Alice keeps all her passwords in an Excel file on her desktop. However, she was told it is a very bad practice, since Eve can easily get access to the computer, read the file,and access Alice passwords and accounts. To enhance her security, Alice got a password protection software, KeePass, and she now saves all her passwords safely there – except for her KeePass password, which Alice keeps in an Excel file on her desktop. ‍Good news for Eve...

That phrase came to me many years ago when working on a multi-million pound IT outsourcing deal. We were up to our necks in the finer points of platform-wide and stack-deep security, and I realised we were fighting amongst ourselves more than challenging the final competing vendors. This infighting was partly due to the large amount of IT staff in the room likely to transfer to the winning team and partly due to the view of security controls as a bolt-on extra.

How likely is it to fall victim to fraud? As far as I’m aware, I personally have not purchased from a fraudulent site, but I have had my card details stolen in the past. Additionally, I remember years ago that while attempting to find a flat, I found a ‘rental company’ who turned out to be one person attempting to rent out flat 13 that due to superstition didn’t actually exist.

Context setting: In my first article on cloud security, I talked about the journey to cloud migration. What are the things you need to consider when planning the big move? To realize the full value of this post, you must have already identified the motivations for migration and the locations of some resources you can use to enhance your security posture within yourself and/or your team.

“How do I enable GitOps for my network security policies?” This is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, and security. Most security teams already have a high-level security blueprint for their data centers.

This month Devo exhibited at the AWS re:Invent conference in Las Vegas. I asked a few Devo colleagues who attended the show for their insights about what they heard and saw. Among the many visitors to the Devo booth there were a lot of similar questions about log management and related topics. “There were many log vendors at the show, so people wanted to hear what makes Devo unique,” said Seema Sheth-Voss, vice president, product marketing, for Devo.

Today’s network and data security environments are complex and diverse. There are hundreds of pieces to a security system and all of those pieces need to be looked at individually and as a whole to make sure they are not only working properly for your organization, but also safe and not posing a security threat to your company and your data or the data of your customers.

Indicators of compromise (IOCs) are pieces of forensic data, such as system log entries, system files or network traffic that identify potentially malicious activity on a system or network. Digital forensics security analysts and information security professionals use indicators of compromise to detect data breaches, malware infections and other security incidents.