Learn how to prevent security issues and optimize containerized applications by applying a quick set of Dockerfile best practices in your image builds. If you are familiar with containerized applications and microservices, you might have realized that your services might be micro; but detecting vulnerabilities, investigating security issues, and reporting and fixing them after the deployment is making your management overhead macro.

Cloud API logs are a significant blind spot for many organizations and often factor into large-scale, publicly announced data breaches. They pose several challenges to security teams: For all of these reasons, cloud API logs are resistant to conventional threat detection and hunting techniques.

When the Domain Name System (DNS) was created in 1983 I imagine its creator Paul Mockapetris and his team had no idea that nearly 40 years later our interconnected world would be so reliant on the very simple, but critical, DNS network service. I have a love-hate relationship with DNS. I love all of the memes I see about how “It’s always DNS”, but I hate that it’s also true—I always forget to check that DNS is working correctly when troubleshooting network issues!

Recently, Leon kicked this sharing process off sharing what he has seen in the support queue. I read it, applaud it, and have more tips to share. As Leon mentioned, and you may have seen the banner on THWACK and other notifications regarding this, the digital signing certificate is being revoked on March 8, 2021. This means if you haven’t upgraded to get the new certificate before then, you’re probably going to run into issues running your Orion module(s) installation.

Microsoft Azure provides a suite of cloud computing services that allow organizations across every industry to deploy, manage, and monitor full-scale web applications. As you expand your Azure-based applications, securing the full scope of your cloud resources becomes an increasingly complex task. Azure platform logs record the who, what, when, and where of all user-performed and service account activity within your Azure environment.

Insider threats are becoming a growing concern across different industries. Most coverage goes to outside attacks, especially when it comes to big corporations and government agencies. However, internal security is something organizations need to take very seriously to avoid irreparable damages. Not many enterprises can afford internal threat detection programs. However, they can definitely adopt proactive measures to avoid them, especially when it comes to sensitive systems and data.

As you might imagine, it’s a bit of a busy time here at SolarWinds HQ. There is A LOT going on, not the least of which is encouraging our customers to upgrade before March 8. (Why March 8? Keep reading and I’ll explain in a moment.) First, I want to emphasize the important part of that sentence: “encouraging our customers to upgrade before March 8.”

The SolarWinds exploits have been widely reported, fully covered, and basically as we would say in Aussie – Done to Death Mate. But some of the info got me thinking, especially this article from my buddies at Microsoft which gives some great background and flows for that how the attacks were actually working. I’ve been working with Ivanti Application Control – formerly AppSense Application Manager for over 17 years.

Passwords are dying. The cost of creating and maintaining passwords is becoming untenable. Which can be seen in the rise of users logging in with social products and developers outsourcing their pain to Auth0 and the likes. We decided to sidestep the password based authentication and went passwordless on our new product. Read on to see how you can go passwordless too.

You must secure your software supply chain. Now, more than ever, it is vital. For a long time, a primary concern in security was malicious actors exploiting inherent weaknesses in software. Privilege escalations, SQL injections, race conditions etc. These are, of course, still a concern and should be afforded the attention that they deserve. But now, there is another worry, one that is arguably even more important – A Supply Chain Attack.