What is your New Year’s resolution for 2022? Well, it is that time of year again! My resolutions are not necessarily new, but a continuation of several that I have made in prior years. Eat healthier foods, lose weight, and save money are the ones that immediately come to mind. Another best practice that I started several years ago was to adopt a passwordless authentication initiative for all my internet connected personal devices.

Security compliance is the new black. Everyone is talking about it. Everyone is writing about it. Hopefully everyone is doing something about it, but it's a big lift for organizations. Compliance can mean adhering to departmental and company standards; it can mean well-defined regulatory standards like HIPAA, GDPR, and others. Compliance can mean adopting a standardized set of recommended protocols for cyber security. If compliance isn't on your radar right now, it should be.

Most of us have visited a hotel at some point in our lives. We arrive at reception, if we request a room, they give us a key; if we are going to visit a guest, they lead us to the waiting room as a visitor; if we are going to have dinner at their restaurant, they label us as a customer; or if we attend a conference on technology, we go to their conference room.

This is the final summary of our 2021 security hardening holiday calendar. We wanted to provide educational, useful, and actionable security advice, and we’re really pleased with the reception! Thank you for reading and following along.

If you have access to the internet, it’s likely that you have already heard of the critical vulnerability in the Log4j library. A zero-day vulnerability in the Java library Log4j, with the assigned CVE code of CVE-2021-44228, has been disclosed by Chen Zhaojun, a security researcher in the Alibaba Cloud Security team. It’s got people worried—and with good reason.

Netreo enjoyed a tremendous year, and we are all exceedingly grateful for our outstanding customers. May you, your colleagues, family and friends enjoy a healthy and happy holiday season filled with laughter, warmth and joy. We know our success is based on your success, so without further ado, let’s take a look at how our 2021 highlights will fuel a great 2022 for all our customers!

In light of the recent news about yet another reported Zero-Day Exploit and the accompanying discussions about security, let’s touch on the topic of security audits and how Enterprise Alert can be configured to avoid or at least minimize potential security impact. First, let’s establish what we mean by security audit.

The internet has been ablaze since the announcement of Log4Shell, the nickname for CVE-2021-44228, an arbitrary remote code execution vulnerability in the Java logging utility Log4j. So far two additional vulnerabilities ( CVE 2021-45046, CVE-2021-45105) have now been identified. The code has been vulnerable since 2013 and millions of hosts and services are affected.

Modern day software development approaches such as DevOps, have certainly reduced development time. However, tighter release deadlines push security practices to a corner. This blog explains how Shifting Security to the Left introduces security in the early stages of DevOps Lifecycle, thus fixing software bugs proactively. We have come a long way in the DevOps lifecycle, from releasing the code every month(or sometimes more than that) to every day(or every hour).