The Splunk Security Research Team has been working on Kubernetes security analytic stories mainly focused on AWS and GCP cloud platforms. The turn has come now for some Azure Kubernetes security monitoring analytic stories. As outlined in my "Approaching Kubernetes Security — Detecting Kubernetes Scan with Splunk" blog post, when looking at Kubernetes security, there are certain items within a cluster that must be monitored.

Over the past week, we rolled out access to Advanced Data Scrubbing for all users. If you were one of our Early Adopters, you’ve known about this for a couple of months. As the name implies, it’s an addition to our existing server-side data scrubbing features, meant to provide greater control and more tools to help you choose which data to redact from events. One of Sentry’s main selling points as an error monitoring platform is the data it collects and aggregates.

How would you compare the Windows and macOS operating systems? In what ways are they similar? Why do they each take different approaches to solving the same problem? For the last 19 years I've developed security software for Windows. Recently, I’ve started implementing similar features on macOS. Since then, people have asked me questions like this. The more experience I gained on these two operating systems, the more I realized they’re very different.

The COVID-19 virus epidemic has seen a 23% rise in visitors to UK independent ecommerce sites. On a global scale, many companies have transitioned to fully ecommerce-based business practices and are seeing an increase in online shoppers. This paradigm shift in business continuity means websites are increasingly vulnerable to being attacked.

A number of domain “forgeries” or tricky, translated look-alikes have been observed recently. These attack campaigns cleverly abuse International Domain Names (IDN) which, once translated into ASCII in a standard browser, result in the appearance of a corporate or organization name that allows the targeting of such organization’s domains for impersonation or hijacking. This attack has been researched and defined in past campaigns as an IDN homograph attack.

TL;DR: Experts working with tech companies discuss a lot about security issues, both internally and with clients. Indeed, no software program or app is full-proof. While technological enhancements help companies and individuals to perform better, they enhance the capabilities of hackers too. Naturally, everybody has to take the necessary steps required to protect their interests, and the most common yet effective way to do it is to change passwords frequently.

In this blog, we will explore suspicious file activity inside a container and see how to effectively implement a file integrity monitoring (FIM) workflow. We’ll also cover how Sysdig Secure can help you implement FIM for both containers and Linux hosts.