Amazon Web Services provides its users with the ability to create temporary credentials via the use of AWS Security Token Service (AWS STS). These temporary credentials work pretty much in the same manner like permanent credentials created from AWS IAM Service. There are however two differences.

Governance, risk, and compliance (GRC) are major inhibitors for organizations moving to the cloud—and for good reason. Cloud environments are complex, and even a single misconfigured security group can result in a serious data breach. In fact, asset misconfigurations were the leading cause of cloud security breaches in 2019. This puts a lot of pressure on developer and operations teams to properly secure their services and maintain regulatory compliance.

Discover what registry scanning is, how it helps with shifting security left, and how you can implement it using Harbor and Sysdig. Shifting security left is all about moving security to the earliest possible moment in the development process, dramatically improving “time to fix” and security impact. In this article, we’re going to show you how to shift left with Harbor registry and Sysdig Secure.

The year 2020 has seen various changes throughout the world but no change has seen more of an impact than the Corona-virus. During this epidemic, workers from all industries have moved from a traditional office-based role to WFH (Working From Home). It’s known as a business transforms it brings new risks associated with it. New and emerging technologies and the practices they involve require operational, policy and security measures to be implemented and evolved over time.

2020 keeps on proving the old adage, “It gets worse before it gets better.” We still seem to be in the “worse” stage. If you’ve been paying attention to the news—and I don’t blame you if you’ve been taking a break for sanity’s sake—you might have noticed (in addition to the reports about the pandemic and social issues) hacks and general security breaches have been ramping up.

Isn’t all logging pretty much the same? Logs appear by default, like magic, without any further intervention by teams other than simply starting a system… right?

In this blog, I will walk you through the process of configuring both Filebeat and Zeek (formerly known as Bro), which will enable you to perform analytics on Zeek data using Elastic Security. The default configuration for Filebeat and its modules work for many environments; however, you may find a need to customize settings specific to your environment.

Learning how to monitor etcd is of vital importance when running Kubernetes in production. Monitoring etcd will let you validate that the service performs as expected, while detecting and troubleshooting issues that could take your entire infrastructure down. Keep reading to learn how you can collect the most important metrics from etcd and use them to monitor this service. etcd is a foundational component of the Kubernetes control plane.

Microsegmentation is a security technique that is used to isolate workloads from one another. Microsegmentation limits the blast radius of a data breach by making network security more granular. Should a breach occur, the damage is confined to the affected segment. Application workloads have evolved over time – starting from bare metal, to a mix of on-prem and cloud virtual machines and containers.

A couple of years ago, I wrote about why you don’t need a blockchain. Blockchain is one long transaction log that always gets written to and is never backed up. It’s a ledger, more or less, with some math. And while distributed ledgers can be useful for some scenarios, I’m here today to say you still don’t need a blockchain. What turns a distributed ledger into a blockchain is cryptography for creating a digital signature to reduce the risk of data tampering.