Heaven on Earth would be a world with no outages. No slow load times. No failed switches or routers. No bandwidth issues. Just peace and quiet. But if nothing were to go wrong on a daily basis, what would IT pros spend their time doing? Outages make up a large part of an IT pro’s job. Monitoring networks and finding the source of outages can be time-consuming and take away effort from other tasks.

Here at Splunk, when we discuss Splunk Phantom with customers we end up talking about phishing pretty frequently because it’s something like Olivia outlined in a recent blog post, "Between Two Alerts: Phishing Emails — Don’t Get Reeled In!", customers both encounter and talk to us about all the time. It makes a lot of sense — phishing is a super common issue that almost everyone deals with ad nauseum and it’s annoying to investigate.

Protecting your identity is becoming more and more difficult. Though many people don’t stop to consider it, even the most minor conveniences can go hand in hand with an incredible amount of privacy loss. For example, Amazon recently debuted new hand scanners in stores in Seattle where you can scan your palm to make a purchase.

This article contains useful tips to implement SOC 2 compliance for containers and Kubernetes. The Service Organization Controls (SOC) reports are the primary way that service organizations provide evidence of how effective their controls are for finance (SOC 1) or securing customer data (SOC 2, SOC 3). These reports are issued by the American Institute of Certified Public Accountants (AICPA).

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8566) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8566 if you created a Kubernetes cluster using ceph cluster as storage class, with logging level set to four or above in kube-controller-manager. In that case, your ceph user credentials will be leaked in the cloud-controller-manager‘s log.

“My job here at Atlassian is to commit crimes and then write very, very detailed confession letters – metaphorically speaking.” Meet Alex: an engineer on our security intelligence team with a wry wit and a penchant for pop-color hair. Less metaphorically speaking, the team’s job (our red team, in particular) is to hack Atlassian’s systems exactly as real attackers would.

Every year brings new opportunities for federal IT professionals to reduce risk by addressing threats—both existing and emerging—with new tools, technologies, and tactics. This year has proven to be a little different, with the emergence of COVID-19 forcing federal agencies to make the jump to remote work. Although the world at large is currently working from home, bad actors from criminals to nation-state actors are still working, too.

Developers at Airbnb, BBC, Netflix, and Nike all share something in common: They’re using serverless computing to ship new products and features faster than ever. And they represent a growing trend. As businesses compete to quickly deliver customer value, a whopping 60% of enterprises have already adopted, or are planning to use, serverless architectures.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. With the rising concern over cyberattacks in the distributed workforce, this week we explore the concept of cybersecurity incident response during a pandemic.