Attackers (i.e., threat actors) often reuse techniques or resources, such as IP addresses, hashes, and domains, in multiple attempts to find and exploit vulnerabilities in your systems. Defenders can categorize this data as indicators of compromise (IOCs) and create collections of IOCs in order to look out for potential attacks. These IOC collections are known as threat intelligence.

To enhance and automate your vulnerability analysis, we’re excited to launch the Datadog Vulnerability Analysis GitHub Action. The action enables easy integration between your application, Datadog Continuous Profiler, and Snyk’s vulnerability database to provide actionable security heuristics. The action can be installed directly from the GitHub Marketplace, and does not require you to manage any additional scripts or infrastructure.

From containerized workloads to microservice architectures, developers are rapidly adopting new technology that allows organizations to scale their products at unprecedented rates. In order to make sense of these complex deployments, many teams are abstracting applications away from the environments in which they run. Because of this trade-off, developers and security teams lose the access to the unified context from infrastructure to application needed to fully secure their services.

Using open source code makes it easier to build applications, but the freely available nature of open source code introduces the risk of pulling potential security vulnerabilities into your environment. Knowing whether or not customers are actually accessing the vulnerable parts of your application is key to triaging security threats without spending hours fixing an issue that doesn’t affect end users.

Auth0 provides identity as a service (IDaaS), allowing you to secure your apps and APIs without having to write your own authorization code. Auth0 can work with social identity providers (IdP) like Google and Facebook so your users can access your app by using their existing accounts for authentication. You can also use an existing enterprise identity provider (e.g., LDAP) to allow your users to leverage single sign-on (SSO) across multiple apps.

Kubernetes audit logs contain detailed information about every request to the Kubernetes API server and are critical to detecting misconfigurations and vulnerabilities in your clusters. But because even a small Kubernetes environment can rapidly generate lots of audit logs, it’s very difficult to manually analyze them.

Governance, risk, and compliance (GRC) are major inhibitors for organizations moving to the cloud—and for good reason. Cloud environments are complex, and even a single misconfigured security group can result in a serious data breach. In fact, asset misconfigurations were the leading cause of cloud security breaches in 2019. This puts a lot of pressure on developer and operations teams to properly secure their services and maintain regulatory compliance.

As healthcare and life sciences organizations move to digitize their operations and automate their workflows, they are encountering new challenges related to HIPAA regulations, which dictate how patient information should be collected and stored.

Creating security policies for the devices connected to your network is critical to ensuring that company data is safe. This is especially true as companies adopt a bring-your-own-device model and allow more personal phones, tablets, and laptops to connect to internal services. These devices, or endpoints, introduce unique vulnerabilities that can expose sensitive data if they are not monitored.

Google Cloud Platform (GCP) is a suite of cloud computing services for deploying, managing, and monitoring applications. A critical part of deploying reliable applications is securing your infrastructure. Google Cloud Audit Logs record the who, where, and when for activity within your environment, providing a breadcrumb trail that administrators can use to monitor access and detect potential threats across your resources (e.g., storage buckets, databases, service accounts, virtual machines).