Monitoring

What Is FIM (File Integrity Monitoring)?

Jan 11, 2022 By David Bisson In Tripwire

Change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur during an organization’s regular patching cycle, while others cause concern by popping up unexpectedly. Organizations commonly respond to this dynamism by investing in asset discovery and secure configuration management (SCM).

Read Post

Tripwire

Read more about What Is FIM (File Integrity Monitoring)?

Why cloud native requires a holistic approach to security and observability

Jan 11, 2022 By Laura Ferguson In Tigera

Like any great technology, the interest in and adoption of Kubernetes (an excellent way to orchestrate your workloads, by the way) took off as cloud native and containerization grew in popularity. With that came a lot of confusion. Everyone was using Kubernetes to move their workloads, but as they went through their journey to deployment, they weren’t thinking about security until they got to production.

Read Post

Tigera

Read more about Why cloud native requires a holistic approach to security and observability

Part I: A Journey Into the World of Advanced Security Monitoring

Dec 30, 2021 By Nitzan Gotlib In JFrog

Dealing with hundreds of security alerts on a daily basis is a challenge. Especially when many are false positives that waste our time and all take up too much of our valuable time to sift through. Let me tell you how our security team fixed this, as we built security around the JFrog products. First, let me tell you a little bit about our team.

Read Post

JFrog

Read more about Part I: A Journey Into the World of Advanced Security Monitoring

Hack Yourself Stockholm 2021 - David Jacoby, Jesper Larsson, Mathias Karlsson, and Shane Murnion

Dec 22, 2021 By Detectify In Detectify

A recording of a panel discussion from Hack Yourself Stockholm 2021 on the theme of attack surface management. Hear the panelists discuss what organizations can do to find and better protect their external attack surface. Featuring security experts from: David Jacoby - Deputy Director for the European Global Research and Analysis Team, Kaspersky Jesper Larsson - Freelance IT-Security Researcher & Penetration Tester Mathias Karlsson - Head of Technical Security, Kivra Shane Murnion - Security Specialist, Skandia.

View Video

Detectify

Read more about Hack Yourself Stockholm 2021 - David Jacoby, Jesper Larsson, Mathias Karlsson, and Shane Murnion

Monitor Kubernetes with Fairwinds Insights' offering in the Datadog Marketplace

Dec 21, 2021 By Nicholas Thomson In Datadog

Fairwinds Insights is Kubernetes governance and security software that enables DevOps teams to monitor and prevent configuration problems in their infrastructure and applications. Not only does Fairwinds simplify Kubernetes complexity, but it also reduces risk by surfacing security and reliability issues in your Kubernetes clusters.

Read Post

Datadog

Read more about Monitor Kubernetes with Fairwinds Insights' offering in the Datadog Marketplace

Discovering vulnerable Log4J libraries on your network with EventSentry

Dec 20, 2021 By ingmar.koecher In EventSentry

Just when the Microsoft Exchange exploit CVE-2021-26855 thought it would win the “Exploit of the year” award, it got unseated by the – still evolving – Log4J exploit just weeks before the end of the year! Had somebody asked Sysadmins in November what Log4J was then I suspect that the majority would have had no idea. It seems that the biggest challenge the Log4J exploit poses for Sysadmins is simply the fact that nobody knows all the places where Log4J is being used.

Read Post

EventSentry

Read more about Discovering vulnerable Log4J libraries on your network with EventSentry

How to Manage Your AIOps for Optimal Efficiency

Dec 15, 2021 By Gurubaran Baskaran In CloudFabrix

“Have you tried shutting it off and turning it back on?” While AIOps won’t likely remove this query from our vocabulary any time soon, technology is certainly here to take on a bulk of the heavy lifting. For all-sized companies, service calls are still going to continue to pour in. And, there’s no sign of any of the world’s CompTIA certs going to waste in the near future. Still, thanks to AIOps, many jobs within the world of IT will become more streamlined.

Read Post

CloudFabrix

Read more about How to Manage Your AIOps for Optimal Efficiency

Detect Log4j RCE With Graylog GreyNoise

Dec 15, 2021 By Graylog In Graylog

Graylog experts Abe Abernethy and Jeff Darrington show you how to find the Log4j or Log4Shell with Graylog and integration with GreyNoise. #logmanagement #logmanagementdoneright Download Graylog Graylog on Social Media Graylog.

View Video

Graylog

Read more about Detect Log4j RCE With Graylog GreyNoise

The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Dec 14, 2021 By Zack Allen In Datadog

On December 9, 2021, a critical vulnerability in the popular Log4j Java logging library was disclosed and nicknamed Log4Shell. The vulnerability is tracked as CVE-2021-44228 and is a remote code execution vulnerability that can give an attacker full control of any impacted system. In this blog post, we will: We will also look at how to leverage Datadog to protect your infrastructure and applications.

Read Post