It’s becoming increasingly harder to manage the volume of threats coming into enterprise networks as attackers become more sophisticated, the threat landscape expands and enterprises continue to adopt modern applications at cloud scale.

Most software and systems generate audit logs. They are a means to examine what activities have occurred on the system and are typically used for diagnostic performance and error correction. System Administrators, network engineers, developers, and help desk personnel all use this data to aid them in their jobs and maintain system stability. Audit logs have also taken on new importance for cybersecurity and are often the basis of forensic analysis, security analysis, and criminal prosecution.

Security is a key consideration for any organization seeking to standardize and scale their cloud-native platforms. Falco, the behavioral activity monitoring tool from Sysdig, is becoming a popular option for open source container runtime security on cloud-native platforms built using Kubernetes, Cloud Foundry, and OpenShift.

Performing a security risk assessment has become an economic and functional necessity in the digital economy. Cyber-threats and many of the legal and operational aspects of data-handling now constitute as much of a challenge to enterprise success as effective marketing, and continuous service delivery.

In part 5, we looked at auditing your network device logs. A decade ago, security professionals were primarily concerned about network perimeter and endpoint security. While those concerns are still valid, technological advancements have created new scenarios that need to be addressed.

Recent news has broken about a group of hackers which appears to be operating out of Russia. The group, dubbed “Silence,” is believed to be involved in the theft of over $800,000 from multiple Russian and Eastern European financial institutions. However, what is particularly notable about this group is they seem to count at least one former cyber security professional among their number.

2017 was supposed to be the year of the Internet of Things (IoT)—the year that this highly-touted technology matured and started producing tangible results for organizations. However, the last 12 months have left advocates of IoT frustrated. A report from Cisco claims that close to 75 percent of all IoT projects fail, and IoT as a buzzword has been replaced by the likes of artificial intelligence and blockchain. This disheartening news paints a grim picture for IoT.

Few things put more fear into the hearts of IT departments than the thought of a massive cyber attack — and for good reason. In 2017, the average cost of security breaches for U.S. organizations was estimated at $3.5 million. But it’s not all about the money. In addition to the financial burden caused by cyber attacks, the loss of client trust and credibility post-breach can be extremely difficult to bounce back from.

Anyone trying to access resources in your network needs to interact with your network devices: firewalls, routers, switches, and IDS/IPSs. Each of these devices generate syslogs that contain important security information and must be audited to gain complete visibility into the activities occurring in your network. Most SIEM solutions, including our own Log360, can collect and analyze syslogs in real time and instantly alert security teams if any security event of interest occurs.

At SURFsara we use CFEngine on our National Compute Cluster (LISA) and other systems as our configuration management tool. With the release of CFEngine 3.12 I want to highlight 2 new features, namely: missing_ok, multiple augments.