Security

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Bridging Data and DevOps: Is Your DevOps Incomplete?

Mar 16, 2021 By John Welch In SolarWinds

DevOps has great potential; when it’s done right, it offers organizations improved collaboration, quick innovation, better quality, and shorter delivery cycles. But the reality is that some businesses don’t carry the DevOps process through to the data layer.

Read Post

SolarWinds

Read more about Bridging Data and DevOps: Is Your DevOps Incomplete?

Detecting Cobalt Strike with memory signatures

Mar 16, 2021 By Joe Desimone In Elastic

At Elastic Security, we approach the challenge of threat detection with various methods. Traditionally, we have focused on machine learning models and behaviors. These two methods are powerful because they can detect never-before-seen malware. Historically, we’ve felt that signatures are too easily evaded, but we also recognize that ease of evasion is only one of many factors to consider.

Read Post

Elastic

Read more about Detecting Cobalt Strike with memory signatures

ECS Fargate threat modeling

Mar 16, 2021 By Kaizhe Huang In Sysdig

AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With AWS Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing. In short, users offload the virtual machines management to AWS while focusing on task management.

Read Post

Sysdig

Read more about ECS Fargate threat modeling

Enhance API security with Apigee and Cloud Armor

Mar 15, 2021 By Google Operations In Google Operations

APIs are great tools since they provide developers a simplified way to consume data and functionality that resides in backend systems. However, they are targets for malicious attacks because they contain business-critical information. In this video, we demo how Google Cloud can help you better secure your APIs with Apigee and Cloud Armor. Watch to learn how these tools offer security at multiple levels for your APIs!

View Video

Google Operations

Read more about Enhance API security with Apigee and Cloud Armor

Kubernetes Master Class: Declarative Security with Rancher, KubeLinter, and StackRox

Mar 15, 2021 By Rancher In Rancher

As companies adopt containers and Kubernetes to accelerate application development, they’re wrestling with securing this new attack surface. Fortunately, the declarative, immutable nature of Kubernetes environments provides inherent security opportunities, and Kubernetes itself offers a broad set of native controls. However, these protections are not enabled by default, and many organizations are learning both the infrastructure aspects and the security aspects of Kubernetes in parallel.

View Video

Rancher

Read more about Kubernetes Master Class: Declarative Security with Rancher, KubeLinter, and StackRox

Running commands securely in containers with Amazon ECS Exec and Sysdig

Mar 15, 2021 By Alejandro Villanueva In Sysdig

Today, AWS announced the general availability of Amazon ECS Exec, a powerful feature to allow developers to run commands inside their ECS containers. Amazon Elastic Container Service (ECS) is a fully managed container orchestration service by Amazon Web Services. ECS allows you to organize and operate container resources on the AWS cloud, and allows you to mix Amazon EC2 and AWS Fargate workloads for high scalability.

Read Post

Sysdig

Read more about Running commands securely in containers with Amazon ECS Exec and Sysdig

Enabling Secure Access for the Federal Government - Meeting Comply to Connect Mandates

Mar 15, 2021 By Abdi Saeedabadi In Ivanti

Government IT organizations must demonstrate and maintain compliance with a large and growing number of regulations and standards around network access control (NAC), ensuring that all connected devices to their environment are not vulnerable is a key requirement. Comply to connect (C2C) simplifies this by enforcing that patches and hardened configurations are applied to devices before they connect and updated continually.

Read Post

Ivanti

Read more about Enabling Secure Access for the Federal Government - Meeting Comply to Connect Mandates

Five worthy reads: Understanding quantum computing and its impact on cybersecurity

Mar 12, 2021 By General In ManageEngine

Five worthy reads is a regular column on five noteworthy items we discovered while researching trending and timeless topics. In this week’s edition, let’s explore how quantum computing works and how it impacts cybersecurity.

Read Post

ManageEngine

Read more about Five worthy reads: Understanding quantum computing and its impact on cybersecurity

Visual Link Analysis with Splunk: Part 4 - How is this Pudding Connected?

Mar 12, 2021 By Andrew Morris In Splunk

I thought my last blog, Visual Link Analysis with Splunk: Part 3 - Tying Up Loose Ends, about fraud detection using link analysis would be the end of this topic for now. Surprise, this is part 4 of visual link analysis. Previously (for those who need a refresher) I wanted to use Splunk Cloud to show me all the links in my data in my really big data set. I wanted to see all the fraud rings that I didn’t know about. I was happy with my success in using link analysis for fraud detection.

Read Post

Splunk

Read more about Visual Link Analysis with Splunk: Part 4 - How is this Pudding Connected?

Everything you need to know about the Malwarebytes hack

Mar 12, 2021 By Gerald Pajo In StatusCake

We’ve all become more conscious of the risk of online scammers and hackers, especially since we put more and more of our personal information into websites and apps on a daily basis. We’ve become more knowledgeable on the likes of data protection through EU regulations like GDPR and learned about how we “drop” cookies as we surf the web.

Read Post