Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Sponsored Post

AIOps & Observability- Which One Should Enterprises Focus on First?

Organizations today are pressured to keep their IT applications and infrastructure up and running and minimize their downtime. While this has always been a critical goal, it’s become harder to achieve with modern architectures, such as microservices, containerization, edge computing, hybrid-cloud deployments and the newer development methods such as agile DevOps techniques.

Observability Pipelines & AIOps can make IT Smarter

Enterprise data systems are like busy family households. You see a constant flow of activity to varying degrees from room to room. This activity includes people wandering, opening and closing doors. And then there are other streams constantly flowing through the household- electricity, water, Wi-Fi networks and more. In modern enterprises, the data deluge is a critical issue. While we take the complexity for granted in a household, such is not allowed in a connected enterprise.

What a more holistic approach to cloud-native security and observability looks like

The rise of cloud native and containerization, along with the automation of the CI/CD pipeline, introduced fundamental changes to existing application development, deployment, and security paradigms. Because cloud native is so different from traditional architectures, both in how workloads are developed and how they need to be secured, there is a need to rethink our approach to security in these environments.

How does sensitive information end up in observability platforms?

Observability (logs, traces, metrics) is a core tenet to building strong software systems. Logs are used to debug issues and check on system activity, traces provide valuable insights into system performance and architecture, and metrics allow engineering teams to closely track business metrics within their systems.

CVE-2021-37136 & CVE-2021-37137 - Denial of Service (DoS) in Netty's Decompressors

The JFrog Security research team has recently disclosed two denial of service issues (CVE-2021-37136, CVE-2021-37137) in Netty, a popular client/server framework which enables quick and easy development of network applications such as protocol servers and clients. In this post we will elaborate on one of the issues – CVE-2021-37136.

Plugins to put Node.js application security and observability in your IDE

As developers, we spend a lot of time in our IDEs writing new code, refactoring code, adding tests, fixing bugs and more. And in recent years, IDEs have become powerful tools, helping us developers with anything from interacting with HTTP requests to generally boosting our productivity. So you have to ask — what if we could also prevent security issues in our code before we ship it?

Humio Helps Michigan State University Improve SecOps Observability

I recently had the pleasure of chatting with Michigan State University Network Security Engineer David Graff for Episode 46 of our Hoot podcast series. MSU uses Humio for SecOps log management so it was great to get his first-hand perspective on how Humio helps the security team improve visibility and streamline forensics.

Beyond the network: Next Generation Security and Observability with eBPF - Shaun Crampton, Tigera

Learn how eBPF will bring a richer picture of what's going on in your cluster, without changing your applications. With eBPF we can safely collect information from deep within your applications, wherever they interact with the kernel. For example, collecting detailed socket statistics to root-cause network issues, or pinpointing the precise binary inside a container that made a particular request for your audit trail. This allows for insights into the behavior (and security) of the system that previously would have needed every process to be (manually) instrumented.