Protecting your data, and that of your clients, should be central to all of your business practices. Customers entrust companies with often very sensitive data, and it should be used and stored safely. Cyber security should be a priority in companies of any size, but when you’re a small business without a big security budget, how do you keep yourself protected?

Just as we were getting ready to launch our Data Breach Monitor, we heard the unfortunate news that fellow Yorkshire based business Vision Direct had suffered a malware attack, which resulted in the loss of financial data of around 6,600 customers. So we asked ourselves, could we have detected the same attack using our new monitor? The only way to find out was to infect a website and see what would happen…

Over the past four years we’ve helped hundreds of organizations run reliable, secure, and compliant Kubernetes and Openshift clusters. Some of the key themes we’ve seen from organizations that have successfully grown their Kubernetes footprint are: they have immaculate labeling, understand how to leverage internal Kubernetes features to harden their platform, and understand what developers need access to and manage it with RBAC and namespaces.

Container security orchestration allows to define within your security policy how you are going to respond to your different container security incidents. These responses can be automated in what is called security playbooks. This way, you can define and orchestrate multiple workflows involving different software both for sourcing and responding. This is how Falco and Splunk Phantom can be integrated together to do this.

While you’re likely familiar with role-based access control, Sysdig teams introduce the concept of service-based access control. With service-based access control, administrators can define groups of users that have access to policy events, policy configuration, and scanning data limited to a service or set of services, as defined by your orchestration system (think Kubernetes, Mesos, and the like).

Remember that time Mom told you that the internet is a dangerous place? No? Well, she did, but you weren’t listening. Jokes aside, we can probably all agree that there are many potential security risks in web services, with all their APIs and user-contributed content. Yet, the internet is what defines our digital age, and barely any piece of technology can do without. In the midst of this insecurity, Rust came along with its memory safety and zero-cost abstractions.

So, you’ve done your homework, you’ve clearly defined business requirements, and you’ve decided to implement a SIEM solution into your organization. However, before you set out on this adventure there are a quite a few questions to consider.

One of the most common security use cases, is the ability to identify connections generated by malicious actors, or internal components connecting to suspicious servers (e.g malware C&Cs). In this post, we will show how to leverage the Falco engine, to identify connections made to IPs that were flagged by multiple security sensors, and are streamed as a feed to the Falco engine.

In my previous post, we looked at how event correlation can be used to deal with advanced persistent threats (APTs). The thing is, an APT is just one ugly face of a much larger epidemic: the data breach. In this blog, we examine this larger problem and the role of event correlation in securing sensitive data.