Improve your Amazon OpenSearch Service performance with OpenSearch Optimized Instances

Post Syndicated from Jatinder Singh original https://aws.amazon.com/blogs/big-data/improve-your-amazon-opensearch-service-performance-with-opensearch-optimized-instances/

Amazon OpenSearch Service introduced the OpenSearch Optimized Instances (OR1), deliver price-performance improvement over existing instances. The newly introduced OR1 instances are ideally tailored for heavy indexing use cases like log analytics and observability workloads.

OR1 instances use a local and a remote store. The local storage utilizes either Amazon Elastic Block Store (Amazon EBS) of type gp3 or io1 volumes, and the remote storage uses Amazon Simple Storage Service (Amazon S3). For more details about OR1 instances, refer to Amazon OpenSearch Service Under the Hood: OpenSearch Optimized Instances (OR1).

In this post, we conduct experiments using OpenSearch Benchmark to demonstrate how the OR1 instance family improves indexing throughput and overall domain performance.

Getting started with OpenSearch Benchmark

OpenSearch Benchmark, a tool provided by the OpenSearch Project, comprehensively gathers performance metrics from OpenSearch clusters, including indexing throughput and search latency. Whether you’re tracking overall cluster performance, informing upgrade decisions, or assessing the impact of workflow changes, this utility proves invaluable.

In this post, we compare the performance of two clusters: one powered by memory-optimized instances and the other by OR1 instances. The dataset comprises HTTP server logs from the 1998 World Cup website. With the OpenSearch Benchmark tool, we conduct experiments to assess various performance metrics, such as indexing throughput, search latency, and overall cluster efficiency. Our aim is to determine the most suitable configuration for our specific workload requirements.

You can install OpenSearch Benchmark directly on a host running Linux or macOS, or you can run OpenSearch Benchmark in a Docker container on any compatible host.

OpenSearch Benchmark includes a set of workloads that you can use to benchmark your cluster performance. Workloads contain descriptions of one or more benchmarking scenarios that use a specific document corpus to perform a benchmark against your cluster. The document corpus contains indexes, data files, and operations invoked when the workflow runs.

When assessing your cluster’s performance, it is recommended to use a workload similar to your cluster’s use cases, which can save you time and effort. Consider the following criteria to determine the best workload for benchmarking your cluster:

  • Use case – Selecting a workload that mirrors your cluster’s real-world use case is essential for accurate benchmarking. By simulating heavy search or indexing tasks typical for your cluster, you can pinpoint performance issues and optimize settings effectively. This approach makes sure benchmarking results closely match actual performance expectations, leading to more reliable optimization decisions tailored to your specific workload needs.
  • Data – Use a data structure similar to that of your production workloads. OpenSearch Benchmark provides examples of documents within each workload to understand the mapping and compare with your own data mapping and structure. Every benchmark workload is composed of the following directories and files for you to compare data types and index mappings.
  • Query types – Understanding your query pattern is crucial for detecting the most frequent search query types within your cluster. Employing a similar query pattern for your benchmarking experiments is essential.

Solution overview

The following diagram explains how OpenSearch Benchmark connects to your OpenSearch domain to run workload benchmarks.Scope of solution

The workflow comprises the following steps:

  1. The first step involves running OpenSearch Benchmark using a specific workload from the workloads repository. The invoke operation collects data about the performance of your OpenSearch cluster according to the selected workload.
  2. OpenSearch Benchmark ingests the workload dataset into your OpenSearch Service domain.
  3. OpenSearch Benchmark runs a set of predefined test procedures to capture OpenSearch Service performance metrics.
  4. When the workload is complete, OpenSearch Benchmark outputs all related metrics to measure the workload performance. Metric records are by default stored in memory, or you can set up an OpenSearch Service domain to store the generated metrics and compare multiple workload executions.

In this post, we used the http_logs workload to conduct performance benchmarking. The dataset comprises 247 million documents designed for ingestion and offers a set of sample queries for benchmarking. Follow the steps outlined in the OpenSearch Benchmark User Guide to deploy OpenSearch Benchmark and run the http_logs workload.

Prerequisites

You should have the following prerequisites:

In this post, we deployed OpenSearch Benchmark in an AWS Cloud9 host using an Amazon Linux 2 instance type m6i.2xlarge with a capacity of 8 vCPUs, 32 GiB memory, and 512 TiB storage.

Performance analysis using the OR1 instance type in OpenSearch Service

In this post, we conducted a performance comparison between two different configurations of OpenSearch Service:

  • Configuration 1 – Cluster manager nodes and three data nodes of memory-optimized r6g.large instances
  • Configuration 2 – Cluster manager nodes and three data nodes of or1.larges instances

In both configurations, we use the same number and type of cluster manager nodes: three c6g.xlarge.

You can set up different configurations with the supported instance types in OpenSearch Service to run performance benchmarks.

The following table summarizes our OpenSearch Service configuration details.

  Configuration 1 Configuration 2
Number of cluster manager nodes 3 3
Type of cluster manager nodes c6g.xlarge c6g.xlarge
Number of data nodes 3 3
Type of data node r6g.large or1.large
Data node: EBS volume size (GP3) 200 GB 200 GB
Multi-AZ with standby enabled Yes Yes

Now let’s examine the performance details between the two configurations.

Performance benchmark comparison

The http_logs dataset contains HTTP server logs from the 1998 World Cup website between April 30, 1998 and July 26, 1998. Each request consists of a timestamp field, client ID, object ID, size of the request, method, status, and more. The uncompressed size of the dataset is 31.1 GB with 247 million JSON documents. The amount of load sent to both domain configurations is identical. The following table displays the amount of time taken to run various aspects of an OpenSearch workload on our two configurations.

Category Metric Name

Configuration 1

(3* r6g.large data nodes)

Runtimes

Configuration 2

(3* or1.large data nodes)

Runtimes

 Performance Difference
Indexing Cumulative indexing time of primary shards 207.93 min 142.50 min 31%
Indexing Cumulative flush time of primary shards 21.17 min 2.31 min 89%
Garbage Collection Total Young Gen GC time 43.14 sec 24.57 sec 43%
bulk-index-append p99 latency 10857.2 ms 2455.12 ms 77%
query-Mean Throughput 29.76 ops/sec 36.24 ops/sec 22%
query-match_all(default) p99 latency 40.75 ms 32.99 ms 19%
query-term p99 latency 7675.54 ms 4183.19 ms 45%
query-range p99 latency 59.5316 ms 51.2864 ms 14%
query-hourly_aggregation p99 latency 5308.46 ms 2985.18 ms 44%
query-multi_term_aggregation p99 latency 8506.4 ms 4264.44 ms 50%

The benchmarks show a notable enhancement across various performance metrics. Specifically, OR1.large data nodes demonstrate a 31% reduction in indexing time for primary shards compared to r6g.large data nodes. OR1.large data nodes also exhibit a 43% improvement in garbage collection efficiency and significant enhancements in query performance, including term, range, and aggregation queries.

The extent of improvement depends on the workload. Therefore, make sure to run custom workloads as expected in your production environments in terms of indexing throughput, type of search queries, and concurrent requests.

Migration journey to OR1

The OR1 instance family is available in OpenSearch Service 2.11 or higher. Usually, if you’re using OpenSearch Service and you want to benefit from new released features in a specific version, you would follow the supported upgrade paths to upgrade your domain.

However, to use the OR1 instance type, you need to create a new domain with OR1 instances and then migrate your existing domain to the new domain. The migration journey to OpenSearch Service domain using an OR1 instance is similar to a typical OpenSearch Service migration scenario. Critical aspects involve determining the appropriate size for the target environment, selecting suitable data migration methods, and devising a seamless cutover strategy. These elements provide optimal performance, smooth data transition, and minimal disruption throughout the migration process.

To migrate data to a new OR1 domain, you can use the snapshot restore option or use Amazon OpenSearch Ingestion to migrate the data for your source.

For instructions on migration, refer to Migrating to Amazon OpenSearch Service.

Clean up

To avoid incurring continued AWS usage charges, make sure you delete all the resources you created as part of this post, including your OpenSearch Service domain.

Conclusion

In this post, we ran a benchmark to review the performance of the OR1 instance family compared to the memory-optimized r6g instance. We used OpenSearch Benchmark, a comprehensive tool for gathering performance metrics from OpenSearch clusters.

Learn more about how OR1 instances work and experiment with OpenSearch Benchmark to make sure your OpenSearch Service configuration matches your workload demand.

About the Authors

Jatinder Singh is a Senior Technical Account Manager at AWS and finds satisfaction in aiding customers in their cloud migration and innovation endeavors. Beyond his professional life, he relishes spending moments with his family and indulging in hobbies such as reading, culinary pursuits, and playing chess.

Hajer Bouafif is an Analytics Specialist Solutions Architect at Amazon Web Services. She focuses on Amazon OpenSearch Service and helps customers design and build well-architected analytics workloads in diverse industries. Hajer enjoys spending time outdoors and discovering new cultures.

Puneetha Kumara is a Senior Technical Account Manager at AWS, with over 15 years of industry experience, including roles in cloud architecture, systems engineering, and container orchestration.

Manpreet Kour is a Senior Technical Account Manager at AWS and is dedicated to ensuring customer satisfaction. Her approach involves a deep understanding of customer objectives, aligning them with software capabilities, and effectively driving customer success. Outside of her professional endeavors, she enjoys traveling and spending quality time with her family.

Apple Is Alerting iPhone Users of Spyware Attacks

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2024/07/apple-is-alerting-iphone-users-of-spyware-attacks.html

Not a lot of details:

Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April.

[$] Reports from OSPM 2024, part 1

Post Syndicated from corbet original https://lwn.net/Articles/981371/

The sixth edition of the Power Management and Scheduling
in the Linux Kernel (OSPM) Summit took place on May 30-31 2024, and was
graciously hosted by the Institut de
Recherche en Informatique de Toulouse (IRIT) in Toulouse, France. This
is the first of a series of articles describing the discussions held at
OSPM 2024; topics covered include latency hints, energy-aware scheduling,
ChromeOS, and user-space schedulers.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/981716/

Security updates have been issued by AlmaLinux (dotnet6.0, dotnet8.0, fence-agents, and virt:rhel and virt-devel:rhel), Debian (exim4 and firefox-esr), Fedora (dotnet8.0, firefox, onnx, qt6-qtbase, squid, and wordpress), Mageia (golang, netatalk, php, and poppler), Red Hat (ghostscript, httpd, openssh, python3, and ruby), Slackware (mozilla), SUSE (kernel and openssh), and Ubuntu (linux-aws-5.4, linux-azure, linux-ibm-5.15, and python3.5, python3.6, python3.7, python3.8, python3.9, python3.10,
python3.11, python3.12).

An empirical study of Rust for Linux

Post Syndicated from corbet original https://lwn.net/Articles/981635/

The research value of this
USENIX paper by Hongyu Li et al. is not entirely clear, but it does
show that the Rust-for-Linux project is gaining wider attention.

Despite more novice developers being attracted by Rust to the
kernel community, we have found their commits are mainly for
constructing Rust-relevant toolchains as well as Rust crates alone;
they do not, however, take part in kernel code development. By
contrast, 5 out of 6 investigated drivers (as seen in Table 5) are
mainly contributed by authors from the Linux community. This
implies a disconnection be- tween the young and the seasoned
developers, and that the bar of kernel programming is not lowered
by Rust language.

As a bonus, it includes a ChatGPT analysis of LWN and Hacker News comments.

Application Security report: 2024 update

Post Syndicated from Michael Tremante original https://blog.cloudflare.com/application-security-report-2024-update


Over the last twelve months, the Internet security landscape has changed dramatically. Geopolitical uncertainty, coupled with an active 2024 voting season in many countries across the world, has led to a substantial increase in malicious traffic activity across the Internet. In this report, we take a look at Cloudflare’s perspective on Internet application security.

This report is the fourth edition of our Application Security Report and is an official update to our Q2 2023 report. New in this report is a section focused on client-side security within the context of web applications.

Throughout the report we discuss various insights. From a global standpoint, mitigated traffic across the whole network now averages 7%, and WAF and Bot mitigations are the source of over half of that. While DDoS attacks remain the number one attack vector used against web applications, targeted CVE attacks are also worth keeping an eye on, as we have seen exploits as fast as 22 minutes after a proof of concept was released.

Focusing on bots, about a third of all traffic we observe is automated, and of that, the vast majority (93%) is not generated by bots in Cloudflare’s verified list and is potentially malicious.

API traffic is also still growing, now accounting for 60% of all traffic, and maybe more concerning, is that organizations have up to a quarter of their API endpoints not accounted for.

We also touch on client side security and the proliferation of third-party integrations in web applications. On average, enterprise sites integrate 47 third-party endpoints according to Page Shield data.

It is also worth mentioning that since the last report, our network, from which we gather the data and insights, is bigger and faster: we are now processing an average of 57 million HTTP requests/second (+23.9% YoY) and 77 million at peak (+22.2% YoY). From a DNS perspective, we are handling 35 million DNS queries per second (+40% YoY). This is the sum of authoritative and resolver requests served by our infrastructure.

Maybe even more noteworthy, is that, focusing on HTTP requests only, in Q1 2024 Cloudflare blocked an average of 209 billion cyber threats each day (+86.6% YoY). That is a substantial increase in relative terms compared to the same time last year.

As usual, before we dive in, we need to define our terms.

Definitions

Throughout this report, we will refer to the following terms:

  • Mitigated traffic: any eyeball HTTP* request that had a “terminating” action applied to it by the Cloudflare platform. These include the following actions: BLOCK, CHALLENGE, JS_CHALLENGE and MANAGED_CHALLENGE. This does not include requests that had the following actions applied: LOG, SKIP, ALLOW. They also accounted for a relatively small percentage of requests. Additionally, we improved our calculation regarding the CHALLENGE type actions to ensure that only unsolved challenges are counted as mitigated. A detailed description of actions can be found in our developer documentation. This has not changed from last year’s report.
  • Bot traffic/automated traffic: any HTTP* request identified by Cloudflare’s Bot Management system as being generated by a bot. This includes requests with a bot score between 1 and 29 inclusive. This has not changed from last year’s report.
  • API traffic: any HTTP* request with a response content type of XML or JSON. Where the response content type is not available, such as for mitigated requests, the equivalent Accept content type (specified by the user agent) is used instead. In this latter case, API traffic won’t be fully accounted for, but it still provides a good representation for the purposes of gaining insights. This has not changed from last year’s report.

Unless otherwise stated, the time frame evaluated in this post is the period from April 1, 2023, through March 31, 2024, inclusive.

Finally, please note that the data is calculated based only on traffic observed across the Cloudflare network and does not necessarily represent overall HTTP traffic patterns across the Internet.

*When referring to HTTP traffic we mean both HTTP and HTTPS.

Global traffic insights

Average mitigated daily traffic increases to nearly 7%

Compared to the prior 12-month period, Cloudflare mitigated a higher percentage of application layer traffic and layer 7 (L7) DDoS attacks between Q2 2023 and Q1 2024, growing from 6% to 6.8%.

Figure 1: Percent of mitigated HTTP traffic increasing over the last 12 months

During large global attack events, we can observe spikes of mitigated traffic approaching 12% of all HTTP traffic. These are much larger spikes than we have ever observed across our entire network.

WAF and Bot mitigations accounted for 53.9% of all mitigated traffic

As the Cloudflare platform continues to expose additional signals to identify potentially malicious traffic, customers have been actively using these signals in WAF Custom Rules to improve their security posture. Example signals include our WAF Attack Score, which identifies malicious payloads, and our Bot Score, which identifies automated traffic.

After WAF and Bot mitigations, HTTP DDoS rules are the second-largest contributor to mitigated traffic. IP reputation, that uses our IP threat score to block traffic, and access rules, which are simply IP and country blocks, follow in third and fourth place.

Figure 2: Mitigated traffic by Cloudflare product group

CVEs exploited as fast as 22 minutes after proof-of-concept published

Zero-day exploits (also called zero-day threats) are increasing, as is the speed of weaponization of disclosed CVEs. In 2023, 97 zero-days were exploited in the wild, and that’s along with a 15% increase of disclosed CVEs between 2022 and 2023.

Looking at CVE exploitation attempts against customers, Cloudflare mostly observed scanning activity, followed by command injections, and some exploitation attempts of vulnerabilities that had PoCs available online, including Apache CVE-2023-50164 and CVE-2022-33891, Coldfusion CVE-2023-29298 CVE-2023-38203 and CVE-2023-26360, and MobileIron CVE-2023-35082.

This trend in CVE exploitation attempt activity indicates that attackers are going for the easiest targets first, and likely having success in some instances given the continued activity around old vulnerabilities.

As just one example, Cloudflare observed exploitation attempts of CVE-2024-27198 (JetBrains TeamCity authentication bypass) at 19:45 UTC on March 4, just 22 minutes after proof-of-concept code was published.

Figure 3: JetBrains TeamCity authentication bypass timeline

The speed of exploitation of disclosed CVEs is often quicker than the speed at which humans can create WAF rules or create and deploy patches to mitigate attacks. This also applies to our own internal security analyst team that maintains the WAF Managed Ruleset, which has led us to combine the human written signatures with an ML-based approach to achieve the best balance between low false positives and speed of response.

CVE exploitation campaigns from specific threat actors are clearly visible when we focus on a subset of CVE categories. For example, if we filter on CVEs that result in remote code execution (RCE), we see clear attempts to exploit Apache and Adobe installations towards the end of 2023 and start of 2024 along with a notable campaign targeting Citrix in May of this year.

Figure 4: Worldwide daily number of requests for Code Execution CVEs

Similar views become clearly visible when focusing on other CVEs or specific attack categories.

DDoS attacks remain the most common attack against web applications

DDoS attacks remain the most common attack type against web applications, with DDoS comprising 37.1% of all mitigated application traffic over the time period considered.

Figure 5: Volume of HTTP DDoS attacks over time

We saw a large increase in volumetric attacks in February and March 2024. This was partly the result of improved detections deployed by our teams, in addition to increased attack activity. In the first quarter of 2024 alone, Cloudflare’s automated defenses mitigated 4.5 million unique DDoS attacks, an amount equivalent to 32% of all the DDoS attacks Cloudflare mitigated in 2023. Specifically, application layer HTTP DDoS attacks increased by 93% YoY and 51% quarter-over-quarter (QoQ).

Cloudflare correlates DDoS attack traffic and defines unique attacks by looking at event start and end times along with target destination.

Motives for launching DDoS attacks range from targeting specific organizations for financial gains (ransom), to testing the capacity of botnets, to targeting institutions and countries for political reasons. As an example, Cloudflare observed a 466% increase in DDoS attacks on Sweden after its acceptance to the NATO alliance on March 7, 2024. This mirrored the DDoS pattern observed during Finland’s NATO acceptance in 2023. The size of DDoS attacks themselves are also increasing.

In August 2023, Cloudflare mitigated a hyper-volumetric HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (rps) – three times larger than any previously observed attack. In the attack, threat actors exploited a zero-day vulnerability in the HTTP/2 protocol that had the potential to incapacitate nearly any server or application supporting HTTP/2. This underscores how menacing DDoS vulnerabilities are for unprotected organizations.

Gaming and gambling became the most targeted sector by DDoS attacks, followed by Internet technology companies and cryptomining.

Figure 6: Largest HTTP DDoS attacks as seen by Cloudflare, by year

Bot traffic insights

Cloudflare has continued to invest heavily in our bot detection systems. In early July, we declared AIndependence to help preserve a safe Internet for content creators, offering a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier.

Major progress has also been made in other complementary systems such as our Turnstile offering, a user-friendly, privacy-preserving alternative to CAPTCHA.

All these systems and technologies help us better identify and differentiate human traffic from automated bot traffic.

On average, bots comprise one-third of all application traffic

31.2% of all application traffic processed by Cloudflare is bot traffic. This percentage has stayed relatively consistent (hovering at about 30%) over the past three years.

The term bot traffic may carry a negative connotation, but in reality bot traffic is not necessarily good or bad; it all depends on the purpose of the bots. Some are “good” and perform a needed service, such as customer service chatbots and authorized search engine crawlers. But some bots misuse an online product or service and need to be blocked.

Different application owners may have different criteria for what they deem a “bad” bot. For example, some organizations may want to block a content scraping bot that is being deployed by a competitor to undercut on prices, whereas an organization that does not sell products or services may not be as concerned with content scraping. Known, good bots are classified by Cloudflare as “verified bots.”

93% of bots we identified were unverified bots, and potentially malicious

Unverified bots are often created for disruptive and harmful purposes, such as hoarding inventory, launching DDoS attacks, or attempting to take over an account via brute force or credential stuffing. Verified bots are those that are known to be safe, such as search engine crawlers, and Cloudflare aims to verify all major legitimate bot operators. A list of all verified bots can be found in our documentation.

Attackers leveraging bots focus most on industries that could bring them large financial gains. For example, consumer goods websites are often the target of inventory hoarding, price scraping run by competition or automated applications aimed at exploiting some sort of arbitrage (for example, sneaker bots). This type of abuse can have a significant financial impact on the target organization.

Figure 8: Industries with the highest median daily share of bot traffic

API traffic insights

Consumers and end users expect dynamic web and mobile experiences powered by APIs. For businesses, APIs fuel competitive advantages, greater business intelligence, faster cloud deployments, integration of new AI capabilities, and more.

However, APIs introduce new risks by providing outside parties additional attack surfaces with which to access applications and databases which also need to be secured. As a consequence, numerous attacks we observe are not targeting API endpoints first rather than the traditional web interfaces.

The additional security concerns are of course not slowing down adoption of API first applications.

60% of dynamic (non cacheable) traffic is API-related

This is a two percentage point increase compared to last year’s report. Of this 60%, about 4% on average is mitigated by our security systems.

Figure 9: Share of mitigated API traffic

A substantial spike is visible around January 11-17 that accounts for almost a 10% increase in traffic share alone for that period. This was due to a specific customer zone receiving attack traffic that was mitigated by a WAF Custom Rule.

Digging into mitigation sources for API traffic, we see the WAF being the largest contributor, as standard malicious payloads are commonly applicable to both API endpoints and standard web applications.

Figure 10: API mitigated traffic broken down by product group

A quarter of APIs are “shadow APIs”

You cannot protect what you cannot see. And, many organizations lack accurate API inventories, even when they believe they can correctly identify API traffic.

Using our proprietary machine learning model that scans not just known API calls, but all HTTP requests (identifying API traffic that may be going unaccounted for), we found that organizations had 33% more public-facing API endpoints than they knew about. This number was the median, and it was calculated by comparing the number of API endpoints detected through machine learning based discovery vs. customer-provided session identifiers.

This suggests that nearly a quarter of APIs are “shadow APIs” and may not be properly inventoried and secured.

Client-side risks

Most organizations’ web apps rely on separate programs or pieces of code from third-party providers (usually coded in JavaScript). The use of third-party scripts accelerates modern web app development and allows organizations to ship features to market faster, without having to build all new app features in-house.

Using Cloudflare’s client side security product, Page Shield, we can get a view on the popularity of third party libraries used on the Internet and the risk they pose to organizations. This has become very relevant recently due to the Polyfill.io incident that affected more than one hundred thousand sites.

Enterprise applications use 47 third-party scripts on average

Cloudflare’s typical enterprise customer uses an average of 47 third-party scripts, and a median of 20 third-party scripts. The average is much higher than the median due to SaaS providers, who often have thousands of subdomains which may all use third-party scripts. Here are some of the top third-party script providers Cloudflare customers commonly use:

  • Google (Tag Manager, Analytics, Ads, Translate, reCAPTCHA, YouTube)
  • Meta (Facebook Pixel, Instagram)
  • Cloudflare (Web Analytics)
  • jsDelivr
  • New Relic
  • Appcues
  • Microsoft (Clarity, Bing, LinkedIn)
  • jQuery
  • WordPress (Web Analytics, hosted plugins)
  • Pinterest
  • UNPKG
  • TikTok
  • Hotjar

While useful, third-party software dependencies are often loaded directly by the end-user’s browser (i.e. they are loaded client-side) placing organizations and their customers at risk given that organizations have no direct control over third-party security measures. For example, in the retail sector, 18% of all data breaches originate from Magecart style attacks, according to Verizon’s 2024 Data Breach Investigations Report.

Enterprise applications connect to nearly 50 third-parties on average

Loading a third-party script into your website poses risks, even more so when that script “calls home” to submit data to perform the intended function. A typical example here is Google Analytics: whenever a user performs an action, the Google Analytics script will submit data back to the Google servers. We identify these as connections.

On average, each enterprise website connects to 50 separate third-party destinations, with a median of 15. Each of these connections also poses a potential client-side security risk as attackers will often use them to exfiltrate additional data going unnoticed.

Here are some of the top third-party connections Cloudflare customers commonly use:

  • Google (Analytics, Ads)
  • Microsoft (Clarity, Bing, LinkedIn)
  • Meta (Facebook Pixel)
  • Hotjar
  • Kaspersky
  • Sentry
  • Criteo
  • tawk.to
  • OneTrust
  • New Relic
  • PayPal

Looking forward

This application security report is also available in PDF format with additional recommendations on how to address many of the concerns raised, along with additional insights.

We also publish many of our reports with dynamic charts on Cloudflare Radar, making it an excellent resource to keep up to date with the state of the Internet.

What’s New in Rapid7 Products & Services: Q2 2024 in Review

Post Syndicated from Margaret Wei original https://blog.rapid7.com/2024/07/11/whats-new-in-rapid7-products-services-q2-2024-in-review/

What’s New in Rapid7 Products & Services: Q2 2024 in Review

This quarter we continued to make investments that provide security professionals with a holistic, actionable view of their entire attack surface. In Q2, we focused on enhancing visualization, prioritization, and integration capabilities across our key products and services. Below we’ve highlighted key releases and updates from the quarter across Rapid7 products and services—including InsightCloudSec, InsightVM, InsightIDR, Managed Detection and Response, and Rapid7 Labs.

Rapid7 acquires Noble to deliver comprehensive visibility and command of your attack surface

Rapid7 has acquired Noble, a leading provider of continuous cyber asset inventory, visibility, and management. This acquisition further enhances our ability to provide customers with the necessary control to monitor and manage exposures across their entire attack surface – from endpoint to cloud – with confidence. Visit our announcement overview page to learn more and stay tuned for additional details coming this summer.

Anticipate imminent threats from endpoint to cloud

Uncover multiple paths to risky compromised resources across cloud environments

We continue to enhance Attack Path Analysis in InsightCloudSec, most recently adding a new visualization that shows all of the various paths to a potentially compromised resource, providing a better understanding of the potential blast radius of an attack. We’ve also added the ability to export Attack Path graphs as a PDF, JPG, PNG, or SVG for easy sharing with additional stakeholders.

Automatically prioritize the most at-risk resources based on Layered Context

Layered Context provides insight into the riskiest resources running across cloud environments by taking into account a variety of risk signals from vulnerabilities to identity-related risk and public accessibility. This context makes it easier for security teams to effectively and efficiently prioritize cloud risk remediation efforts.

We recently released the following updates to Layered context:

  • Automatic prioritization of riskiest resources by taking into account the presence of toxic combinations to assign a relative risk score to all cloud resources.
  • A new risk tab, located on the Resource Details panel, that details all the risks impacting a resource in one view, transparently and efficiently diagnosing what is risky and why.

Access agent-based policy assessment results with InsightVM’s Bulk Export API.

Agent-based policy assessment is used to conduct configuration assessments of IT assets against widely used industry benchmarks or custom internal policies. Now customers can use the new Bulk Export API to export the policy assessment results data to their business intelligence tools and build custom visualizations and workflows that meet their reporting needs. Additionally, this API allows for efficient request and download of large data sets directly from the Insight Platform, avoiding unnecessary load on the Security Console and giving greater flexibility in handling the high volume of data that policy assessments produce.

Insight Agent support for ARM-based Windows 11 devices in InsightVM

Take advantage of the ARM processor chip’s great performance and low power requirements while maintaining agent-based visibility and assessment of remote assets within InsightVM. We also released enhanced vulnerability coverage for Windows 11 to provide customers with even higher quality, accurate vulnerability content.

Pinpoint critical signals of an attack and act confidently against threats

Rapid7 AI Engine extended to include Generative AI, driving improved MDR efficiency

Enhancements to the Rapid7 AI Engine have brought new Generative AI capabilities to the Rapid7 SOC, improving the efficacy and efficiency of our MDR services. These new additions include:

  • The new SOC Assistant that guides our internal SOC and MDR analysts through complex investigations and streamlines response workflows by querying sources like the Rapid7 MDR Handbook, keeping our analysts a step ahead.
  • The ability to automatically generate incident reports once investigations are closed out, streamlining a typically manual and time-intensive process. Every report that is generated by the Rapid7 AI Engine is reviewed and enhanced as needed by our SOC teams, making certain every data point is accurate and actionable.

Stop attacks before they begin with Rapid7’s patented Ransomware Prevention

Rapid7’s patented, preemptive Ransomware Prevention technology focuses on disrupting the evasive behaviors that ransomware and other forms of malware leverage, preventing both known and unknown (zero-day) attacks before they start. Coexisting alongside NGAV, EDR, and EPP solutions, Ransomware Prevention:

  • Provides an additional layer of protection on the endpoint focused on mitigating the risk associated with ransomware by using proprietary Data Encryption detection and response technology.
  • Focuses on the inner techniques that malicious and evasive attacks employ and embed in processes (instead of passively looking for patterns and analyzing processes and behaviors on runtime or post-execution), manipulating their logic so that they refrain from execution.

Monitor Crowdstrike Falcon EDR alerts within InsightIDR for streamlined alert triage

Simplify operations and optimize resource allocation by further integrating third party endpoint detection and response solutions with Rapid7. Managed Detection and Response customers can integrate CrowdStrike Falcon Endpoint with InsightIDR and leverage Rapid7’s highly skilled and experienced MDR SOC to help triage incoming alerts.

A growing library of actionable detections in InsightIDR

In Q2 2024 we added over 750 new detection rules. See them in-product or visit the Detection Library for descriptions and recommendations.

New research from Rapid7 Labs: The 2024 Attack Intelligence Report

Since 2020, Rapid7 has tracked huge increases in zero-day exploits, ransomware attacks, mass compromise incidents, and evolutions in attacker behavior. In our 2024 Attack Intelligence Report, Rapid7 Labs analyzed 14 months of attacker behavior and marquee vulnerabilities and provides expert analysis and practical guidance for security professionals.

Dive into key findings—like how 36% of the widely exploited vulnerabilities Rapid7 tracked involved network edge technology—in the report here.

In May we partnered with AWS for our Take Command 2024 Cybersecurity Summit, where we took a deep dive into new attack intelligence technologies like AI that are disrupting the threat landscape, macro influences on SOC teams, MDR services to build cyber resilience, and more. The sessions deliver clear guidance to zero in on threats and proactively prevent breaches—check them out on demand here.

Stay tuned for more!

As always, we’re continuing to work on exciting product enhancements and releases throughout the year. Keep an eye on our blog and release notes as we continue to highlight the latest in product and service investments at Rapid7.

Celebrating the community: Yang

Post Syndicated from Sophie Ashford original https://www.raspberrypi.org/blog/celebrating-the-community-yang/

We love hearing from members of the community and sharing the stories of amazing young people, volunteers, and educators who are using their passion for technology to create positive change in the world around them.

A woman is pictured sitting in the office. There's a window behind her with a view of the London skyline.

In our latest story, we’re heading to London to meet Yang, a Manager in Technology Consulting at EY specialising in Microsoft Business Applications, whose commitment to CoderDojo is truly inspiring. Yang’s passion for volunteering has grown since she first volunteered at a CoderDojo club at a local museum. In recent years, she has actively searched for ways to bring the CoderDojo movement to more children, and encouraged her colleagues to come along on the journey too.

Introducing Yang

When Yang was growing up, both of her parents worked in STEM, but her own journey into a career in technology took a varied route. After initially studying journalism in China, her path shifted when she pursued a Master’s in Digital Humanities at UCL, London, broadening her digital skills and paving the way for her current role.

On a weekend visit to a museum, Yang found the opportunity to volunteer at their CoderDojo. This experience sparked an enthusiasm to create more opportunities for young people to explore the world of computing, and this soon evolved into a plan to implement clubs at the EY offices. 

Building a community of mentors

With support from the EY Corporate Responsibility team, and fellow colleagues, Yang started to deliver Dojo sessions at the EY office in London. From the very first session, Yang was blown away by the level of enthusiasm among her colleagues, and their willingness to volunteer their time to support the club. She soon realised it was possible to roll this initiative out to other offices around the country, expanding the volunteer network and increasing their impact.

Yang mentors two young learners during a CoderDojo session.

Clubs have now been run in four EY offices across the UK, and the team has even seen the first international club take place, at the EY office in Baku, Azerbaijan. In total, EY clubs have seen around 350 young people attend and give coding a go.

Championing diversity in tech

As a woman in tech, Yang is all too aware of the gender imbalance in the industry, and this is something she wanted the clubs at the EY offices to address. 

“If there are some female role models, I think for a little girl grow up that means so much. Because if they can see somebody thrive in this industry, they will see themselves there one day. And that’s the inspiration.” – Yang

Yang actively encourages female participation in Dojo sessions, for example through holding sessions with a focus on engaging girls to mark International Women’s Day and Ada Lovelace Day. Through her leadership, she creates an inclusive environment where girls can envision themselves as future leaders. 

Yang mentors a young person during a CoderDojo session.

Yang’s motivation doesn’t only inspire the young people attending her clubs, but also resonates with those who work with her on a daily basis, including colleagues like Iman and Elizabeth, who shared how much they admire Yang’s dedication and energy.

“I would love to have had a role model like [Yang] when I was younger. She’s just so inspiring. She’s so full of energy. I mean, from my personal experience, when I was younger, we didn’t have anything to do with coding.

There were situations where I was vaguely interested [in computing] but was told that it wasn’t for girls. And now with Yang running these events, seeing the girls come here and being so interested and wanting to learn, it really opens up so many more doors for them that they don’t even realise.” – Elizabeth, colleague and CoderDojo volunteer

Seeing the impact of her mentorship and the enthusiasm of young participants has fueled Yang’s passion even further. 

This has been a great opportunity to set up CoderDojo sessions for young people. I’ve had a lot of support from colleagues and other volunteers who have helped to run the sessions […] I feel super proud of what we’ve achieved so far.” – Yang

For Yang, mentorship isn’t just about teaching technical skills; it’s about helping young people develop confidence and resilience, and letting everyone know there is a place for them in computing should they want one.

Two mentors deliver a presentation during a CoderDojo session.

Continuing to make a difference in her community and beyond, Yang recently participated in the 68th annual UN Women’s Commission on the Status of Women, which is the UN’s largest annual gathering on gender equality and women’s empowerment. 

We’re delighted to be part of Yang’s journey, and can’t wait to see what she contributes to the world of tech next.

Help us celebrate Yang and her inspiring journey by sharing her story on X, LinkedIn, and Facebook.

The post Celebrating the community: Yang appeared first on Raspberry Pi Foundation.

В търсене на надежда

Post Syndicated from Лина Кривошиева original https://www.toest.bg/v-tursene-na-nadezhda/

В търсене на надежда

Чрез камерата си надничам зад слънчевите усмивки на тези деца и се чувствам като страничен наблюдател на един капсулиран свят. Ще разкажа за своите впечатления такива, каквито ми се стовариха при първата обиколка на квартал „Надежда“ в град Сливен, за

историите, скрити зад усмивките на децата.

Темата за ромските малцинства може би създава дискомфорт у мнозина по разнообразни причини – без значение дали сме леви, или десни. Иска ми се още в началото откровено да заявя, че аз самата съм генерално невежа по отношениe на ромската култура. Макар да имам добри намерения, не се срещам ежедневно с тази тема. И именно това се оказа важно за разгръщането на историята. За мен ромите бяха почти невидими, преди да обиколя села, къщи и семейства в Северна и Южна България. Благодарение на тези срещи, си дадох сметка, че

Невидимостта на ромите е следствие от наследствената бедност, която води до категоричното им отчуждаване и заличаване от обществения живот.

През 2022 г. пристигам в Сливен и веднага ме превеждат през „тунела“. Това е една от двете основни връзки на града с квартал, ограден с бетонна стена. Прекосявайки жп подлеза, се озовавам в непозната за сетивата ми среда. Преобладаващата архитектура в самото начало на квартала ми се вижда позната – 2-3-етажни постройки от редени тухли без мазилка. Често собственост на по-заможните в квартала.

Маршрутът ни прекарва през различните класови разделения в това принудително капсулирано общество. Навлизаме по-дълбоко в квартала и всичко ми се струва все по-чуждо. Липсата на дървета и зеленина, изпочупената настилка, постепенно обедняващите къщи. В началото ми е трудно да погледна хората – опитвам се да имам неутрално поведение, но се чувствам видимо непринадлежаща на махалата. Започват да ни следват деца и това успокоява забързаната ми мисъл. Въпреки видимите ни различия проявяваме интерес едни към други. Именно това ще се окаже причината по-късно да напиша този материал.

Улиците се стесняват дотолкова, че едва минава кола. Сблъсквам се с все по-бедна обстановка и се чудя как е възможно цялата среда да деградира на всеки следващ завой –

липсващи настилки, прозорци и врати, електричество, канализация… оскъдни постройки, ако изобщо могат да се окачествят като постройки.

Децата около нас са вече над 15 и ни следват с шумен интерес. Тук-там се спираме и се снимаме, но много възрастни ни гледат особено подозрително. Стигаме до крайната източна част на квартала, където отчаянието ми бележи връхната си точка. Последната улица ни отвежда до голямо сметище, в което сред боклуците разпознавам бебе в ръцете на майка. С нея се поглеждаме за кратък миг. Дори не мога да асимилирам сцената, на която съм свидетел. Вдигам камерата, снимам.

В търсене на надежда
В търсене на надежда
В търсене на надежда
В търсене на надежда
В търсене на надежда
В търсене на надежда

Фотографии © Лина Кривошиева

От 2022 г. насам посещавам квартала няколко пъти и участвам в редица мероприятия, организирани специално за децата по покана на Росица Кратункова и Ливиа Отал – съоснователки на Фондация „За Надежда“. Роси и Ливиа ми разкриват смисъла зад поведението на малките (а понякога дори и на възрастните). Още на първото събитие някои от децата ме запомнят – аз тях също. Тъй като имаме значителни културни и социални разлики (аз не знам кои са Фики, Роксана, не слушам популярна музика, говоря със сложни за тях думи, като „предпочитам“ и „пространство“), се опознаваме по един емоционален и интуитивен начин – танцуваме, смеем се, играем, говорим си за съвсем елементарни на пръв поглед неща, тоест обръщаме си внимание.

Да пораснеш в махалата няма нищо общо с начина, по който съм пораснала аз например. При всеки сблъсък с тази действителност си давам сметка, че говорим за една комплексна система от заобикаляща среда, здравеопазване, възпитание, общностно отглеждане, сигурност, култура, отношения и вероятно още много други неща, които пропускам.

В търсене на надежда
В търсене на надежда
В търсене на надежда
В търсене на надежда
В търсене на надежда
В търсене на надежда

Фотографии © Лина Кривошиева

Професията, за която момичетата мечтаят, е фризьорка или маникюристка, а момчетата искат да вземат книжка, за да карат кола. За някои от децата постигането на тези неща се оказва особено трудно. Често споделят, че искат да завършат образование, но циничката в мен понякога се пита дали не го казват само защото ние искаме да го чуем.

Управлението почти ги е изоставило (освен ако не броим сметището като „ресурс“ за поминък на най-бедните). В махалата действат собствени правила – има казино на мястото на читалище, което Общината продава през 2017 г., няма аптека, тротоарите са рядкост, зеленината също, първата детска площадка беше открита едва през 2023 г. на гаровия парк до квартала благодарение отново на НПО. Според изследвания на УНИЦЕФ България бедността и занемарената градска среда могат да доведат до недохранване и липса на основни условия за игра и развитие, което има дългосрочни негативни ефекти върху здравето и развитието на децата. 

Познавайки контекста, хлапетата се усмихват невинно и в същото време носят в себе си нещо, което не виждаме, не знаем и за което можем само да гадаем. Вече нерядко зад усмивките им се прокрадват онези тъмни истории, които съм научила, откакто ходя там. 

Някои от децата никога не са виждали море, не са се качвали на планина, нямат чисти дрехи, дрехи въобще, обувки, да не говорим за редовен достъп до храна или играчки. Някои от тях нямат близост и обич. Не са развили фина моторика. Иначе казано, те нямат детство, възможност за достоен живот, нито равен старт.

Затова пък имат наследствена бедност.

Обречени са от самото си раждане да повтарят модела на своите родители, като с всяко поколение се отдалечават от знанието на предишното. Ниското образование и безработицата са основни фактори, водещи до бедност в България. Безработните с начално или с по-ниско образование са особено уязвими, като рискът от бедност при тях надвишава 80%.

Фактите и числата изглеждат толкова истински в очите и усмивките на тези деца и толкова студени и безразлични, написани с мастило на хартия (или пиксели на екран). Дали ако ги наречем „български деца“, реакцията на гражданите ще е много по-категорична и остра? Реторичен въпрос. 

Децата формират следващото поколение. Възрастните формират децата.

На фестивала на 1 юни 2024 г. се доближавам още повече до живота на децата. Този ден е за тях. Те могат да пеят, да танцуват, играят и лудуват, да се смеят, да мечтаят, а не да гледат по-малките си братя и сестри, да работят заедно с родителите си, да чистят чужди къщи за пари.

По време на едно от посещенията установявам, че дете, което намирам за особено умно и прозорливо, се оказва една от жертвите на сексуално насилие от британския гражданин Даниел Хъл. Няма да забравя небрежния и травмиращ за мен разказ на Ливиа, докато пием кафе, гледайки отдалеч джип с множество деца, струпани около него. Наскоро самите те го нарекоха пред мен „лошия човек“. 

Кой е Даниел Хъл?

През 2016 г. британските власти го издирват, тъй като по време на дело за обвинения в сексуална експлоатация на деца и разпространение на детска порнография в интернет е бил освободен под гаранция. По това време се укрива в България, но е екстрадиран, след като е издадена европейска заповед за ареста му. Получава 15-месечна присъда, но е пуснат предсрочно и отново пристига в България, нарушавайки британските закони, които му забраняват да напуска страната. Според тези закони той е трябвало да се регистрира по постоянно местожителство и да се впише в регистъра на сексуалните насилници след излизането си от затвора.

Въпросният насилник насилва толкова отдавна, че някои от жертвите му вече са пораснали и имат свои деца. Фондация „За Надежда“ тропа на вратите на всички институции, за да намери начин 14-те семейства – официални жертви на педофила от второто дело срещу него, да получат справедливост. Звучи обещаващо. 

Истината обаче е, че всички съдии в Сливен отказват да поемат делото и да съдят Хъл за посегателство над деца, макар този път да има още по-солидни доказателства. И Даниел продължава да проповядва любов към Бога като самопровъзгласил се пастор, този път от ареста. Но най-вече, подобно на много насилници,

той търси отчаяни хора, чието доверие може да спечели лесно и бързо.

Ситуацията е толкова банална, че чак ми е неудобно. Сякаш несъзнателно отказваме да повярваме, че има жертви на такива схеми. В 90% от случаите насилниците са хора, на които жертвите имат доверие. Насилието се случва както в богати и заможни семейства, така и в бедни, сменят се просто инструментите на действие. Даниел знае от какво да се възползва най-добре – от безнадеждността и бедността на своите жертви. Затова им строи бани, къщи, плаща им животоспасяващи операции, води децата на екскурзии. На 20 юни получавам съобщение от Росица и Ливиа, че поредният съдия е отказал да разгледа делото.

Връщайки се към „наследствената бедност“ – онова, което ме преследва в историите на тези семейства, – бих искала да намеря за себе си отговор на някои въпроси, поставяйки се на мястото на самите хора:

Ще получа ли трудов договор на някое работно място? А как да отида на работа, ако няма кой да ми гледа децата? Ако не виждам надежда и ако съм жертва на физическо и в някои случаи на сексуално насилие? Ако теми като равнопоставеност, зелена сделка, климатични промени и здравеопазване не ме достигат – та аз дори нямам достъп до канализация?! Ако лекари ми отказват консултация как да гледам детето си, а учители не искат да ми преподават? Ако хората по улицата не желаят да ме погледнат, защото предпочитат да се справят с проблема, като си представят, че ме няма? 

Как да не допусна тази среда да ме изгради и промени? Как да се измъкна от нея? Как да намеря Надежда?

Помогнете ни да научим какви са читателските ви възприятия и отношението ви към „Тоест“, като попълните нашата анкета.

Making Patient Care Easier with Zabbix and Open-Future

Post Syndicated from Brian van Baekel original https://blog.zabbix.com/making-patient-care-easier-with-zabbix-and-open-future/28406/

The Antwerp University Hospital (UZA) is a university center known for top clinical and customer-friendly patient care, high-quality academic training, and groundbreaking scientific research with an important international dimension. The UZA has 593 hospital beds in 26 nursing units, as well as 41 highly specialized medical services where more than 800,000 patients are consulted every year and over 4,000 employees, including 642 doctors. Keep reading to see how Zabbix premium partner Open-Future rises to the challenge of monitoring this massive IT infrastructure.

The challenge

Due to the large amount of users connecting on a daily basis, the UZA’s Zabbix server was set up as a virtual machine with a front-end separate from the Zabbix server and database. Splitting the front-end from the Zabbix server allows them to use dedicated resources for the front-end and the Zabbix server.

Most of the monitoring is done by Zabbix agents on Linux and Windows. In order for the applications to see if everything is working as it should be, the Open-Future team leverages UserParameters and database monitoring with Zabbix Agent 2. For some more specific monitoring cases, we also make use of custom SQL scripts.

Because one server can have multiple teams responsible for just the application or the OS, getting the correct information to the right team proved to be a challenge. A simple solution was the creation of different trigger actions for every team that included only the triggers that were needed. Unfortunately this proved to be very difficult to manage over time and error-prone when changes were needed.

The solution

By making extensive use of tags in Zabbix, our team could add labels to the items and link them back to the correct user groups. This made it easier to send the right information to the correct teams and allowed them to both drastically reduce the number of actions that had to be created and simplify the actions that were created.

The results

Zabbix has proven itself as a powerful and versatile monitoring and management platform that allows our team to gain real-time insight into the performance of the UZA’s IT infrastructure and applications. Zabbix’s ability to collect and visualize various types of data (including network traffic, server load, application performance, and more) makes it easy to identify and resolve issues before they impact operations or patient care.

At present, Open-Future monitors about 1,400 hosts, a mix of Windows, Linux and BareMetal monitored by proxies. This allows us to monitor more then 10.000 metrics with more then 55,000 triggers to notify us in case of any potential issues. We make use of custom templates, plugins, and scripts to gather all needed information.

The impact of Zabbix on our operational efficiency cannot be overstated. Automated alerts and reporting functionality let us respond quickly to incidents and issues, which reduces downtime and maximizes the availability of critical systems. This has direct benefits for the UZA’s patients, as we can make sure that vital systems like electronic medical records are always available and that the quality of care is maintained at the highest level.

The post Making Patient Care Easier with Zabbix and Open-Future appeared first on Zabbix Blog.

Пет отровни дела. Няма да има прошка за нас

Post Syndicated from original https://www.toest.bg/pet-otrovni-dela-nyama-da-ima-proshka-za-nas/

Пет отровни дела. Няма да има прошка за нас

<< Към предишния текст от поредицата

Всъщност аз съм една малка пешка в цялата тази драма.

Така се представи Маргарита Шурупова, когато разговаряхме за първи път през юли 2022 г. От началото на войната на Русия срещу Украйна хиляди украински бежанци напуснаха страната си. Но Маргарита Шурупова не е украинка. Рускиня е.

Помните ли българската реклама от 1965 г., чийто слоган гласеше: „Това е земя на простичко щастие.“ Тогава България е един от най-близките сателити на СССР. В същия период в Съветския съюз започват да рекламират продукти, които държавата не произвежда: пилешка кайма, душ с гореща пара, тоалетна чиния с два капака и т.н. Компанията EFR създава над 7000 реклами. За разлика от днес, в комунистически системи, каквито са властвали в СССР, България и останалите членки на социалистическия лагер, рекламата е имала една-единствена цел – да създава усещането за изобилие и разнообразие, което в реалността не съществува.

Когато говорих за първи път с Маргарита Шурупова след началото на войната на Русия в Украйна през 2022 г., тя ми каза:

Няма да има прошка за нас. Този план за нападение над Украйна е съзрявал отдавна в ума на Путин. Бълнувания за империя, за велика държава, за Съветския съюз като някаква ценност. Смятат, че великата държава означава огромна територия, но нашият президент Владимир Путин не се интересува от богатството на държавата, не го интересува и развитието на технологиите или икономиката, нито високообразованите хора, които да живеят богато и щастливо в страната си. Той се интересува само от територията.

Маргарита е журналистка и преподавателка в университета в родния си град Томск.

Бях сред гражданските активисти, които критикуваха управлението на Путин, писала съм и много публикации срещу режима му. След началото на войната аз, а и мои съмишленици се опитвахме да обясним на гражданите, че тази война е катастрофа, срам, позор и престъпление, но в Русия много бързо започнаха да се приемат репресивни закони, които ограничават свободата на словото. На 4 март се прие Законът за средствата за масова информация. По същество той запушва устата на всички, които са против тази война, защото забранява да се коментира всичко, което се разминава с мнението на държавната пропаганда. Осъзнах, че не мога да продължавам да върша работата си без страх и с достойнство и да остана в Русия, защото не мога да мълча, а това ще ме изпрати в някой затвор.

На 27 октомври 2022 г. в България политическа партия „Възраждане“ вече е прекрачила четирипроцентния праг за влизане в Народното събрание на изборите, проведени в началото на месеца. Един от първите законопроекти, които внася, е за „чуждестранни агенти“. Законопроектът изцяло копира закона в Русия. Добре дошли в България през XXI век, чиито слогани на туристически реклами вече гласят: „Скрито пред очите ти“.

Разказвам на Маргарита за законодателните намерения на „Възраждане“. Тя се усмихва и продължава разказа си:

След приемането на този закон, в момента в Русия има само военна пропаганда. По същество тя вече е фашистка и националистическа в своите формулировки. Тоест в информационното поле на Русия има или такава пропаганда, или нищо. С колеги, които също емигрираха от Русия след началото на войната, създадохме проекта „Очевидците на 24 февруари“. Искахме да дадем възможност на хората срещу войната да кажат това, което мислят, и да покажем как от началото на войната се променя съдбата на всеки човек. После разбрахме, че проблемът е много по-широк. Ние нападнахме братски народ, има нещо дълбоко трагично и е огромно престъпление. Затова решихме да разговаряме и с украинци.

Маргарита е омъжена и има две деца. През пролетта на 2022-ра, почти веднага след нахлуването на Русия в Украйна, със семейството си бяга през Армения. Търсят страна членка на ЕС, която би им издала виза, за да продължат към Европа. Единствено Чехия откликва на молбата им. С тази виза семейството на Маргарита влиза в България и заживява във Варна.

Дойдохме в България, защото тук имаме роднини, които могат да ни помогнат. Но се оказа, че има бюрократичен проблем да останем, който само съдът може да реши.

Процесите

На 6 юли 2022 г. Маргарита, съпругът ѝ Владимир и двете им деца подават молба за статут на бежанци у нас. От Държавната агенция за бежанците (ДАБ) им насрочват интервю на 13 юли, но то не се състои. От ДАБ не дават обяснения за отлагането на интервюто. Уведомяват ги, че трябва да минат през Дъблинската процедура, защото имат визи за Чехия, а искат да останат в България. За семейство Шурупови започват, както ги определя Маргарита, „най-унизителните две години в живота им“.

В България, страната на „простичкото щастие“ и „скрити пред очите ни“ събития, унизителните процеси вече са започнали. По времето, когато семейство Шурупови буквално потъва в мрака и бюрокрацията на българските институции, на 14 юли 2022 г. президентът на републиката ни заявява:

Колкото повече оръжия поглъща войната в Украйна, толкова повече са жертвите и разрушенията. Украйна настоява да продължи да води тази война, но сметката се плаща от цяла Европа.

Интервюто на Шурупови се състои едва през септември 2022 г. Два месеца те нямат документи, за да могат да започнат работа или да открият сметка в българска банка, по която да им се изплати някакво възнаграждение. През октомври 2022 г. все пак получават удължаване на временните карти за пребиваване у нас и Владимир Шурупов подава документи за работа. Той е инвазивен кардиолог. Дипломата му от Русия не е призната в България, затова започва работа на строеж като общ работник, а в свободното си време прави лампи от намерени по плажа сухи клони. 

Пет отровни дела. Няма да има прошка за нас
Пет отровни дела. Няма да има прошка за нас
Пет отровни дела. Няма да има прошка за нас

В края на октомври, след кореспонденция с Чешката република, ДАБ започва процедура по екстрадиране на семейството там.

На 19 декември 2022 г. Шурупови обжалват в съда решението да бъдат изпратени в Чехия с аргументите, че двете им деца са непълнолетни и за тях постоянното местене от страна в страна е голям стрес. Освен това децата вече са започнали да посещават българско училище, в което са се адаптирали добре, говорят български, имат приятели в България.

В края на януари 2023 г. ДАБ и българските съдилища решават да разделят семейството по странен признак – делото за оставане в България и придобиване на бежански статут на Маргарита и по-малкия ѝ син се гледат заедно. Но делото на по-големия им син, както и това на съпруга ѝ Владимир се гледат отделно. Маргарита не разбира логиката:

Обясниха ни от Агенцията [ДАБ – б.а.], че делата на деца над 14-годишна възраст се разглеждат отделно, въпреки че случаите на членовете на семейството са свързани. Синът ми е бил под 14-годишна възраст, когато е подал молба за статут, и забавянето беше по тяхна вина. Защо разделят като отделни случаи членовете на едно семейство?

Започва поредица от дела и обжалвания за всеки от членовете на семейството.

Бяхме в шок, когато единият съд в София постанови, че по-големият ни син, който вече беше навършил 15 години, и съпругът ми нямали основание да останат в България и ще бъдат екстрадирани в Чехия, а аз и малкият ни син ще останем в България. Разбира се, обжалвахме това ужасно за нас решение. Бях готова да се обърна към Европейския съд по правата на човека, защото обективно децата ни – и особено големият ни син – преживяха това решение много тежко. Да, той беше навършил вече 15 години, но това са само 15 години. Той е почти дете. На всичкото отгоре след решението да бъдем разделени ДАБ унищожи временните документи на сина ми за престой в България. След като разбра, че искат да го изпратят в Чехия, детето ми разви тревожно разстройство, консултирахме се с лекар и след това приложихме документ в съда при поредното обжалване, за да докажем, че той не бива да променя средата си и че се страхува да напусне България, но това не повлия на решението на съда.

Маргарита и семейството ѝ изчерпват всички възможни процедури по обжалване решенията на ДАБ и няколко български съдилища големият ѝ син и съпругът ѝ да не бъдат екстрадирани в Чехия. Това им коства ежемесечни пътувания от Варна до София, „понякога по два пъти в месеца, през една седмица“, за да минават отново и отново през грозни процедури на разпити, обяснения, доказване, че едно семейство не бива да бъде разделяно.

Агенцията за бежанците в известен смисъл е като изпитателна лаборатория и се вижда как европейски ценности се реализират на практика. Процедурата е организирана така, че възможно най-малко хора да я преживеят. Тоест бягството от кръвожадната ни родина не означава край на унижението и живота без бъдеще. Предполагам, че се държат така не само с нас, опозиционно настроените руснаци. Макар че понякога е трудно да се повярва в това.

На 7 декември 2023 г. Владимир получава статут на бежанец в България. Големият им син обаче продължава да чака решението на съда още месец. Получава го последен от цялото семейство – на 12 януари 2024 г. Дете на 15 години е чакало месец дали ще бъде разделено от родителите и брат си, след като останалите членове на семейството му са получили статут на бежанци у нас.

Все още се справяме с последиците от всички тези изпитания. Големият ни син продължава да посещава психотерапевт, но и до днес има паникатаки.

Докато работих по случая „Шурупови“, прочетох всички разпоредби, уведомления и решения на българските институции – ДАБ, отдел „Миграция“ към МВР – Варна и съдилищата във Варна и София.

Един пример: „Изяснената фактическа обстановка показва, че за търсещия закрила не са налице предпоставки за предоставяне на статут на бежанец по смисъла на чл. 8, ал. 1 от ЗУБ. Същевременно за чужденеца са налице основания за предоставяне на статут на бежанец по смисъла на чл. 8, ал. 9 от ЗУБ. С оглед на доказателствата и наличието на предпоставки по чл.8, ал. 9 от ЗУБ, на молителя следва да бъде предоставен статут на бежанец. Това е съвместимо с личния му статус и не са налице обстоятелства по чл. 12, ал. 1 от ЗУБ. Предвид изложеното и на основание чл. 75, ал. 1, т. 1 във връзка с чл. 8, ал. 9 от Закона за убежището и бежанците приемам следното: Предоставям статут на бежанец на …“ И от документ на ДАБ: „Лицето е с статут чужденец.“ (Цитатите са със запазен правопис.)

Унижение е основното усещане, което изживявахме през цялото време. Бяхме унижени от обстановката в Агенцията, от отношението на персонала и от хода на самата процедура.

Пет отровни дела. Няма да има прошка за нас
Пет отровни дела. Няма да има прошка за нас
Пет отровни дела. Няма да има прошка за нас

Към датата на публикуване на този текст Владимир Шурупов е изправен пред нов бюрократичен казус. За да започне работа като лекар в България, от Министерството на здравеопазването изискват от него документ, който да удостовери колко часа „извънаудиторни занимания за самоподготовка“ е имал като студент.

Министерството на здравеопазването на Република България не се съобразява с факта, че Владимир Шурупов е политически бежанец от Руската федерация и няма как да се върне там, за да вземе такава справка.

Между другото, от началото на войната на Русия срещу Украйна в България шест пъти са проведени предсрочни парламентарни избори. Слоганите на предизборните кампании на политиците ни изглеждат така: „Ред в хаоса“, „По-силни от хаоса“, „Довери се на разума“, „Да си довършим работата“, „Време ни е за Възраждане“.

Така държавата на „простичкото щастие“ от 1965 г. през ХХI век се превърна в държавата, в която всичко е „скрито пред очите ти“.

Помогнете ни да научим какви са читателските ви възприятия и отношението ви към „Тоест“, като попълните нашата анкета.

AWS achieves third-party attestation of conformance with the Secure Software Development Framework (SSDF)

Post Syndicated from Hayley Kleeman Jung original https://aws.amazon.com/blogs/security/aws-achieves-third-party-attestation-of-conformance-with-the-secure-software-development-framework-ssdf/

Amazon Web Services (AWS) is pleased to announce the successful attestation of our conformance with the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF), Special Publication 800-218. This achievement underscores our ongoing commitment to the security and integrity of our software supply chain.

Executive Order (EO) 14028, Improving the Nation’s Cybersecurity (May 12, 2021) directs U.S. government agencies to take a variety of actions that “enhance the security of the software supply chain.” In accordance with the EO, NIST released the SSDF, and the Office and Management and Budget (OMB) issued Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices, requiring U.S. government agencies to only use software provided by software producers who can attest to conformance with NIST guidance.

A FedRAMP certified Third Party Assessment Organization (3PAO) assessed AWS against the 42 security tasks in the SSDF. Our attestation form is available in the Cybersecurity and Infrastructure Security Agency (CISA) Repository for Software Attestations and Artifacts for our U.S. government agency customers to access and download. Per CISA guidance, agencies are encouraged to collect the AWS attestation directly from CISA’s repository.

As always, we value your feedback and questions. Reach out to the AWS Compliance team through the Contact Us page. To learn more about our other compliance and security programs, see AWS Compliance Programs.

 
If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.

Hayley Kleeman Jung

Hayley Kleeman Jung
Hayley is a Security Assurance Manager at AWS. She leads the Software Supply Chain compliance program in the United States. Hayley holds a bachelor’s degree in International Business from Western Washington University and a customs broker license in the United States. She has over 17 years of experience in compliance, risk management, and information security.

Hazem Eldakdoky

Hazem Eldakdoky
Hazem is a Compliance Solutions Manager at AWS. He leads security engagements impacting U.S. Federal Civilian stakeholders. Before joining AWS, Hazem served as the CISO and then the DCIO for the Office of Justice Programs, U.S. DOJ. He holds a bachelor’s in Management Science and Statistics from UMD, CISSP and CGRC from ISC2, and is AWS Cloud Practitioner and ITIL Foundation certified.

The collective thoughts of the interwebz