In this blog post we show how it is possible to run an arbitrary program, script, or execute arbitrary code in reaction to changes and generally events in a PostgreSQL database.

It’s time again for another meeting with senior leadership. You know that they will ask you the hard questions, like “how do you know that your detection and response times are ‘good enough’?” You think you’re doing a good job securing the organization. You haven’t had a security incident yet. At the same time, you also know that you have no way to prove your approach to security is working. You’re reading your threat intelligence feeds.

Having multiple environments that can be dynamically configured has become akin to modern software development. This is especially true in an enterprise context where the software release cycles typically consist of separate compute environments like dev, stage and production. These environments are usually distinguished by data that drives the specific behavior of the application.

In previous blog posts, my colleagues and I have introduced and explored the Calico eBPF data plane in detail, including learning how to validate that it is configured and running correctly. If you have the time, those are still a great read; you could dive in with the Calico eBPF Data Plane Deep-Dive.

Red teaming is the practice of asking a trusted group of individuals to launch an attack on your software or your organization so that you can test how your defenses will hold up in a real-world situation. Any organization reliant on software – including banks, healthcare providers, government institutions, or logistics companies – is potentially vulnerable to cyberattacks, such as ransomware or data exfiltration.

For security teams, properly managing which users can access resources and governing the level of access those users have is about as basic as locking the door at night. Understandably then, there are thousands of options available to fine-tune or revoke access, and it’s likely that issues come up daily for most companies—if not hourly.

Elastic Security’s developer support team has recently seen a surge in reports from customers about sluggish performance in our UI. Our initial inspection of logs for troubleshooting provided some insights, but not enough for a true fix. Luckily, we have Elastic Observability and its APM capabilities to dive in deeper and look under the hood at what was really happening within Elastic Security. And, more importantly, how we could improve its performance for customers.

The latest update to the VMware Tanzu Community Edition further streamlines the path to production with the addition of Cartographer, an open source project to build and manage modern secure software supply chains.

For businesses utilising public clouds, choosing an open source platform offers considerable advantages. Open source solutions can help reduce costs, provide access to the most leading-edge enterprise-grade features, and eliminate risks such as vendor lock-in, lack of support, or long-term security maintenance.

rxdirs has provided a convenient default when setting permissions recursively. When enabled (the default prior to version 3.20.0) a promise to grant read access on a directory is extended to also include execution since quite commonly if you want to read a directory you also want to be able to list the files in the directory. However, the convenience comes with the cost of complicating security reviews since the state requested on the surface is more strict than what is actually granted.

It’s mid-morning. You’re scanning the daily news while enjoying a coffee break. You come across yet another headline broadcasting a supply chain data breach. Your heart skips a quick, almost undetectable, beat. You have the technology in the headline in your stack. You set aside your coffee and begin furiously scanning through the overwhelming number of alerts triggered across all your technologies.

A new vulnerability, CVE-2021-342 has been discovered in the Splunk indexer component, which is a commonly utilized part of the Splunk Enterprise suite. We’re going to explain the affected components, the severity of the vulnerability, mitigations you can put in place, and long-term considerations you may wish to make when using Splunk.

In recent weeks, international headlines have been dominated by the Russia-Ukraine war and its potential to escalate into cyberspace due to punishing economic sanctions by the west. On March 21st, 2022, the Biden administration released a statement calling for the public and private sector to “accelerate efforts to lock their digital doors” in light of the Russian cyber threat.

2021 marked the fifth consecutive year of record-breaking security attacks. Zero-Day attacks skyrocketed, with 66 exploits found to be in use, more than any other year on record and almost double 2020’s figure. Meanwhile, a staggering 66% of organizations have suffered at least one ransomware attack in the last year, with the average ransom payment soaring by 63% to $1.79 million (USD).

With remote and hybrid working now commonplace for organizations, many IT departments are weighing up the pros and cons of moving to a Zero Trust Network Access (ZTNA) model to replace traditional VPN, or other remote access approaches. While the benefits of moving to ZTNA are compelling: improving user experience, providing enhanced security, reducing management overhead, and increasing visibility and control, it can often be a challenge to select the best approach for your business.

Your senior leadership started stressing out about data breaches. It’s not that they haven’t worried before, but they’ve also started looking at the rising tide of data breach awareness. Specifically, they’re starting to see more new security and privacy laws passed at the state and federal levels. Now, you’ve been tasked with the very unenviable job of choosing a compliance framework, and you’re looking at the Center for Internet Security (CIS) Controls.

Huntington Beach, Calif. – March 23, 2022 – Netreo, the award-winning provider of IT infrastructure monitoring and observability solutions and one of Inc. 5000’s fastest growing companies, today announced the company has achieved Veracode Verified Team status for Netreo’s full-stack monitoring and observability suite.

As the modern world moves almost entirely online, so do the issues we used only to face in the physical world. In years gone by, security may have taken the form of a CCTV camera or a person hired to ensure customers don't steal from your premises. Well, as you can probably tell, neither of these solutions works when it comes to cybersecurity and keeping a business safe online.

Surge Protection helps prevent denial of service (DOS) attacks. Cloud 66 automatically blocks any IP address that makes more than 1,500 requests per minute to your server(s).

There’s no question that centralized identity and access management (IAM) helps companies reduce risk and prevent attacks. But, as this week’s Okta attack shows, centralized IAM doesn’t eliminate all risks. Attackers with access to IAM data can use this information to easily access downstream systems or modify permissions to grant elevated access to malicious parties.

Today, Okta, a leading enterprise identity and access management firm, reported that it had launched an inquiry after the LAPSUS$ hacking group posted screenshots on Telegram.

It was just another day in paradise. Well, it was as close to paradise as working in IT can be. Then, your boss read about another data breach and started asking questions about how well you’re managing security. Unfortunately, while you know you’re doing the day-to-day work, your documentation has fallen by the wayside. As much as people are loathed to admit it, this is where compliance can help.

Today’s global risk landscape has made digital and physical security even more complex and nuanced, especially considering major critical events like the invasion of Ukraine, which demonstrate that one massive critical event can create many others globally with far-reaching effects. These can include displacement of people, physical security threats, cyber-attacks, and other devastating impacts.

Ransomware is on everyone’s minds these days, with attacks against small businesses, hospitals, and local governments increasingly in the headlines. Managed IT service providers are experiencing a dramatic increase in attempted cyberattacks.

Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation.

When it comes to application security testing, choosing the tool best suited for the job is critical. There are so many various tools on the market that determining which one is best for your needs may be difficult. In this article, we will discuss 10 of the best testing tools and outline the features you should look for when making your decision.

Dirty Pipe vulnerability is a Linux kernel vulnerability that allows the ability of non-privileged users to overwrite read-only files. The vulnerability is due to an uninitialized “pipe_buffer.flags” variable, which overwrites any file contents in the page cache even if the file is not permitted to be written, immutable, or on a read-only mount, including CD-ROM mounts. The page cache is always writable by the kernel and writing to a pipe never checks any permissions.

Last year, we launched functionality for users to add policy for reporting data, compliance reports, promise types, and other code as modules. With CFEngine Build, users can manage and update their own policy, the default policy and any additional modules separately. This makes it very easy to utilize policy or other modules written by the CFEngine team, or other community members. In this post we will take a look at using some modules to improve the security of our infrastructure.

Many companies are looking to find a source of threat intelligence that can give them better visibility into the risks unique to their technology stack. While some may not be using threat intelligence, others may not be getting the value they could. Choosing and integrating threat intelligence sources into your cybersecurity monitoring is challenging, but you do need to keep some considerations in mind during the process.

Securing your SAP environments is critical to the operational success of your business. And SAP does a great job of trying to stay ahead of any vulnerabilities in their solutions by offering HotNews. As critical vulnerabilities are discovered, SAP weights their critical quality, declaring a level of severity and attributing a score - 10 being the most critical - along with a description and resolution of the patch.

By now, you’ve probably read loads of articles that discuss the COVID-19 pandemic’s impact on business, politics, the economy and much more.But what about SecOps? What permanent effects has COVID wrought on the way businesses secure IT assets? Let’s explore those questions by examining three key security trends that promise to endure long after the pandemic has finally receded.

2021 was a crazy year, to say the least, not only did we welcome our 2,000th customer, we announced our Series B AND Series C funding rounds, and on top of that, we launched Streamaⓒ – our in-stream data analytics pipeline. But this year, we’re going to top that! We’re eager to share that we are venturing into cybersecurity!

Financial services firms face three key network issues: maintaining compliance with an array of regulations, keeping a growing horde of financial data hungry hackers at bay, and earning the trust of users with an always-on responsive network. Financial data is so valuable, cybercriminals make getting it a top priority. And financial services networks are so interconnected and complex, there are all sorts of ways hackers can try to break in. The security threat to finance is more than bad.

From the history of supply chain security threats to security development and deployment we've covered everything you’ve always wanted to know about the software supply chain but were afraid to ask. Dan Lorenc, Founder/CEO, Chainguard, Paddy Carey, Senior Staff Engineer, Cloudsmith, Adil Leghari, Solutions Architect Manager, Cloudsmith and Dan McKinney, Developer Relations, Cloudsmith, gathered for a fireside chat to cover your most burning questions.

Struggling with the evolving cybersecurity threat landscape often means feeling one step behind cybercriminals. Interconnected cloud ecosystems expand your digital footprint, increasing the attack surface. More users, data, and devices connected to your networks mean more monitoring for cyber attacks. Detecting suspicious activity before or during the forensic investigation is how centralized log management supports cybersecurity.

Apple once ran, and caught a reasonable amount of flak for, an ad that implied Macs didn’t get viruses. The PC (John Hodgman) in the ad says there were “114,000 known viruses” for PCs in 2006, to which the Mac (Justin Long) replies, “PCs. Not Macs.” While misleading, it’s technically correct, which may have been sufficient to avoid truth-in-advertising lawsuits.

Cyber attacks present an imminent threat to our digital assets. And they come in a variety of ways, including computer viruses, Denial-of-service (DoS), hacking, ransomware, memcached. In February 2022, White House deputy national security adviser for cyber and emerging technology Anne Neuberger claimed that the Russian hackers conducted a DDoS attack on the Ukrainian banks and Ministry of Defense before their military attacks.

Microsoft Azure Sentinel is an intelligent, next-generation security information and event management (SIEM) solution designed to detect threat anomalies. Azure Sentinel is also categorized as a security orchestration automated response (SOAR) service that expedites the incident detection and event response process for cybersecurity teams. Azure Sentinel provides an extra layer of security to protect critical resources across an organization.

According to Gartner, by 2023, 60% of enterprises will phase out their VPN in favor of Zero Trust Network Access (ZTNA). In this blog, discover the four key advantages of ZTNA vs VPN. VPN (Virtual Private Network) has been the dominant solution securing remote access for users and has been considered a good solution for almost three decades. VPN benefits included keeping data secure, protecting online privacy, and reducing bandwidth throttling.

We’re proud to announce Helios has achieved SOC 2 compliance! This means our security policies and procedures have been externally audited to ensure they protect and secure our customers’ data. In a world where mishandled data could have severe consequences for organizations, it was important for us to assure our customers that their data is protected and that we continuously work to improve our posture.

It is always big news when governmental organizations are attacked. And they are attacked frequently. Hackers love headlines, which is one reason to go after high profile government targets. But the real reason hackers love governmental organizations is because that’s where the juicy data is. Even small governmental organizations hold confidential and classified information—exactly the secrets state-sponsored groups and other cybercriminals drool over.

With the exponential rise in cybercrimes in the last decade, cybersecurity for businesses is no longer an option — it’s a necessity. Fuelled by the forced shift to remote working due to the pandemic, US businesses saw an alarming 50% rise in reported cyber attacks per week from 2020 to 2021. Many companies still use outdated technologies, unclear policies, and understaffed cybersecurity teams to target digital attacks.

The pandemic undeniably accelerated trends towards hybrid and remote work. While these methods of working offer flexibility to employees, they also mean additional security challenges for Chief Security Officers (CSOs) and their teams.

The cloud is a solution that allows you to access data and documents from anywhere and from any medium whether it is a computer, a tablet or a phone. But is your data really secure? A secure cloud ensures the privacy, security and compliance of all stored data. All these aspects must be taken into account when using a cloud solution to ensure the security of your information.

Winners make good decisions fast, execute them quickly, and see higher growth rates and/or overall returns from their decisions. That’s according to a McKinsey study, ‘Decision-Making In The Age Of Urgency’. But the same study also pointed out that ineffective decision-making has significant implications for company productivity today. On average, survey respondents said they spent 37 percent of their time making decisions.

Amazon’s custom-built Graviton processor allows users to create ARM instances in the AWS public cloud, and Rancher K3s is an excellent way to run Kubernetes in these instances. By allowing a lightweight implementation of Kubernetes optimized for ARM with a single binary, K3s simplifies the cluster initialization process down to executing a simple command.

It’s that time of the year again. The annual and dreaded IT and security audit is ramping up. You just received the documentation list and need to pull everything together. You have too much real work to do, but you need to prove your compliance posture to this outsider. Using log management for compliance monitoring and documentation can make audits less stressful and time-consuming.

I recently had the pleasure of presenting a webinar with Microsoft Reactor. It was on implementing Azure Key Vault (a centralized place to manage all of your highly sensitive information on Azure). In this webinar, I share a step-by-step demonstration of how to integrate your information with the AKS cluster. The goal is to implement a solution that will allow an integration between Azure Key Vault, where I will store all my secrets; and my AKS, where I will use them.

Since joining Cribl in July, I’ve had frequent conversations with Federal teams about observability data they collect from networks and systems, and how they use and retain this data in their SIEM tool(s). Cribl LogStream’s ability to route, shape, reduce, enrich, and replay data can play an invaluable role for Federal Agencies. Over several blogs, we will walk through the power that we bring to these requirements.

Security is top of mind for many organizations—and for good reason. Recovering from a data breach is extremely costly. In fact, the average data breach costs more than $8.6 million in the US. One of the best ways to defend against cyberthreats is by adopting and implementing security automation.