Gear up as The ITOM podcast returns with an all new episode specially tailored to help ease all your remote work woes in an IT environment. In the last episode, we discussed VPNs, their protocols, and the advantages of using a VPN in the remote work setting. Episode 1 helped set the stage for us to dive deeper into the nuances of VPN security and encryption. Encryption helps transform confidential information into cipher text or coded text for safe transit across secure VPN tunnels.

Use the HAProxy Runtime API to update SSL certificates in HAProxy without a reload. When you route traffic through an HAProxy load balancer, you gain the ability to terminate SSL at the load balancer. HAProxy encrypts communication between the client and itself and then sends the decrypted messages to your backend servers, which means less CPU work on the servers because there’s no encryption work left to do.

In this blog post, we are going to explain how to monitor Harbor container registry with Prometheus metrics. Harbor is an open-source container registry, originally developed by VMware and now under the CNCF umbrella. Although many of us typically use hosted container registries such as DockerHub, Quay, ECR, GCR, or ACR, when you need a self-hosted registry, Harbor is a great choice. Harbor provides great features such as RBAC, replication, and image scanning.

This blog series is aimed at giving defense practitioners a thorough understanding of Windows access tokens for the purposes of detection engineering. Here in Part 1, we'll cover key concepts in Windows Security. The desired outcome is to help defenders understand how access tokens work in Windows environments.

As many organizations have migrated their infrastructure, applications, and data to cloud offerings, adversaries have extended their operational capabilities in cloud environments to achieve their mission — whether that means stealing intellectual property, disrupting business operations, or holding an organization’s data for ransom.

Monitoring and compliance are, in many ways, synonymous. At the very least, there’s a big overlap in terms of defining and monitoring rulesets you care about. The time frame may vary; with monitoring, you might jump on an alert right away, as opposed to the compliance team’s quarterly audit, but the foundation remains the same. As our development cycles grow ever more dynamic, the need for automating repetitive tasks becomes all the more important.

The lines Between IT and OT are blurring. With IT and Operational Technology (OT) systems converging, ensuring the security of devices, applications, physical locations and networks has never been more difficult or more important. There is a growing recognition by security professionals that they have a readiness and visibility problem in plain sight.

The frequency and volume of ransomware attacks have increased dramatically in the past few years. Few people in the tech industry will forget the 2017 WannaCry attack, which infected over 200,000 computers in 150 countries worldwide and brought down part of the U.K.’s National Health Service, or the 2019 RobbinHood attack, which brought the Baltimore government to a standstill for nearly two weeks.

The Protection of Personal Information (POPI) Act puts South Africa’s data regulation standards on par with existing data protection laws around the world. It aims to protect personally identifiable information (PII), enforce individuals’ rights to privacy, and provide guidelines for lawfully processing sensitive information and notifying regulators and data holders in the event of a breach.

Kubernetes as a project is maturing, support has been increased from nine to 12 months, and there’s a new protocol in place to ensure a steady progress on feature development. Also, many of its new features are meant to improve the quality of life of its users, like Generic ephemeral inline volumes, or the structured logging.