Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we explore the possibilities and challenges of a passwordless era.

In the first part of this blog series, we saw a brief overview of what a security operations center (SOC) is and how it operates. In this part, we’ll take a look at the typical activities that SOC analysts carry out every day to protect their organization from constantly evolving cyber threats and the skill sets that come in handy in effectively carrying out their duties.

As Werner Vogels says: “Everything fails all the time.” Data is the new oil. We rely on it not only to make decisions but to operate as a business in general. Data loss can lead to significant financial consequences and damaged reputation. In this article, you can find ten actionable methods to protect your most valuable resources.

Companies worldwide these days make use of DevOps with a view to attain better profit and progress. Despite its increased use, DevOps can lead to higher risks if not properly handled. There should be an integration of security and development process form the beginning in order to have a risk-free progress. The entire organization will be at risk if proper security check is not practiced in each stage, as cyberattacks are increasing each day.

The 2021 Secure Consumer Cyber Report provides one of the industry’s most comprehensive studies about the shift in consumer behavior as a result of increased work-from-home initiatives. With the influx of unsecured personal devices and high-risk employee behavior, what does the threat landscape look like today? The newly released report found that, with the dramatic increase in remote work due to the pandemic, the threat to enterprise data is higher than ever.

Generally speaking, CFEngine and Ansible can be used to solve the same problems, but their approaches are different. In this blog post I’d like to discuss the different approaches, their consequences, some advantages of each tool, and even using them together.

When it comes to your SIEM, your data is only as useful as your ability to ingest and analyze it. To solve complex security problems, your team ideally needs the ability to comprehensively monitor events within your environment with contextual insights from high-volume data sources.

In this quick guide for cybersecurity professionals, we’ve invited some of our favourite security experts who have previously worked with Metasploit to explain why this tool is so valuable for conducting effective penetration tests and network reconnaissance tasks. Our first expert Michael Roninson, Security Expert at Cerber Tech gives a brief overview of this tool and how to use it in his response below;

Today, I’m excited to announce the contribution of the sysdig kernel module, eBPF probe, and libraries to the Cloud Native Computing Foundation. The source code of these components will move into the Falco organization and be hosted in the falcosecurity github repository. These components are at the base of Falco, the CNCF tool for runtime security and de facto standard for threat detection in the cloud.

Your continuous integration (CI) pipelines are at the core of the change management process for your applications. When set up correctly, the CI pipeline can automate many manual tasks to ensure that your application and the environments it runs in are consistent and repeatable. This pipeline can be an integral part of your security strategy if you use it to scan applications, containers, and infrastructure configuration for vulnerabilities.

More than 52% of organizations now offer their employees, contractors and frontline workers the ability to work securely from any endpoint of their choice. This modern workplace includes diverse endpoints such as iOS, macOS, Android, Windows 10 devices, as well as other immersive and rugged devices such as HoloLens, Oculus, Zebra and more - and IT teams need a scalable solution to secure and manage them.

With the Defense Department’s quick and successful pivot to a remote workforce last Spring via its Commercial Virtual Remote (CVR) environment, it proved that the future to fully operate from anywhere in the world is now. Gone are the days of thousands of civilian employees heading into the Pentagon or other installations everyday. However, with this new disparate workforce comes increased risks for network security. As my colleague Bill Wright expertly noted last Summer.

Welcome to another monthly update on what’s new from Sysdig. Our team continues to work hard to bring great new features to all of our customers, automatically and for free! We hope you all managed to make it through January, and happy Lunar New Year! February welcomes the launch of our always-popular fourth annual Sysdig Container Security and Usage report, which looks at how global Sysdig customers of all sizes and industries are using and securing container environments.

Image vulnerability scanning is a critical first line of defense for security with containers and Kubernetes. Today, Red Hat recognized Sysdig as a certified Red Hat security partner based on our work to standardize on Red Hat’s published security data with Sysdig Secure.

The sheer number of cyberattacks launched against organizations every year is massive and growing. If you’re a security analyst working in a SOC or security team, tasked with defending your organization, that means you’re getting bombarded by many more attacks than the recorded numbers above would suggest. These attacks translate into security alerts — fired from your various security tools — that you must investigate and resolve.

In this blog in the “IT security under attack” series, we wanted to shed some light on an unfamiliar and seldom discussed topic in IT security: the default, out-of-the-box configurations in IT environments that may be putting your network and users at risk. Default settings, and why the initial configuration is not the most secure.

2020 was a year of tremendous dejection and disruption. Imagine if you had told your organization’s upper management that they had to switch their 10,000 or 20,000 strong corporate office to the virtual world back in January 2020. They would have flipped. Despite all the fear and loss that 2020 brought, we capitalized on the opportunities. And even a year later, there are still possibilities galore.

Admission controllers are a powerful Kubernetes-native feature that helps you define and customize what is allowed to run on your cluster. As watchdogs, they can control what’s going into your cluster. They can manage deployments requesting too many resources, enforce pod security policies, and even block vulnerable images from being deployed. In this article, you’ll learn what admission controllers are in Kubernetes and how their webhooks can be used to implement image scanning.

Picture the scene. It’s 9am on a cold, wet, January Sunday morning in 2015 and I’m trudging up Merrion Street in Leeds. Recently made redundant, I’m on my way to a coffee shop that I’m desperately hoping is open. Am I a coffee aficionado desperate for a fix? Am I getting pumped for a gym session? Do I just enjoy walks in the rain? No. I’m on my way to a job interview.

Security information and event management (SIEM) systems are centralized logging platforms that enable security teams to analyze event data in real time for early detection of targeted cyber attacks and data breaches. A SIEM is used as a tool to collect, store, investigate, and report on log data for threat detection, incident response, forensics, and regulatory compliance.

The recent news of a cyberattack on a water treatment plant carried out by a remote perpetrator came as a shock to organizations around the world. Earlier this month, an unauthorized threat actor had remotely accessed the plant’s control systems via TeamViewer and used it to increase the amount of sodium hydroxide (lye) in water to dangerously higher levels.

Security is an essential part of any modern IT foundation, whether in smaller shops or at enterprise-scale. It used to be sufficient to implement rules-based software to defend against malicious actors, but those malicious actors are not standing still. Just as every aspect of IT has become more sophisticated, attackers have continued to innovate as well. Building more and more rules-based software to detect security events means you are always one step behind in an unsustainable fight.

We are excited to introduce Calico Cloud, a pay-as-you-go SaaS platform for Kubernetes security and observability. With Calico Cloud, users only pay for services consumed and are billed monthly, getting immediate value without upfront investment.

According to the Association of Certified Fraud Examiners, the money lost by businesses to fraudsters amounts to over $3.5 trillion each year. The ACFE's 2016 Report to the Nations on Occupational Fraud and Abuse states that proactive data monitoring and analysis is among the most effective anti-fraud controls.

When building cloud-based systems and serverless systems, in particular, it’s crucial to stay on top of things. Your infrastructure will be miles away from you and not a device you hold in your hands like when you build a frontend. That’s why adding a monitoring solution to your stack, which offers a pre-configured serverless failure detection, should be one of the first decisions.

We’ve all been watching closely as the Solarwinds hack, known as SUNBURST, gets its due analysis. This attack was sophisticated and rightfully should concern any company. Companies are now — or should be — considering not only what products they are using but to what attack vectors those products are exposed that unduly extend attack surfaces. Solarwinds makes great products — I’ve used them for years.

cf-remote is a tool for downloading and installing/deploying CFEngine. It automates a lot of the things you have to do before CFEngine is actually installed on your infrastructure, such as provisioning cloud instances, downloading CFEngine installers, copying them to remote hosts and installing / bootstrapping. To make it as easy as possible to get started with cf-remote and CFEngine, it is now available on pypi.

The first two posts in our compliance blog series focused on managing compliance through automation. In this third post, we take a step back to explore a more foundational — but no less important — topic: What’s the difference between compliance and security? Is compliant infrastructure secure infrastructure? People often talk about compliance and security as though they’re one and the same.

Zero Trust security. Some would say it’s the latest and greatest buzzword and this disposition is understandable given the amount of jargon introduced into the Information Technology market each year. With vernacular being used interchangeably like “AI,” “Machine Learning,” and “Deep Learning,” these words get stripped of their real significance.

If you care about your website, show it some love this Valentine’s Day. RapidSpike is there, like Fred from First Dates, to keep the spark alive. We will be your relationship counsellor through the tough times with your website, from downtime to Magecart style attacks, and even the occasional website launch! They say healthy relationships are built around the pillars of trust, communication and passion.

It’s a question we hear often - how to use Flowmon to block an attack? Flowmon is not an inline appliance to stand in the path of inbound traffic, so we partner with 3rd party vendors who supply equipment like firewalls or unified security gateways. In this post, I’m going to show you how to instruct Fortinet’s firewall FortiGate via Flowmon ADS to block traffic in response to a detected anomaly or attack.

Runtime security for Azure Kubernetes Service (AKS) environments requires putting controls in place to detect unexpected and malicious behavior across your applications, infrastructure, and cloud environment. Runtime threats include things like: Even if you’re taking advantage of tools like container image vulnerability scanning, Kubernetes pod security policies, and Kubernetes network policies with AKS, not every risk will be addressed.

SolarWinds' widely-used Orion IT platform has been the subject of a supply-chain compromise by an unidentified threat actor. The attack was discovered in December 2020, but it appears to have begun in March 2020 when the attacker used trojan malware to open a backdoor on SolarWinds customers around the world.

Every Java developer should follow coding standards and best practices to develop secure Java code. It is critical your code is not vulnerable to exploits or malicious attacks. In recent times, even big organizations like eBay, the CIA, and the IRS have fallen victim to vulnerabilities in their applications that have been discovered and exploited by attackers. The following guidelines provide a solid foundation for writing secure Java code and applications.

As Kubernetes adoption continues to grow, Kubernetes audit logs are a critical information source to incorporate in your Kubernetes security strategy. It allows security and DevOps teams to have full visibility into all events happening inside the cluster. The Kubernetes audit logging feature was introduced in Kubernetes 1.11.

The 9th February marks Safer Internet Day; a day to recognize the dangers of the internet and the need to be kinder online. But it’s not just each other we have to fear on the internet. You’ve probably heard the talk – online hackers finding their way into your website without you knowing. Spambots corrupting your Google Analytics website data. Online viruses bringing your whole website to its knees. But this is just 1% of the threats that your website faces on a daily basis.

You may have noticed the VMware Tanzu team talking and writing a lot about container security lately, which is no accident. As DevOps and Kubernetes adoption continue their exponential growth in the enterprise, securing container workloads consistently is among the most difficult challenges associated with that transformation. There is a term we have been seeing—and using—a lot lately that encompasses a new way of looking at container security for Kubernetes: DevSecOps.

Management thinks that letting folks from WidgetCo log into widgetco.ourapp.com will really help make the sale. It seems harmless enough. But using a custom subdomain like this can open WidgetCo up to potential security issues. In this article, Julien Cretel introduces us to Subdomain Takeover attacks and discusses ways we can mitigate them.

A few lines of code in your website’s header can make or break your security and your customer’s trust. We know how important that is to you, so at RapidSpike we’re here to empower you with data, protecting your website from the top down, and today we’re talking about the very top — your homepage header and its precious metadata.

Introducing: An industry-first application security solution that marries security and performance insights to drastically simplify vulnerability management and protect your business from attacks.

As a security analyst on Elastic’s InfoSec team, a common scenario we see is users coming to our team and asking: “Is this file safe to open?” Or one user reports a phishing email with an attachment that they didn’t open, but we see from the logs that 10 other users also received that email but didn’t report it and no alerts went off on their systems.

The defense evasion category inside MITRE ATT&CK covers several techniques an attacker can use to avoid getting caught. Familiarizing yourself with these techniques will help secure your infrastructure. MITRE ATT&CK is a comprehensive knowledge base that analyzes all of the tactics, techniques, and procedures (TTPs) that advanced threat actors could possibly use in their attacks. Rather than a compliance standard, it is a framework that serves as a foundation for threat models and methodologies.

In the mid of December, SolarWinds disclosed that the company experienced a highly sophisticated, manual supply chain attack on versions of the Orion network monitoring product released in March – June 2020. The company shared that the attack was most likely conducted by foreign hackers and intended to be narrow, remarkably targeted, and manually executed attack.

On Tuesday, January 26, 2021, Apple released version 14.4 of its iOS, iPadOS, and tvOS products that included patches for three security vulnerabilities that affect iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation, as well as Apple TV.

Splunk Phantom 4.10 introduced many new enhancements, including the ability to develop playbooks in Python 3. In fact, Python 3 is now the default for Splunk Phantom playbooks. In doing so, we needed to create two different “playbook runners” to ensure we could continue to support playbooks written in Python 2.7 while also supporting Python 3.

Elastic moved from an open source license for Elasticsearch and Kibana to a “source available” (aka closed source) license. It was supposed to shut down SaaS companies, but what does it mean for Managed Security Service Providers? Managed Security Service Providers, or MSSPs, are a growing segment in the security business. These firms specialize in deploying security infrastructure, aggregating monitoring and event data, and proactively hunting threats.

We are excited to announce that CFEngine is now using GitHub Discussions. GitHub Discussions is a feature of GitHub repos, and similar to Q&A platforms like Stack Overflow, and other online forums. After testing it out for a few weeks we are pleased with how it works and want to encourage all our users to try it.

At Ivanti, our highest priority is our customer. With that in mind, I thought it would be a good idea to share some research that my team and I have found valuable as we have migrated through the COVID period. The two pieces of Gartner research, highlighted below and linked to on our landing page below, really hit home at Ivanti so we wanted to share them with all of you.

Organizations lose billions of dollars to fraud each year. For instance, the financial services sector projects losses to reach $40 billion per year in the next 5-7 years unless financial institutions, merchants, and consumers become more diligent about fraud detection and prevention. Splunk delivers integrated enterprise fraud management software that quickly defines behavior patterns and protects enterprise information from malicious actors.

Ubuntu has evolved a lot since its early beginnings as an easier-to-use derivative of Debian that catered primarily to the nascent Linux desktop market. Today Ubuntu is deployed beyond just your laptops at home and in the office. Nowadays you are more likely to find Ubuntu in the cloud, powering some of the world’s best known enterprises and running on various IoT devices out in the field.