Many of our customers rely on the Amazon Web Services (AWS) Well-Architected Framework as a guide to build safe, secure, and performant applications in the cloud. AWS offers the Well-Architected Review (WAR) Tool as a centralized way to track and trend adherence to Well-Architected best practices. It allows users to define workloads and answer a set of questions regarding operational excellence, security, reliability, performance efficiency, and cost optimization.

Attackers (i.e., threat actors) often reuse techniques or resources, such as IP addresses, hashes, and domains, in multiple attempts to find and exploit vulnerabilities in your systems. Defenders can categorize this data as indicators of compromise (IOCs) and create collections of IOCs in order to look out for potential attacks. These IOC collections are known as threat intelligence.

To enhance and automate your vulnerability analysis, we’re excited to launch the Datadog Vulnerability Analysis GitHub Action. The action enables easy integration between your application, Datadog Continuous Profiler, and Snyk’s vulnerability database to provide actionable security heuristics. The action can be installed directly from the GitHub Marketplace, and does not require you to manage any additional scripts or infrastructure.

From containerized workloads to microservice architectures, developers are rapidly adopting new technology that allows organizations to scale their products at unprecedented rates. In order to make sense of these complex deployments, many teams are abstracting applications away from the environments in which they run. Because of this trade-off, developers and security teams lose the access to the unified context from infrastructure to application needed to fully secure their services.

Using open source code makes it easier to build applications, but the freely available nature of open source code introduces the risk of pulling potential security vulnerabilities into your environment. Knowing whether or not customers are actually accessing the vulnerable parts of your application is key to triaging security threats without spending hours fixing an issue that doesn’t affect end users.

Auth0 provides identity as a service (IDaaS), allowing you to secure your apps and APIs without having to write your own authorization code. Auth0 can work with social identity providers (IdP) like Google and Facebook so your users can access your app by using their existing accounts for authentication. You can also use an existing enterprise identity provider (e.g., LDAP) to allow your users to leverage single sign-on (SSO) across multiple apps.

Kubernetes audit logs contain detailed information about every request to the Kubernetes API server and are critical to detecting misconfigurations and vulnerabilities in your clusters. But because even a small Kubernetes environment can rapidly generate lots of audit logs, it’s very difficult to manually analyze them.

Governance, risk, and compliance (GRC) are major inhibitors for organizations moving to the cloud—and for good reason. Cloud environments are complex, and even a single misconfigured security group can result in a serious data breach. In fact, asset misconfigurations were the leading cause of cloud security breaches in 2019. This puts a lot of pressure on developer and operations teams to properly secure their services and maintain regulatory compliance.

As healthcare and life sciences organizations move to digitize their operations and automate their workflows, they are encountering new challenges related to HIPAA regulations, which dictate how patient information should be collected and stored.

Creating security policies for the devices connected to your network is critical to ensuring that company data is safe. This is especially true as companies adopt a bring-your-own-device model and allow more personal phones, tablets, and laptops to connect to internal services. These devices, or endpoints, introduce unique vulnerabilities that can expose sensitive data if they are not monitored.