It feels like cybersecurity is dominating the newsfeeds, doesn’t it? There is a reason. Cyberattacks and cybercrime have risen dramatically in the last five years. 2020 broke all records in terms of data loss and the number of cyberattacks. Between 2019 and 2020 ransomware attacks alone rose by 62%, the same year that the World Economic Forum identified cyberattacks and data theft as two of the biggest risks to the global economy.

Business leaders today are being pushed toward the rapid adoption of technology, especially in the wake of the COVID-19 pandemic – so much so that the term ‘digital transformation’ became a major trend. While tech is vital to the success of forward-thinking companies, many investments made in the name of digital transformation are revealed to be purchases that were “technology for the sake of technology”.

We are pleased to announce two new patch releases for CFEngine, version 3.15.5 and 3.18.1! These releases mainly contain bug fixes and dependency updates.

Today, NinjaOne, a unified IT operations platform for MSPs and IT departments, has introduced new image backup capabilities to Ninja Data Protection, the company’s natively developed backup and disaster recovery solution. Additionally, the company is now offering Ninja Protect, a new bundled security product with BitDefender to improve users cybersecurity standards and resist ransomware.

In this episode of the Stream Life Podcast, Nick Heudecker and Ed Bailey look at SaaS security platforms and managed security providers and how they’ve grown over time. They look at the benefits the model brings to organizations, how it is growing across the world, the challenges it can also bring, and the questions you should be asking your vendors.

Serverless reduces a lot of operational burdens, but a ������������ ������������������������ is still your responsibility 🔐 From web threats, over IAM principles to auditing and monitoring.

With the release of build.cfengine.com, I have been working to migrate some of our own security related policy into modules of their own. CFEngine Build and the cfbs tooling allows us to organize policy into modules, which are easy to update independently and share with other users. Let’s take the scenic route and look at what life is like with cfbs. One of our security policies requires that the password hashing algorithm in /etc/login.defs is set to SHA512.

We’re thrilled to announce that Frost & Sullivan has awarded the 2021 Asia-Pacific Company of the Year Award for secure remote access to Pulse Secure (acquired by Ivanti). In determining awards, Frost & Sullivan “applies a rigorous analytical process” that includes “detailed evaluation of best practices criteria.”

As the number of connected gadgets in our homes, offices, and industrial networks continues to grow exponentially, keeping IoT devices secure has become a vital part of our everyday lives. However, our webcams, printers, and smart plugs often lack security features due to their fast time to market, making them particularly vulnerable to attack. And because security metrics themselves can be tricky to assess, tracking IoT device security is increasingly a challenge.

A single Kubernetes cluster expends a small percentage of its total available assigned resources on delivering in-cluster networking. We don’t have to be satisfied with this, though—achieving the lowest possible overhead can provide significant cost savings and performance improvements if you are running network-intensive workloads.

Kubernetes dominates the container orchestration market in every way. According to the latest State of Kubernetes and Container Security study, 88% of enterprises utilise Kubernetes to manage a portion of their container workloads. Kubernetes and other orchestration systems have given software deployment and management a new level of robustness and customization. They also brought attention to the current security landscape's shortcomings.

Within an organization, the Network Operations Center (NOC) and Security Operations Center (SOC) teams need to work together to maintain optimal network performance in addition to ensuring both overall security and the availability of IT services for business lines. In the past, these two teams were focused on two separate objectives, using different tools to do so and often running specific processes.

We’re pleased to announce that N-able™ Mail Assure has received a top result in an independent test conducted by the Virus Bulletin, an industry-renowned test laboratory and an important reference for specialists and businesses concerned with computer security. So, what exactly is this test and how did Mail Assure achieve such a great score?

General Data Protection Regulation (GDPR). Most of us remember the months and weeks leading up to the deadline. We did whatever needed to be done to achieve compliance. Now it seems like a distant memory. And the pressure is mostly off. But in other ways, it was just the beginning. As you continue creating your day-to-day compliance strategy, you might find that the tactics that got you to the finish line were more short-term solutions that won’t necessarily stand long-term.

For our latest expert interview on our blog, we’ve welcomed Babak Pasdar to share his thoughts on the topic of cybersecurity and his journey as the CTO of Acreto. Babak Pasdar is a globally recognized innovator, cybersecurity expert, author, and entrepreneur best known for his multiple innovations in the area of cloud security.

This is the second blog post (part 1 available here) where we look at the history of open source identity management. This post focuses on Oauth and OpenID, the protocols currently used in modern applications and services. This post does not cover the technical details of the open source identity management standards, which are explained very well in this Okta blog post. Rather, it explains the origins of Oauth and OpenID, and provides insights on the context that led to their creation.

In August 2016, the United States government announced a new federal source-code policy, which mandates that at least 20% of custom source code developed by or for any agency of the federal government must be released as open-source software (OSS). The memo of this policy also states that the Federal Government spends more than $6 billion each year on software through more than 42,000 transactions. Obviously, this is a huge business for all open-source developers.

Session Replay enables you to replay in a video-like format how users interact with your website to help you understand behavioral patterns and save time troubleshooting. Visibility into user sessions, however, can risk exposing sensitive data and raise privacy concerns. For example, a user session may include typing in a credit card or social security number into an input field.

Have you ever wondered how a site was designed and how the ideas were conceptualized into a webpage? If your answer is yes, you are in the right place! In this post, I will show you our journey to create our latest web page, CFEngine Build. From start to finish, how did we do the design and make the design decisions? So without further delay, let’s jump straight in!

Coming into the new school year, school IT leaders are experiencing many of the same challenges that other industries have faced since transitioning to remote and hybrid models. Most notably, an ever-growing number of devices, SaaS applications, and hybrid- or multi-cloud environments has strained a largely decentralized approach to IT management that simply can’t keep up with the demands of a modern organization.

Nowadays, staff in organizations are required to access multiple applications in their infrastructure. This can lead to the user having to manage multiple login credentials and passwords. There are many solutions available that provide a single sign-on (SSO) capability — such as Okta, LDAP, and Active Directory — which is becoming common practice across businesses.

In the domain of cyber threat response, there’s a critical resource that every organization is desperately seeking to maximize: time. It’s not like today’s DevOps teams aren’t already ruthlessly focused on optimizing their work to unlock the greater potential of their human talent. Ensuring your organization to identify and address production issues faster – and increase focus on innovation – is the primary reason why Logz.io and its observability platform exist.

It’s that time again; we’re really happy to announce Calico v3.21! As always, thank you to everyone who contributed to this release! For detailed release notes, please go here. Alongside the usual-but-essential bug fixes and other improvements, there are some big new improvements to be aware of.

Cloud-native transformations come with many security and troubleshooting challenges. Real-time intrusion detection and the prevention of continuously evolving threats is challenging for cloud-native applications in Kubernetes. Due to the ephemeral nature of pods, it is difficult to determine source or destination endpoints and limit their blast radius. Traditional perimeter-based firewalls are not ideal fit for Kubernetes and containers.

Checkly has released a change to the way API keys are created and managed. In the past, API keys were account-scoped. These account-scoped keys have full access rights to your Checkly account and no accountability to which user is using the key. When we originally built Checkly, we made it a tool to enable individual developers to quickly and easily set up browser and API checks. We help ensure your web applications are up and running and send alerts when something goes wrong.

Ransomware continues to be a costly and growing problem. According to Infosecurity Magazine, the number of ransomware attacks grew 288% between the first and second quarters of 2021. Cybersecurity Ventures estimated a ransomware attack occurs every 11 seconds, Cybercrime Magazine reports. The resulting price tag from ransomware is truly staggering.

Even if an organization has developed a governance team, aligning integration decisions with business needs must be incorporated into the zero trust architecture. The company’s business model drives the applications chosen. The senior leadership team needs someone who can translate technology risks and apply them to business risks. For example, security might be an organization’s differentiator.

The world has changed since I started out on a help desk in Colorado 25 years ago. In those long ago years, a company’s desktop machines actually lived under the desks of many in the organization (and often doubled as a foot warmer!) and configuration was done machine by machine manually, or maybe even by some script that was created to run at login if we were lucky. If there were laptops in use by the business users, they were a lot less mobile and rarer than in today’s business world...

There are “good” hackers. They call themselves security analysts and some even devote their time to working for the common good. They investigate possible vulnerabilities in public and known applications, and when they find a possible security flaw that could endanger the users of those applications, they report that vulnerability to the software manufacturer. There is no reward, they are not paid for it, they do it to make the world safer.

We’ve all become more security conscious online with password protection being one of the biggest problems when it comes to potential malicious threats to our personal data. As we start using more and more websites and applications, the need to have unique passwords for each one becomes a goliath task.

Intel and Canonical collaborate to build and publish OpenVINO™ container images based on the Ubuntu ecosystem. This work aims to provide trusted, secure, and developer-friendly container images for AI/ML applications in many industries.

You only have to read regular news reports about the multiple outages across household names in banking and financial services, resulting in customers being unable to access their bank accounts, to know that cyber security resilience has never been more important and is on every organization’s radar. The threat of regulatory action, heavy fines, and the potential loss of banking licenses is very real.

Ransomware experienced a stunning surge in prevalence and sophistication throughout the pandemic. Threat actors capitalized on a frequently shaky transition to a remote, digital business landscape. With so many businesses prioritizing basic functionality over proactive security, vulnerabilities have been unprecedented – and very much exploited.

CIS Benchmarks are best practices for the secure configuration of a target system. The Center for Internet Security, Inc. (CIS®) is the authority backing CIS Benchmarks. Ubuntu Pro is entitled to be CIS compliant and packaged with CIS toolings from Canonical. Let’s SSH into your Ubuntu Pro virtual machine. If you haven’t yet upgrade your Ubuntu LTS to Ubuntu Pro, please follow this tutorial.

Few computing concepts are as ubiquitous as identity and access management. There isn’t a single day that goes by without us being asked for credentials, passwords or pin codes. Yet very few know the origins and the evolution of the technologies behind them. This is the first of two blog posts where we will look at the history of open-source identity management. We will cover the main open-source protocols and standards that shaped it, from its origins to the modern days.

The capacity to scale and process high data traffic by monitoring appliances is a critical requirement for organizations aiming to enhance or improve their security and protection from external threats. Excessive incoming traffic demands high-monitoring capabilities as it overwhelms the monitoring tools and places computational bounds that increase exponentially.

In this article, we will explore why it is imperative to constantly monitor network security metrics, what Aruba Clearpass is, and how it helps us manage network security. Then we will look at what Graphite and Grafana are and how to analyze metrics with their help. Finally, we will learn how MetricFire can make it easier for us to work with Graphite and Grafana.

Are you not a little curious? Even a little bit, right under your chin or your temple about how they deal with privacy policies in other countries? Aren’t you? Well, surprise! Today, in Pandora FMS blog, we are going to get it out of our system by discussing how they do it, how they deal with the protection of international data and privacy, in at least three countries outside the European Community.

Within distributed applications, data moves across many loosely connected endpoints, microservices, and teams, making it difficult to know when services are storing—or inadvertently leaking—sensitive data. This is especially true for governance, risk management, and compliance (GRC) or other security teams working for enterprises in highly regulated industries, such as healthcare, banking, insurance, and financial services.

With the Calico 3.10 release, Dynamic Packet Capture is available in Dynamic Service Graph. This means users who require self-service, live troubleshooting for microservices and Kubernetes workloads can capture and evaluate traffic packets on endpoints without writing a single line of code or using any 3rd-party troubleshooting tools. Users don’t need to learn about or have knowledge of kubectl or YAML to troubleshoot their microservices and Kubernetes cluster.

In this blog post, I will be talking about label standard and best practices for Kubernetes security. This is a common area where I see organizations struggle to define the set of labels required to meet their security requirements. My advice is to always start with a hierarchical security design that is capable of achieving your enterprise security and compliance requirements, then define your label standard in alignment with your design.

The best way to be sure that you keep a secret is not to know it in the first place. Managing secrets is a notoriously difficult engineering problem. Across our industry, secrets are stored in a bewildering variety of secure (and sometimes notoriously insecure) systems of varying complexity. Engineers are often trying to balance the least worst set of tradeoffs. At Honeycomb, we asked: What if we didn’t need to know your secrets to begin with?

In this guide, we are covering the facts that you need to know in order to prepare your business to tick off the necessary boxes required to meet CMMC compliance.

Earlier this year, we hinted at what we were working on - a place for users to find and share reusable modules for CFEngine. Today, the CFEngine team is pleased to announce the launch of CFEngine Build: The new website, build.cfengine.com, allows you to browse for modules, and gives you information about how to use each one of them. When you’ve found the module you were looking for, it can be downloaded and built using the command line tooling.

The future of healthcare is personalized, joined services shaped by actionable insights. That relies on building secure digital health services that customers can trust. Cyberattacks are getting more sophisticated and harder to detect, and the damage to businesses and their reputations can be difficult to recover from. Although security is complex, resources can be scarce. Getting the best return on investment is crucial to balance protecting customer data with safeguarding service delivery.

It’s official: since the outbreak of the COVID-19 pandemic, cybercrime has increased by 600%. Among these, ransomware attacks are estimated to cost $6 trillion in 2021 alone. And there were nearly 550,000 ransomware attacks per day in 2020. The question is: are your workloads secure enough? In this blog, we will discuss how to make your Open Source workloads more secure in one second.