Plerion

Full write-up: aws.amazon.com/blogs/security… For more AWS security tips try Pleri, our AI cloud security teammate. plerion.com/pleri-ai

Managing network access in AWS used to mean babysitting endless lists of VPC IDs. Painful. Easy to screw up. Now AWS has 3 new condition keys that scale: 🔑 aws:VpceAccount → restrict to accounts 🔑 aws:VpceOrgPaths → restrict to OUs 🔑 aws:VpceOrgID → restrict to your org

Want a great security tool for AWS that also does the basics in GCP and Azure? Check out Plerion. plerion.com/?utm_source=so…

Diversity is the enemy of security! No, I’m not sledging DEI. I’m saying that doing things in a million different ways - in the name of speed, innovation, or employee satisfaction - has a hidden cost. A cost most people don’t notice, because they aren’t the ones who feel it.

Meet Pleri, the newest member of your security team. Created by @PlerionHQ & powered by #AWS services, the #AI teammate acts like a seasoned security engineer, proactively protecting systems at scale. Ready to build your own? Plerion explains how: go.aws/46zxkqu

If you're struggling with vulnerability management in the cloud, I'd recommend having a look at Plerion's cloud security platform. We find and prioritize vulnerabilities in cloud containers, images, and code. plerion.com/use-cases/find…

So if you've already got a vulnerability SLA in place, or are thinking of implementing one, build systems to do these 4 things: 1. Attribution 2. Notification 3. Escalation 4. Accountability It's still going to be hard, but at least you'll have a chance.

Vulnerability fix SLAs are common but having systems to support them is not. That's why they fail! A vulnerability fix SLA is great because it sets the standard and expectations for everyone on how quickly each type of security issues needs to be fix.

Every security capability needs a coverage metric. If you don't pair security goals with coverage goals, you're just pretending to do security.

Need help with cloud security? Get a free assessment from Plerion. plerion.com/company/contac…

Just dropped a 🔥 conversation with a non-technical CISO. I learned so much from this guy! You don't have to be technical to be a CISO but if you make silly metrics your goal, you'll get silly results. Tag your favourite CISO.

My favourite part about hacking AWS and blogging about it is the good folks at AWS valiantly trying to change my clickbait titles. I just think "How to get rekt using AWS Neptune" is way more interesting than "Best practices for using AWS Neptune". plerion.com/blog/how-to-ge…

Bad prioritization kills security teams. So I did some experiments to see if AI could help. If you think about it, prioritization is just sorting. So why not use sorting algorithms to prioritize? The LLM can be the comparison function. plerion.com/blog/automatic…

I wrote some code and a guide to figure out who has access to your AWS production, through transitive trusts. It's always scary to figure this out but well worth it. plerion.com/blog/root-in-p…

So, when you finally realize it’s your job to ask “Do you own that?” — don’t be sad. Instead, find ways to systematically identify these assets and keep their metadata up to date, so you can automate this in the future.

And you won’t be able to fix it — whether it’s an S3 bucket or an RDS database — unless you know who owns it. Typically, only they understand how to solve the problem without breaking the business.

No one will tell you this, but one of the dumbest — and most valuable — things you’ll do as a cloud security engineer is ask people, “Do you own this?”