The trinity of ‘developer experience + security standards + operational efficiency’ is greater than the sum of its parts. We call it ‘ergonomic cybersecurity’.
v2.30 of DiscrimiNAT Firewall for egress filtering is now Generally Available.
Key improvements include support for Post-Quantum Cryptography #PQC TLS handshake.
AWS release notes: https://chasersystems.com/docs/discriminat/aws/release-notes/
GCP release notes: https://chasersystems.com/docs/discriminat/gcp/release-notes/
Sponsoring the local #Rust meetup in #Cambridge is way we bring the community together a few times a year. Follow the event page at https://www.meetup.com/cambridge-rust-meetup/ and https://mastodon.social/@cambridgerust here.
Rust has played a critical role in the cloud security solutions we ship in terms of speed, stability & safety.
What data do coding agents send, and where to?
Our report seeks to answer some of our questions for seven of the most popular agentic code editors and plugins. By intercepting and analysing their network flows across a set of standardised tasks, we aim to gain insight into the behaviour, privacy implications, and telemetry patterns of these tools in real-world scenarios. Incidentally, a side-effect was running into OWASP LLM07:2025 System Prompt Leakage for three of the chosen coding agents. You can see the system prompts in the appendix.
https://chasersystems.com/blog/what-data-do-coding-agents-send-and-where-to/
Looking at us-east-1 this morning like... 👀
We're giving away 1,000 of our "It's always DNS" stickers and sticky-notes to decorate your laptops and monitors! Just fill in the linked form below and we'll get it mailed directly to you, wherever you are in the world. You can even grab some for the rest of your team!
Welcome to the team Lucas Pye! Lucas is joining us as an intern until mid-September and is researching what telemetry is gathered from developer machines by various popular agentic coding tools. When he's not intercepting #egress traffic you can find him climbing in the Peak District or his local gym.
(screenshot of MitMed Cursor)
TLS ECH (formerly ESNI) is an emerging threat in traffic observability.
Learn about what it is, its background and original purpose, and how to disable it in controlled environments - especially Chrome and headless Chrome in the linked solution article:
https://chasersystems.com/blog/disabling-encrypted-clienthello-in-google-chrome-and-why/
Our founder @new23d's talk accepted for @fwdcloudsec at Denver in June on AWS IAM Roles Anywhere with ACME-enabled PKI certs distribution (using Let's Encrypt Staging)
Videos will be available on YouTube later and we'll post an update when they are.
We make it easier for you to enable an outbound network traffic firewall in full allowlist enforcement mode -- with discovery, dry run and micro-segmentation.
Available on AWS and GCP. Search for DiscrimiNAT Firewall in your cloud web console.
Wildcards are now GA from us for network egress on GCP.
Took time to develop since we didn't want the solution to be trivially bypassable with SNI Spoofing [1] or cause interruptions to your traffic intermittently with false positives (as is the case with known issue FWAAS-1501 of Palo Alto [2]). The mechanism under the hood is truly patent worthy!
The integration with GCP has always been such that it mimics a built-in feature with use of Network Tags, Firewall Rules and Logs Explorer 😎. It is stateless, CIS-hardened, upgrades seamlessly, and you can see the full comparison [3] for more info on multi-protocol support, low TTL DNS handling, etc.
It also has a non-blocking monitoring mode to discover what you need to allow, and a dry-run mode to test rules before enforcement.
Search for DiscrimiNAT Firewall in GCP Console to get started or for links to our Terraform modules and website for docs, etc.
Any questions, just drop an email to devsecops at chasersystems dot com. We love to answer tricky questions and demo how our firewall checks more than just the hostname in client-settable headers!
Safe egressing 🤞
[1b] https://x.com/nullenc0de/status/1159805999332638720
[2] https://docs.paloaltonetworks.com/cloud-ngfw-aws/release-notes/cloud-ngfw-known-issues
[3] https://chasersystems.com/discriminat/comparison/gcp-ngfw-standard/
