Security

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

LDAP authentication with Sensu Go: troubleshooting & tips (Part 2)

Jun 14, 2021 By Jef Spaleta In Sensu

Sensu creator and Developer Advocate Todd Campbell recently wrote about using LDAP authentication for single-sign on (SSO) with Sensu Go. That post provided a great overview of Sensu authentication and included some useful LDAP troubleshooting tips. In this post, we'll focus on the Sensu LDAP implementation and explore how SSO/LDAP users are linked to RBAC "profiles" (i.e. Roles and ClusterRoles). We'll also demonstrate how Sensu supports multiple LDAP providers thanks to its groups_prefix feature.

Read Post

Sensu

Read more about LDAP authentication with Sensu Go: troubleshooting & tips (Part 2)

3 Work-From-Anywhere IT Security Pressures

Jun 12, 2021 By Teneo In Teneo

The rate of change in IT is faster than ever. Several trends are helping organizations with their IT initiatives including anywhere operations, cloud adoption, and Internet of Things (IoT). Unfortunately, these trends are causing three major IT security pressures. In this short video, we look at these major IT security challenges and discuss how Teneo’s Work-From-Anywhere solution can help with these fast pace initiatives in today’s changing world. #TeneoGrp

View Video

Teneo

Read more about 3 Work-From-Anywhere IT Security Pressures

Five worthy reads: Confidential computing - The way forward in cloud security

Jun 11, 2021 By General In ManageEngine

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In light of rising concerns over cloud cybersecurity, this week we explore the concept of confidential computing. The past year has seen strong adoption of cloud technologies due to accelerated digital transformation and a cloud-first approach in business.

Read Post

ManageEngine

Read more about Five worthy reads: Confidential computing - The way forward in cloud security

Completing the security testing automation cycle

Jun 11, 2021 By Oliver Moradov In CircleCI

DevOps, DevSecOps and CI/CD are synonymous with one word - automation. Automating their workflows gives developers the ability to deliver consistency, time savings, and useful insights into their software development life cycle (SDLC). But automation is only as efficient as your weakest link or most cumbersome bottleneck, which can sometimes be security testing. Security testing has traditionally been carried out either manually or quite late in the process.

Read Post

CircleCI

Read more about Completing the security testing automation cycle

Threats targeting Kubernetes and Defences

Jun 11, 2021 By Tigera In Tigera

Attackers are continuously evolving their techniques to target Kubernetes. They are actively using Kubernetes and Docker functionality in addition to traditional attack surfaces to compromise, gain required privileges and add a backdoor entry to the clusters. A combination of Kubernetes security and observability tools is required to ensure the cloud infrastructure monitoring and lockdown and to enable DevSecOps teams with the right tools for the job.

View Video

Tigera

Read more about Threats targeting Kubernetes and Defences

Securing Kubernetes workloads at Discover Financial Services

Jun 11, 2021 By Tigera In Tigera

It’s a daunting task starting down the path to securing your workloads running on Kubernetes in the Cloud. There are no shortages of vendors with great tools in the Cloud security space. There is a multitude of domains that must be accounted for, along with internal challenges in bringing an organization along into new ways of thinking. This talk will focus on Discover’s Cloud security journey, with an overview of how the program has evolved over the last 4 years, key capabilities & concepts that have been embraced and challenges faced.

View Video

Tigera

Read more about Securing Kubernetes workloads at Discover Financial Services

Applying policy as code in the modern cloud-ready enterprise: Graeme Hay, Morgan Stanley

Jun 11, 2021 By Tigera In Tigera

Join us as we look at the advantages, but also the practical challenges, of applying modern, policy-as-code ("PaC") approaches in a modern cloud-ready enterprise. This talk will show how Morgan Stanley is drawing upon years of experience in its own proprietary implementation of PaC in its approach to embracing today's ideas. We will look at a diverse set of considerations from GitOps as a method to applying PaC in modern software development and deployment to enforcement of best practices and compliance in the Cloud.

View Video

Tigera

Read more about Applying policy as code in the modern cloud-ready enterprise: Graeme Hay, Morgan Stanley

The Crossroad of Security & Observability in Kubernetes: A Fireside Chat

Jun 11, 2021 By Tigera In Tigera

Security as an afterthought is no longer an option and must be deeply embedded in the design and implementation of the products that will be running in the cloud. It is increasingly more critical for many security teams to be almost, if not equally, knowledgeable of the emerging and rapidly evolving technology. Join Manish Sampat from Tigera, as explores the topic in detail with Stan Lee from Paypal.

View Video

Tigera

Read more about The Crossroad of Security & Observability in Kubernetes: A Fireside Chat

Observations from the field: Best Practices for Securing your Kubernetes Clusters

Jun 11, 2021 By Tigera In Tigera

Security is critical for your Kubernetes-based applications. Join this session to learn about the security features and best practices for safeguarding your Kubernetes environments.

View Video

Tigera

Read more about Observations from the field: Best Practices for Securing your Kubernetes Clusters

Upgrading DevSecOps with compliance automation - Bryan Langston, Mirantis

Jun 11, 2021 By Tigera In Tigera

Compliance automation is a commonly overlooked area of Kubernetes observability. The question is: how do you automate compliance to a security framework that isn’t well understood by DevSecOps teams to begin with? This lack of understanding contributes to mismanaged compliance efforts and in a worst-case scenario, audit exposures and organizational risk. This talk will walk through an example of how to 1) map compliance controls to specific Kubernetes technical configuration 2) automate the assessment of those controls 3) visualize the assessment results. DevSecOps teams will better understand how to incorporate compliance automation alongside security automation.

View Video