcoding So Important?

If you want your video to be widely accessible to users, video transcoding is key. The main reasons to transcode your video are:

File size—video transcoding is used to reduce the file size when a video is too heavy for the target device.
Formatting compatibility—when the target device does not support the format of the video, transcoding is used to convert it to a compatible format.
Old file types—if the video file type is very old or obsolete, video transcoding is used to convert it to a modern format.

We are consuming more and more online content, much of it in the form of video streaming. There is, therefore, a clear need to deliver this content in a way that is flexible to different devices and with an adaptive bitrate. Moreover, many video streaming platforms only accept videos in certain formats. Making transcoding a necessity or anyone involved in media streaming.

How Video Transcoding Works

Video transcoding has two steps. First, the video is decoded to an uncompressed format. Second, the video is re-compressed to a new format, compatible with the target device.

When we talk about video transcoding we are talking about file codecs, containers, and file types. To encode the video files we use codecs. These are hardware devices or software programs that code and decode video files.

The codec creates an encoded version of the video, this is then decoded by the player on which the video is watched. Some of the most common codecs are MPEG, H.264, and VP9. Desired size, quality and delivery method all factor into the choice of codec.

A video file is composed of visual images, audio, and metadata. Once the different components of the video recompressed by the codec, they are held inside the container.
The container specifies the video and audio that will be played and provides rules for the playback device to decode the video.

Some common containers are MPEG4, Quicktime File Format, and Audio Video Interleave. The container (also referred to as file format) can be identified by the file type, for example, the MPEG4 container is represented by .mp4. The file type defines on which platform the video file can be streamed.

When Should You Use Video Transcoding?

Anytime you want your video to reach a wide online audience, you need to use video transcoding. Transcoding creates multiple compressed versions of the original file. Each version is optimized for a different viewing platform and internet speed, making it universally accessible to viewers.

Moreover, many video sharing platforms require your video to be transcoded. For example, if you want to upload a video on YouTube, your video needs to be transcoded into one of the formats accepted by YouTube.

Generally, most of these platforms support more than one format. However, you will still need to convert your original video from your camera, for example, to one of the supported formats using transcoding.

Make Your Video Accessible to Everyone

If you use online streaming, you need to be aware of video transcoding. In a world that is demanding an increasingly customized streaming experience, consumers will not compromise on loading speed and video quality.

It is therefore crucial to create videos that can adapt to the viewing needs of the consumer. This means delivering content that can be played on any device, such as a computer, tablet or smartphone. In addition, it is imperative to be able to distribute content based on the device’s bitrate capacity.

Video transcoding is a crucial component of the video production process that will optimize your video file to fit the needs of your consumer.

5 Facts about Amazon EBS That Will Save You Time and Money

Eddiesegal — Thu, 04 Jul 2019 21:07:06 +0000

PxHere

Are you thinking of using Amazon EBS? The easy scalability and the option to pay per usage make it an attractive service, but there are some things to consider if you want to avoid any surprises in your AWS bill. In this article, we offer five tips to help you effectively cut your Amazon EBS usage costs.

What Is Amazon EBS?

Amazon Elastic Block Store (EBS) is a service offered to Amazon Web Services (AWS) users. This service provides block storage volumes, which can be used in combination with Amazon Elastic Compute Cloud (EC2) and in the AWS cloud.

The Amazon EC2 provides resizable cloud-based compute capacity, which can facilitate web-scale cloud computing. EBS provides storage for EC2 instances through block level storage volumes.
EBS volumes are versatile and can be used as a primary storage device for a database or attached as a root partition to an EC2 instance. Using a system of snapshots, the volume can serve as a backup, remaining after the EC2 instance is deleted. It's key features are:

It’s a plug-and-play system
It allows for automatic replication of each volume
Low latency performance
Easy scalability

How Much It Costs

Amazon EBS storage works as a pay-per-use service. Companies pay according to how many gigabytes per month of storage they need. This is different from EC2 instances, which only generate charges while running, EBS volumes generate charges as long as they are attached to instances. This happens even when the instance has stopped, but not when it’s deleted.

Therefore, there is a risk of EBS volumes generating charges in the background, while unnoticed because their attached instances are not running. This can amount to hefty sums accrued in the AWS bill.

How can you reduce your costs while maximizing the EBS features? Below we explain five tricks to reduce EBS costs.

5 Tips to Reduce EBS Costs

1. Adjust the Volume to Your Performance Requirements

If you buy more storage than you need, you will end up paying more for unused storage. Therefore, it is crucial to select the right size of EBS Volumes. The blocks should be adjusted considering factors such as capacity, traffic (IOPS, Input/Output operations per second), and the application throughput. You should monitor the read-write access volume of the blocks, provisioned periodically to detect unused blocks. If the volume of requests/responses is low, you should downsize the EBS blocks and reduce costs.

EBS volumes come in three sizes━General Purpose (SSD), Provisioned IOPS (SSD), and Magnetic. A good tip is to attach EC2 to General Purpose SSD volumes and reserve Provisioned IOPS for applications that are mission critical and need a high throughput per volume.

2. Delete Unattached Volumes

The volume persists even after the EC2 instance has stopped, and is generating charges as long as the EBS is attached to the EC2 instance. This persistence is good to retain the data, but you can end up paying for unused storage.

A simple way to cut costs is to delete unattached EBS volumes. While they are marked as “available”, they can’t take any traffic, so you cannot use them. You should delete an orphaned volume only after checking you don’t need the data in it. A good option is to take a snapshot of the EBS volume and then eliminate it.

You can use AWS snapshots for disaster recovery. They are a great tool to compress the data, and they are cheaper as they are hosted in Amazon S3, which has lower rates. This allows you to store cold data, which you don’t need to access frequently, but with wich you can restore the EBS volume if needed.

3. Identify Idle Volumes

Having eliminated unattached volumes, you need to look out for volumes that are still attached but aren’t doing anything, and which generate unnecessary charges. To discover these idle volumes, a good tip is to look at the volume throughput and IOPS. If this volume has not had any traffic or disc operations in a while, the volume is not in use and can be eliminated.

4. Tag Everything

Tags are useful tools that allow you to locate the high-cost areas in your database.
By applying tags to EBS volumes, you can search, manage and filter resources using metadata.

Moreover, you can use tags to organize and edit resources, forming groups within the AWS console.

5. Manage Snapshots

AWS snapshots are copies of the data present in an EBS volume. Since Snapshots are cheaper than active EBS volumes, they are an easy way to backup unattached volumes before terminating them.

However, snapshots get outdated from time to time. A good rule of thumb is to set a period of time after which the snapshots are no longer relevant. Afterward, you can set up the system to delete older snapshots periodically while deciding how many snapshots you are going to retain per volume.

The Bottom Line

While managing the costs of your AWS platform can seem tricky at first, it all boils down to monitoring your usage periodically. The key is to identify unused space and reorganize it. Equipped with these tips, you can minimize costs and optimize your platform performance.