When running Splunk Phantom with AWS services, it can be tricky to make sure Splunk Phantom has the right access. When you’re managing multiple AWS accounts, the effort to configure Splunk Phantom’s access to every account can feel insurmountable. Fortunately, Amazon has the Security Token Service to solve this problem with temporary credentials, so we’ve integrated it with Splunk Phantom!

It’s official: regulations by the US and UK governments are coming down the track to secure the software supply chain.

Everyone talks about creating content. But what about controlling it? In this Dogfooding Chronicle, I’ll walk you through how we updated our Content Security Policy using Discover — and how we’re keeping watch with Dashboards.

Amazon Elastic Container Service (ECS) Anywhere enables you to simply run containers in whatever location makes the most sense for your business – including on-premises. Security is a key concern for organizations shifting to the cloud. Sysdig has validated our Secure DevOps platform with ECS Anywhere, giving AWS customers the security and visibility needed to run containers confidently on the new deployment model.

King & Wood Mallesons (KWM) is among the world’s most innovative law firms and is represented by 2,400 lawyers in 28 locations across the globe. The international law firm, based in Australia, helps clients flourish in Asian markets by helping them understand and navigate local challenges and by delivering solutions that provide clients with a competitive advantage.

Since Google first introduced Kubernetes, it’s become one of the most popular DevOps platforms on the market. Unfortunately, increasingly widespread usage has made Kubernetes a growing target for hackers. To illustrate the scale of the problem, a Stackrox report found that over 90% of respondents had experienced some form of security breach in 2020. These breaches were due primarily to poorly-implemented Kubernetes security.

Developers, network specialists, system administrators, and even IT helpdesk use audit log in their jobs. It’s an integral part of maintaining security and compliance. It can even be used as a diagnostic tool for error resolution. With cybersecurity threats looming more than ever before, audit logs gained even more importance in monitoring. Before we get to how you can use audit logs for security and compliance, let’s take a moment to really understand what they are and what they can do.

Welcome to another monthly update on what’s new from Sysdig. Eid Mubarak! Our team continues to work hard to bring great new features to all of our customers, automatically and for free! Most importantly, of course, was our recent funding round! I won’t repeat all the details as you can read more about what it means here. However, we are super excited about all the new feature improvements we can fund and bring to our customers!

Understanding what to audit in a network can be chaotic and confusing. Building a complete network security checklist is crucial for organizations with computers connected to the internet or to each other. Think of it like an antivirus scan you might run on your computer to find Trojans or malware, except you’re scanning your entire network to find anything that may cripple it.

The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private networks on a Node. The kube-apiserver affected are: By exploiting the vulnerability, adversaries could be able to redirect pod traffic even though Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range.

In its mission to simplify building and running cloud-native applications for users, Amazon has announced the GA of AWS App Runner, a new purpose-built container application service. With security top of mind for most organizations shifting to the cloud, Sysdig has collaborated with AWS to enable threat detection for the new platform.

There is no doubt that a virtual RSA is not the same as catching up with colleagues and partners over great food, and of course meeting up at the W Bar. The good news is we all have or are adjusting to working remotely and we didn’t have to travel to hear what the industry luminaries think, or what our peers are saying they can do to keep the world safe.

Single sign-on (SSO) services provide a unified view into applications, logins and devices through a secure identity cloud. SSO allows users to access SaaS-based applications through one simple login process. We, at OnPage, are excited to announce that we’ve extended our integration catalog to include SSO services like Okta and OneLogin. Through a single sign-on process, OnPage enterprise-level users can access the OnPage dashboard from their Okta and OneLogin accounts.

With the quantum leap in the adoption of remote work environments, cybercriminals are turning their attention on the security vulnerabilities in these environments. On top of this, protecting remote connections is becoming increasingly difficult because hacking techniques have become more sophisticated. At ManageEngine, we’ve designed a seven-step strategy to help ensure holistic Exchange security: Detect attacks before they cause damage.

PostgreSQL monitoring with Prometheus is an easy thing to do thanks to the PostgreSQL Exporter. PostgreSQL is an open-source relational database with a powerful community behind it. It’s very popular due to its strong stability and powerful data types. In this article, you’ll learn the top 10 metrics in PostgreSQL monitoring, with alert examples, both for PostgreSQL instances in Kubernetes and AWS RDS PostgreSQL instances.

There are some marketing campaigns that just work. They resonate with their audience, they add value, they’re interesting and topical – but they’re also rare. In 2020, the MobileIron (now Ivanti) communications team launched a new campaign to tell the story of the Everywhere Enterprise (a precursor to Ivanti’s Everywhere Workplace).

Network Policy is a critical part of building a robust developer platform, but the learning curve to address complex real-world policies is not tiny. It is painful to get the YAML syntax right. There are many subtleties in the behavior of the network policy specification (e.g., default allow/deny, wildcarding, rules combination, etc.). Even an experienced Kubernetes YAML-wrangler can still easily tie their brain in knots working through an advanced network policy use case.

Over the past year, organizations worldwide have seen an increasing number of cyberattacks. Phishing and vulnerability exploits continue to be leading attack channels. The content adapts to the times (COVID-19-related phishing, for example), but the attack channels themselves are not new. Combating these attack types requires a focus on transforming security operations and response.

The HIPAA Journal reported that “2020 was the worst ever year for healthcare industry data breaches.” In the US alone, there were 642 reported data breaches in which the number of records stolen exceeded 500, and in total, nearly 29.3 million healthcare records were exposed.

Ubuntu 21.04 is the latest release of Ubuntu and comes at the mid-point between the most recent Long Term Supported (LTS) release of Ubuntu 20.04 LTS and the forthcoming 22.04 LTS release due in April 2022. This provides a good opportunity to take stock of some of the latest security features delivered in this release, on the road to 22.04 LTS. Ubuntu 21.04 brings with it a vast amount of improvements and features across a wide variety of packages.

One of the most important uses of Artificial Intelligence (AI) and Machine Learning (ML) lies in the detection and prevention of criminal activities. Today, companies are widely using AI-powered computer vision devices to predict and detect crimes ranging from frauds and theft to violence and cybercrimes. The developments in computer vision technologies enabled authorities to simplify incident reporting and crime detection more efficiently.

Protect your end user with a modern approach to application security. Learn how an observability platform can help unite IT teams.

The great Ricky Bobby from Talladega Nights once said, “If you ain’t first, you’re last.” Whether we’re talking about a NASCAR race or responding to a security alert, being able to quickly discover attacks and adversaries and respond rapidly is critically important to reducing risks and managing threats to your organization. How do we suggest you do that? With a SOAR (Security Orchestration Automation & Response) tool.

Observability is the key to solving problems quickly, and organizations use many tools to try to increase visibility in their environments so they don’t miss anything. Typical sources of observability include metrics, logs, and traces. The foundation of monitoring, metrics are predictable counts or measurements that are aggregated over a specific period of time. Timestamped records of discrete events that can store outputs from applications, systems, and services.

When it comes to malware attacks, one of the more common techniques is “living off the land” (LOtL). Utilizing standard tools or features that already exist in the target environment allows these attacks to blend into the environment and avoid detection. While these techniques can appear normal in isolation, they start looking suspicious when observed in the parent-child context. This is where the ProblemChild framework can help.

Nearly all security experts agree that event log data gives you visibility into and documentation over threats facing your environment. Even knowing this, many security professionals don’t have the time to collect, manage, and correlate log data because they don’t have the right solution. The key to security log management is to collect the correct data so your security team can get better alerts to detect, investigate, and respond to threats faster.

Uptime.com is GDPR compliant as of 2021. Becoming GDPR compliant required an organization-wide dedication to maintaining privacy and security to meet these new standards. These updates impact everything from working with support to our team logging in for work each day. Today, we’ll tackle what GDPR means to our organization, how these changes affect your usage of Uptime.com, and what we’re doing now (and into the future) to protect your personal data.

What an exciting month, with PromCon Online 2021 and KubeCon EU 2021! These presentations were full of feature announcements, live demos, and inspiring use cases. Here are our highlights of the PromCon Online 2021!

The ransomware campaign against the Colonial Pipeline highlights the dangers and real-life consequences of cyberattacks. If you want to understand how to use Splunk to find activity related to the DarkSide Ransomware, we highly recommend you first read “The DarkSide of the Ransomware Pipeline” from Splunk’s Security Strategist team. In short, according to the FBI, the actors behind this campaign are part of the “DarkSide” group.

Security has always been a wide and complex topic. A recent survey from StackRox about the state of containers and Kubernetes security provides some interesting data on these topics. In this blog post, I’ll dive into some of the findings in that survey and introduce you to Kubewarden, an open source policy engine. A staggering 66 percent of the survey participants do not feel confident enough in the security measures they have in place.

The marketplace for mobile apps is a broad and highly competitive one. There are millions of apps available on Apple’s App store, Google Play, and within private enterprise app stores. Expanding market demands continue to drive the pressure to innovate. New iOS and Android updates and mobile device releases, along with myriad apps from companies vying for their customer’s attention, are creating shorter app release cycles.

I’ve been updating some of our security documentation explaining what we do to ensure our product is suitable for the security models in regulated industries, such as finance and healthcare. Talking to our security guys, I was flabbergasted to find out that there are monitoring products out there that go against what is not only an industry best practice but also the right thing to do: agents that open and listen on fixed TCP ports!

Anybody who’s looked for answers on the Internet has likely stumbled across a “TOP X LISTS”: The “10 things famous people do every day”, “Top 10 stocks to by”, the “20 books you have to read” are just some examples of the myriad of lists that are out there offering answers. You may have even stumbled upon a few “Top 10 (or 12) Events To Monitor” articles too.

Kubernetes capacity planning is one of the main challenges that infrastructure engineers have to face, as understanding Kubernetes limits and requests is not an easy thing. You might be reserving way more resources than you need to ensure your containers don’t run out of memory, or are CPU throttled. If you are in this situation, you’re going to be charged for those resources even if they aren’t being used, and it will also make deployments more difficult to schedule.

Ivanti Federal CTO, Bill Harrod, shares his take on the recent cybersecurity Executive Order issued by President Biden.

If you have been following the news or trying to buy gas in Atlanta, you probably have already heard about the ransomware attack on one of the most important strategic pipelines in the US. 2020 saw ransomware attacks skyrocket and now 2021 seems to be following the trend. The current situation begs us to rethink how we think about our security practices and mindset. One area of security that you may have heard about is Zero Trust (ZT).

With the surge of endpoints and growing demands for access to data, public sector organizations have seen an increase in security threats since the onset of the pandemic. Against this backdrop, Elastic gathered industry leaders to learn how to manage these challenges and demands and build a path toward the future. The recent State and Local Government & Education ElasticON Public Sector event showcased the tech solutions that are delivering for constituents, faster.

Today I’m happy to share more about our partnership with Swimlane, which further reinforces our commitment to empowering security teams everywhere. Today’s security teams rely on the power of Elastic’s high-speed, cloud-scale analytics to solve their most complex and pressing security issues. Swimlane’s security automation platform provides a way for these same teams to accelerate and optimize their workflows for max efficiency and to solve SOAR use cases.

Organizations today are challenged by an increased exposure to cyber threats. Attackers often target emerging technologies since the new technology is often ill-equipped to handle an attack. Moreover, the internet has become filled with malicious links, Trojans, and viruses.

Magisk is a very sophisticated systemless rooting technique that can bypass Google's SafetyNet attestation and allow apps like Google Pay, many banking apps, and even Fortnite and Pokémon Go games to be installed on a rooted Android device. Rooting an Android device is popular to allow the user to customize and tweak their device by allowing the installation of third-party apps and tools, removavl of bloatware, and speed up the processor and network.

Fargate offers a great value proposition to AWS users: forget about virtual machines and just provision containers. Amazon will take care of the underlying hosts, so you will be able to focus on writing software instead of maintaining and upgrading a fleet of Linux instances. Fargate brings many benefits to the table, including small maintenance overhead, lower attack surface, and granular pricing. However, as any cloud asset, leaving your AWS Fargate tasks unattended can lead to nasty surprises.

We’re excited to announce Calico v3.19.0! This release includes a number of cool new features as well as bug fixes. Thank you to each one of the contributors to this release! For detailed release notes, please go here. Here are some highlights from the release…

In this, our competent blog, we boast of always giving you good advice and providing you with the technological information necessary for your life as a technologist to make sense. Today it is the case again, we will not reveal the hidden secret about the omnipotence of Control/Alt/Delete, but almost. Today in Pandora FMS blog, we give you a few tips for safe password management.

Every career has defining moments. Most are spread out over years or even decades, but the cybersecurity world has had two career-defining moments just in the past year. It started with the global shutdown due to the COVID-19 pandemic. Overnight, many organizations were forced to support employees working remotely. CISOs, like me, were expected to keep both our company and its employees safe in a completely unpredictable world.

We created our Logz.io Cloud SIEM with a clear goal: providing a rapidly deploying, flexible, and cost-effect security management tool that can serve broad datasets and withstand the occasional bursts of events without a sweat. However, our users were coming back to us with requests for more. After all, it’s great to proactively detect proliferating security threats, but what’s the next step beyond just identifying the threat?

Whether you are new to AWS or have been to every re:Invent since 2012 you may have questions about cloud security and how it impacts your valuable technology and data. In particular, you might be wondering where AWS’s security responsibilities end and where yours begin? Which parts of the cloud can you rely on Amazon’s security team and technology to keep safe and which parts must you take care of?

Despite the myriad pathways to initial access on our networks, phishing remains the single most popular technique for attackers. The open nature of email and our reliance on it for communication make it difficult for defenders to classify messages, so it is no surprise that suspicious email investigation is a top use case for automation. Today, we are releasing a new community playbook for Splunk SOAR (previously Splunk Phantom) to help enrich suspicious email events.

Protecting your applications from abuse of functionality requires understanding which application features and workflows may be misused as well as the ability to quickly identify potential threats to your services. This visibility is particularly critical in cases where an adversary finds and exploits a vulnerability—such as inadequate authentication controls—to commit fraud.

After a year of accelerated change in the federal industry, the Federal Public Sector event focused on the progress you’ve made, the trends demanding your attention, and the Elastic capabilities that continue to guide federal agencies, offices, and departments towards a search-enabled future. With a theme of Accelerate the mission.

Securing AWS Fargate serverless workloads can be tricky as AWS does not provide much detail about the internal workings. After all… it’s not your business, AWS manages the scaling of underlying resources for you. :) While the security and stability of Fargate’s system is an inherent feature, Fargate follows a shared responsibility model, where you still have to take care of securing those parts specific to your application..

Barracuda CloudGen Access, the new standard for Zero Trust remote access, and Mattermost, a messaging platform designed for enterprises with high privacy and security needs, have partnered to deliver the most rigorous remote access security for enterprise messaging. In this post we’ll look at how one next-generation investment service firm relies on the CloudGen Access and Mattermost solution to protect customer assets, personal information and corporate intellectual property.

We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer. With this new release, developers, DevOps, SREs, and platform owners get: For more information, see our official press release.

Do an exercise, ask five IT technicians -of any profile- what SNMP means.. If you’re close with them the better, so that the first thing they do is not go to Wikipedia to boast. Hopefully, they might tell you what they said to me when I was working in networks.

The future of Fintech infrastructure is hybrid multi-cloud. Using private and public cloud infrastructure at the same time allows financial institutions to optimise their CapEx and OpEx costs.

Clop Ransomware has been active since 2019 and has been mostly associated with financially-driven criminal groups. However, lately this ransomware payload has been observed in campaigns against universities and other institutions in the education vertical.