When organizations shift to a work-from-home environment, identity and access management (IAM) takes center stage. Organizations with remote workforces must fortify their IAM policies and tools for a better user experience to ensure productivity, while also handling all the security challenges remote work presents to ensure data and system security. One of the biggest risks an organization faces when its workforce goes remote is unnecessary and unauthorized access to organizational data.

In most of our blogs, we spend a TON of time going on about protecting our endpoints, looking at sysmon, checking the firewall, correlating IDS data and the like… Today, we're going to shift gears a bit and look at security from a different angle. Recently, there has been a tremendous focus on the shifting paradigm of a workforce that primarily resides in corporate offices, to a highly virtual workforce sitting at their kitchen tables.

IT departments have experienced numerous changes in the way they manage and control user devices. Starting with the traditional CRT monitor-based computers, to modern smartphones, technological developments have been remarkable. Additionally, with the COVID-19 pandemic, employees are restricted to work from home, making the IT administration routines challenging for system administrators.

In this blog post, we’re going to explain how to monitor Open Policy Agent (OPA) Gatekeeper with Prometheus metrics. If you have deployed OPA Gatekeeper, monitoring this admission controller is as relevant as monitoring the rest of the Kubernetes control plane components, like APIserver, kubelet or controller-manager. If something breaks here, Kubernetes won’t deploy new pods in your cluster; and if it’s slow, your cluster scale performance will degrade.

This is the final blog of our three-part blog series on living-off-the-land (LOTL) attacks. If you missed last week’s blog, you can read it here. LOTL attacks are also known as “malware-free” attacks because your own tools are used against you, either to hide malicious activities under a legitimate system process, or to leverage genuine system activities for malicious purposes.

Company security usually depends on your ability to come up with a diverse set of passwords and then manage them. Remembering all of them is considered a tad too difficult for most mere mortals, so a number of password storage apps have emerged. But they too have to be secured, and ultimately results in inefficient access and flawed security. Single-sign on (SSO) is still preferred, but to make it effective, companies like Okta have to secure integration across a number of apps.

Binary classification aims to separate elements of a given dataset into two groups on the basis of some learned classification rule. It has extensive applications from security analytics, fraud detection, malware identification, and much more. Being a supervised machine learning method, binary classification relies on the presence of labeled training data that can be used as examples from which a model can learn what separates the classes.

On April 7, 2020, the San Francisco International Airport (SFO) released a notice confirming that two of its websites, SFOConnect.com and SFOConstruction.com, were targets of a cyberattack in March 2020. The attack has been attributed to a hacker group that was attempting to steal the Windows logins of the airport’s employees. When we hear news about cyberattacks, a few typical, yet crucial questions spring to mind: How did the attackers perform the cyberattack?

“As we expand, it’s critical for our team to have both a fast and automated rollout process for each customer environment. In the end, each of our user’s access experience must be identical. Rancher is one product that’s critical to that strategy.” – Jeff Klink, VP Engineering, Cloud and Security Specialist, Sera4 Security worries keep many of us awake at night – no matter our industry.

If you want to skip ahead to see the MITRE ATT&CK eval round 2 results visualized in an easy-to-configure Kibana dashboard, check it out here.