Five years ago, my security reviews were full of mitigations mostly abandoned today: selinux, ddos protection, ids, etc. Not that they were bad, but cloud infrastructure and containers have matured way beyond what we could foresee back then, and we're better off.

For example, I advocated using HAProxy in AWS for better rate limiting and ip blacklisting. I even wrote a long doc on how to do it github.com/jvehent/haprox… . We never used it, mostly because scaling out is generally cheaper and simpler, then straight to cloudflare-type offerings.

Endpoint security (aka. osquery/mig/grr) makes little sense in the short-lived-immutable world we live in today. Auditing provisioning confs solves most needs. Also, systems rarely get popped, and when they do, freezing for forensics is mostly trivial.