In the past 24 hours, funding website GiveSendGo has reported that they’ve been the victim of a DDOS attack, in response to the politically charged debate about funding for vaccine skeptics. The GiveSendGo DDOS is the latest in a long line of political cyberattacks that have relied on the DDOS mechanism as a form of political activism. There were millions of these attacks in 2021 alone.

First-generation security solutions for cloud-native applications have been failing because they apply a legacy mindset where the focus is on vulnerability scanning instead of a holistic approach to threat detection, threat prevention, and remediation. Given that the attack surface of modern applications is much larger than in traditional apps, security teams are struggling to keep up and we’ve seen a spike in breaches.

We hosted a webinar a few weeks back on using Cribl LogStream to make your security operations more scalable, efficient, and cost-effective. The turnout was fantastic and, while we answered most of the audience’s questions live, we couldn’t get to all of them. So I’ll go through the questions we couldn’t get to and offer some answers. Along the way, I’ll also share the results of two polling questions we asked during the webinar.

The Log4Shell (CVE-2021-44228) zero day vulnerability in the Java logging framework Log4j (versions 2.0 to 2.14.1) was revealed on December 9, 2021. The Apache Foundation assigned the maximum CVSS score of 10 to Log4Shell, as millions of servers and potentially, billions of devices came under risk. Security professionals around the world began patching the vulnerability, and scanning their systems to rule out any potential breach.

The state of cybersecurity today is, in a word, catastrophic. Breaches have become endemic. Not only do they continue at dizzying rates, but they are actually increasing in frequency by the month. Why are things so bad? And why do businesses seem so helpless to make them better? Those are complicated questions without simple answers, of course – but I believe that a major part of the answer has to do with the fact that, at most organizations, security remains the domain of elite security teams.

With security now a critical “must have” for DevOps teams, JFrog significantly deepened and extended our platform’s already solid security capabilities in 2021. In this post, we’ll look back at our major advances last year – and look forward at what’s to come in 2022.