As file storage grows rapidly year after year, new challenges arise around keeping data safe and maintaining control over data storage systems. Who owns which files? Whose files take up what volume of enterprise storage? Which files have become obsolete? How many copies of a file exist, and where? Are there any stale files that contain sensitive data? These questions require up-to-date answers to ensure that business, compliance, and data security needs are easily and effectively met.

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8563) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8563 if you created a Kubernetes cluster over vSphere, and enabled vSphere as a cloud provider with logging level set to 4 or above. In that case, your vSphere user credentials will be leaked in the cloud-controller-manager‘s log.

Data security improvements can be an expensive necessity, but there are ways to make those improvements for free using your network and systems management data. While your network and systems management platform can’t replace your SIEM or IDS, making these improvements can improve your efficiency in a variety of valuable ways. If you monitor down to the individual switch port level, which we always recommend, you’ll have very granular data that can be used to spot changes in behavior.

A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even require a user to be authenticated; the user just needs to be connected to the internal network.

Security log management is the process of collecting, storing, and correlating the network data that details all activity in your systems and networks. Every action in an organization’s network generates event data, including records produced by operating systems, applications, devices, and users. The Center for Internet Security (CIS) identifies log management as a basic control for detecting malicious actors and software hiding in networks and on machines.

Security Information and Event Management (SIEM) tools focus on insights into IT environments and tracking records of all their operations. These IT environments can be application infrastructures, physical networks, and cloud networks. SIEM initially evolved from the log management discipline, which involved integrating security events with security information to collect, analyze, and report on activities in networks.