While you’re likely familiar with role-based access control, Sysdig teams introduce the concept of service-based access control. With service-based access control, administrators can define groups of users that have access to policy events, policy configuration, and scanning data limited to a service or set of services, as defined by your orchestration system (think Kubernetes, Mesos, and the like).

Remember that time Mom told you that the internet is a dangerous place? No? Well, she did, but you weren’t listening. Jokes aside, we can probably all agree that there are many potential security risks in web services, with all their APIs and user-contributed content. Yet, the internet is what defines our digital age, and barely any piece of technology can do without. In the midst of this insecurity, Rust came along with its memory safety and zero-cost abstractions.

So, you’ve done your homework, you’ve clearly defined business requirements, and you’ve decided to implement a SIEM solution into your organization. However, before you set out on this adventure there are a quite a few questions to consider.

One of the most common security use cases, is the ability to identify connections generated by malicious actors, or internal components connecting to suspicious servers (e.g malware C&Cs). In this post, we will show how to leverage the Falco engine, to identify connections made to IPs that were flagged by multiple security sensors, and are streamed as a feed to the Falco engine.

In my previous post, we looked at how event correlation can be used to deal with advanced persistent threats (APTs). The thing is, an APT is just one ugly face of a much larger epidemic: the data breach. In this blog, we examine this larger problem and the role of event correlation in securing sensitive data.

In the following tutorial you can learn how to implement container security as code. You probably have a CI/CD pipeline to automatically rebuild your container images. What if you could define your container security as code, push it into a Git repository to version control changes and then enforce your policy in your container orchestration tool like Docker or Kubernetes using Sysdig Secure?

Yet another Re:Invent has concluded, leaving behind a trail of announcements, new features, and vendor swag (how many T-shirts can we possibly own?). Security was a hot topic at this year’s conference; so much so that it was mentioned in-depth within the first 10 minutes of Andy Jassy’s keynote and numerous times afterwards, as well as during Werner Vogel’s keynote the following day.

As enterprise IT organizations evaluate cloud-based services, security can be a primary concern — both in terms of the security of the customer data associated with the application as well as the potential for breaches of the customer’s IT environment. Zenoss takes a comprehensive approach to SaaS security, addressing it from both a product and process perspective, to ensure the integrity of monitoring operations.