An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Cloud Security in Cybersecurity.
Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.
- Cloud Security Alliance Research
- Datadog Security Labs
- Elastic Security Labs
- Google Project Zero
- Microsoft Security Response Center
- Orca Research Pod
- Rapid7 Research
- Sysdig Threat Research
- Team Nautilus by Aqua Security
- Unit 42 by Palo Alto Networks
- Wiz Cloud Threat Landscape
These are vendors with publicly traded stocks. The links lead to a vendor's website, LinkedIn company page and the stock price on Yahoo! Finance.
- Check Point | LinkedIn | CHKP
- Cisco | LinkedIn | CSCO
- CloudFlare | LinkedIn | NET
- CrowdStrike | LinkedIn | CRWD
- CyberArk | LinkedIn | CYBR
- Datadog | LinkedIn | DDOG
- Fortinet | LinkedIn | FTNT
- Palo Alto Networks | LinkedIn | PANW
- Qualys | LinkedIn | QLYS
- Radware | LinkedIn | RDWR
- SentinelOne | LinkedIn | S
- Tenable | LinkedIn | TENB
- Varonis | LinkedIn | VRNS
- Zscaler | LinkedIn | ZS
Venture-funded companies
- AccuKnox | LinkedIn | Crunchbase
- Aikido | LinkedIn | Crunchbase
- Aqua Security | LinkedIn | Crunchbase
- ARMO | LinkedIn | Crunchbase
- Arnica | LinkedIn | Crunchbase
- Astrix | LinkedIn | Crunchbase
- Avalor | LinkedIn | Crunchbase
- Bright Security | LinkedIn | Crunchbase
- Chainloop | LinkedIn | Crunchbase
- Clutch | LinkedIn | Crunchbase
- Coalfire | LinkedIn | Crunchbase
- Curity | LinkedIn | Crunchbase
- Cyera | LinkedIn | Crunchbase
- Cyscale | LinkedIn | Crunchbase
- Cyware | LinkedIn | Crunchbase
- Darktrace | LinkedIn | Crunchbase
- Deepfence | LinkedIn | Crunchbase
- Deepsource | LinkedIn | Crunchbase
- Eureka Security | LinkedIn | Crunchbase
- Endor Labs | LinkedIn | Crunchbase
- Entro | LinkedIn | Crunchbase
- Gem Security | LinkedIn | Crunchbase
- GitGuardian | LinkedIn | Crunchbase
- Grip Security | LinkedIn | Crunchbase
- Hunters | LinkedIn | Crunchbase
- JupiterOne | LinkedIn | Crunchbase
- Kloudle | LinkedIn | Crunchbase
- Lacework | LinkedIn | Crunchbase
- Lightlytics | LinkedIn | Crunchbase
- Lineaje | LinkedIn | Crunchbase
- Matano | LinkedIn | Crunchbase
- Metomic | LinkedIn | Crunchbase
- Netwrix | LinkedIn | Crunchbase
- Normalyze | LinkedIn | Crunchbase
- Noq | LinkedIn | Crunchbase
- OASIS Security | LinkedIn | Crunchbase
- OpenRaven | Linkedin | Crunchbase
- Orca Security | LinkedIn | Crunchbase
- OpsHelm | LinkedIn | Crunchbase
- Query | LinkedIn | Crunchbase
- Pangea | Linkedin | Crunchbase
- Permiso | LinkedIn | Crunchbase
- PingSafe | LinkedIn | Crunchbase
- Plerion | LinkedIn | Crunchbase
- Prevasio | LinkedIn | Crunchbase
- Rapid7 | Linkedin | Crunchbase
- Runecast | LinkedIn | Crunchbase
- RunReveal | LinkedIn | Crunchbase
- Salt Security | LinkedIn | Crunchbase
- SecureDawn | LinkedIn | Crunchbase
- Seemplicity | LinkedIn | Crunchbase
- Sentra | LinkedIn | Crunchbase
- Scrut Automation | LinkedIn | Crunchbase
- Slauth | LinkedIn | Crunchbase
- Snyk | LinkedIn | Crunchbase
- Sonar | LinkedIn | Crunchbase
- Sonrai Security | LinkedIn | Crunchbase
- Sophos | LinkedIn | Crunchbase
- Soveren | LinkedIn | Crunchbase
- Spyderbat | LinkedIn | Crunchbase
- StrongDM | LinkedIn | Crunchbase
- Sweet Security | Linkedin | Crunchbase
- Tigera | LinkedIn | Crunchbase
- Tines | LinkedIn | Crunchbase
- Torq | LinkedIn | Crunchbase
- Trellix | LinkedIn | Crunchbase
- Twingate | LinkedIn | Crunchbase
- UpGuard | LinkedIn | Crunchbase
- Upwind | LinkedIn | Crunchbase
- Wazuh | LinkedIn | Crunchbase
- Wiz | LinkedIn | Crunchbase
- Accurics | LinkedIn | Crunchbase --> acquired by Tenable
- Bionic | LinkedIn | Crunchbase --> acquired by Crowdstrike
- Bit Discovery | LinkedIn | Crunchbase --> acquired by Tenable
- Cider Security | LinkedIn | Crunchbase --> acquired by Palo Alto Networks
- [Cymptom] | LinkedIn | Crunchbase--> acquired by Tenable
- Dig Security | LinkedIn | Crunchbase --> acquired by Palo Alto Networks
- Ermetic | LinkedIn | Crunchbase --> acquired by Tenable
- Flawcheck | Crunchbase --> acquired by Tenable
- Gem Security | LinkedIn | Crunchbase --> acquired by Wiz
- Isovalent | LinkedIn | Crunchbase --> acquired by Cisco
- Laminar | LinkedIn | Crunchbase --> acquired by Rubrik
- Lightspin | LinkedIn | Crunchbase --> acquired by Cisco
- Mandiant | LinkedIn | Crunchbase --> acquired by Google
- Raftt | LinkedIn | Crunchbase --> acquired by Wiz
- Robust Intelligence | LinkedIn | Crunchbase --> acquired by Cisco
- Sinefa | LinkedIn | Crunchbase --> acquired by Palo Alto Networks
- Spera | LinkedIn | Crunchbase --> acquired by Okta
- Zycada Networks | LinkedIn | Crunchbase --> acquired by Palo Alto Networks
Ordered by date (descending)
- Talon, $825M - Dec 2023
- Dig Security, $350M - Dec 2023
- Zycada Networks, undisclosed - April 2023
- Cider Security, $198M - Dec 2022
- Expanse, $797M - Dec 2020
- Crypsis, $228M - Sept 2020
- Cloudgenix, $403M - April 2020
- Sinefa, $44M - Nov 2020
- Aporeto, $144M - Dec 2019
- Twistlock, $378M - July 2019
- Demisto, $474M - March 2019
- RedLock, $158M - Oct 2018
- Secdo, $83M - April 2018
- Evident.io, $293M - March 2018
- Cyvera, $178M - April 2014
- Bridgecrew, $157M - March 2021
- Aporeto, $144M - Dec 2019
- Lightcyber, $103M - Feb 2017
- Deep Factor - August 2024
- Isovalent - December 2023 blog post
- Oort - July 2023 blog
- Robust Intelligence - August 2024 blog post
includes only security-related acquisitions Ordered by date (descending)
- Sqreen - February 2021 press release
- Seekret - April 2022 press release
- Hdiv Security - May 2022 press release
Ordered by date (descending)
- Ermetic, $265M - Sept 2023
- Bit Discovery, $44.5M - April 2022
- Cymptom, undisclosed - Feb 2022
- Accurics, $160M - Sept 2021
- FlawCheck, undisclosed - Oct 2016
Ordered by date (descending)
- Gem Security, undisclosed - April 2024
- Rafft, undisclosed - December 2023
Native security products offered by the major cloud platforms (AWS, GCP, Azure)
- AWS Shared Responsibility Model
- GCP Shared responsibilities and shared fate on Google Cloud
- Azure Shared Responsibility in the cloud
- DigitalOcean Shared Responsibliity Model
- AWS Cloud Security
- Amazon Detective
- Amazon GuardDuty
- Amazon Security Lake
- AWS Artifact
- AWS Audit Manager
- AWS Config
- AWS Security Hub
- AWS Trusted Advisor
- Altimeter
- AWS Firewall Factory
- BloodHound
- Cartography
- Chainloop
- Checkov
- Cilium
- Cloudbeat
- Cloudquery
- CloudSploit
- DefectDojo
- Falco
- Fix Inventory
- Gapps
- Greenbone OpenVAS Scanner
- KubeArmor
- KubeScape
- Magpie
- Prowler
- S3Scanner
- Sadcloud
- ScoutSuite
- Steampipe
- tfsec
- ThreatMapper
- trivy
- Wazuh
- ZeusCloud
- AI-SPM - AI Security Posture Management
- ASPM - Application Security Posture Management
- CAASM - Cyber Asset Attack Surface Management
- CASB - Cloud Access Security Brokers
- CCO - Corporate Compliance and Oversight
- CDR - Cloud Detection and Response
- CIEM - Cloud Infrastructure Entitlement Management
- CNAPP - Cloud-native Application Protection Platform
- CSPM - Cloud Security Posture Management
- CWPP - Cloud Workload Protection Platform
- CTEM - Continuous Threat Exposure Management
- DSPM - Data Security Posture Management
- EDR - Endpoint Detection and Response
- GRC - Governance, Risk and Compliance
- IGA - Identity Governance Administration
- ITDR - Identity Threat Detection and Response
- KSPM - Kubernetes Security Posture Management
- MDR - Managed Detection and Response
- PAM - Privileged Access Management
- SIEM - Security Information and Event Management
- SOAR - Security Orchestration, Automation and Response
- SOC - Security Operations Center
- XDR - Extended Detection and Response
- XSIAM - Extended Security Intelligence and Automation Management
- Nextdoor CSPM Evaluation Matrix GitHub
- Simple CSPM - GCP CSPM using Google Sheets GitHub
- Prisma Cloud Channel Resource GitHub
- What is eBPF? eBPF Docs
- Building a Security Graph Application on Amazon Neptune GitHub
- CloudSecList by Marco Lancini
- Frankly Speaking by Frank Wang
- Securing the Cloud by Brandon Carroll
- tl;dr sec by Clint Gibler
- Venture in Security by Ross Haleliuk
- Brakeing Down Security
- CISO Tradecraft
- CyberWire Daily
- Darknet Diaries
- Google Cloud Security Podcast
- Hacking Humans
- Malicious Life
- Risky Business
- Security Now
- Smashing Security
- Privacy, Security, & OSINT Show
- Social-Engineer Podcast
- Unsupervised Learning
- CIS Benchmarks List
- CIS AWS Benchmarks
- CIS Google Cloud Computing Platform Benchmarks
- CIS Microsoft Azure Benchmarks
- CIS Oracle Cloud Benchmark
- ISO 27001/27002
- NIST Security and Privacy Controls for Information Systems and Organizations
- NIS 2
- System and Organization Controls (SOC)
- Chaos Communication Congress
- DEF CON
- GrrCon
- Hackers on Planet Earth (HOPE)
- HushCon
- Nullcon
- OWASP
- Security BSides
- ShmooCon
- THOTCON
- ToorCon
- Wild West Hackin' Fest
- AWS re:Invent
- Billington Cybersecurity Summit
- Black Hat
- Cyber Security & Cloud Expo
- Cybersec Europe
- Cybersecurity Summit
- CyberTech Global
- Deutscher IT Security Congress
- fwd:cloudsec
- FS-ISAC Summit
- Gartner Security & Risk Management Summit
- Infosecurity Europe
- Interop Tokyo
- IOT Solutions World Congress
- ISACA North America Conference
- it-sa
- RSA Conference
- SANS Cyber Threat Intelligence Summit
- Sector