As the threat landscape continues to expand, having end-to-end visibility across your modern application stack and cloud infrastructures is crucial. Customers cannot afford to have blind spots in their environment and that includes data being ingested from third-party tools.
It would be hard to be involved in technology in any way and not see the dramatic upward trend in DevOps adoption. In their January 2019 publication “Five Key Trends To Benchmark DevOps Progress,” Forrester research found that 56 percent of firms were ‘implementing, implemented or expanding’ DevOps. Further, 51 percent of adopters have embraced DevOps for either all new or all applications. Clearly, DevOps adoption is here and growing.
MITRE ATT&CK™ (Adversarial Tactics, Techniques and Common Knowledge) is a framework for understanding attackers’ behaviors and actions. We are pleased to announce that AlienVault USM Anywhere and Open Threat Exchange (OTX) now include MITRE ATT&CK™ information. By mapping alarms to their corresponding ATT&CK techniques, we are assisting in prioritizing analysis work by understanding the context and scope of an attack.
Today we are very excited to announce our latest release — Sysdig Secure 2.3! In this version of Sysdig Secure, we have invested heavily in hardening the compliance posture of Kubernetes, Docker configurations, and container images. We have released a set of features that provide compliance focused image scanning, guided remediation, compliance dashboards, and more.
From time-to-time we are asked “does our Encoder product protect JavaScript and HTML?” While our ionCube PHP Encoder product with its unique features such as Dynamic and External Keys do a wonderful job protecting the PHP code on your server, the same server protected code at the client side will still present all of the HTML, CSS and JavaScript when viewing the source in the browser.
A complete security program involves many different facets working together to defend against digital threats. To create such a program, many organizations spend much of their resources on building up their defenses by investing in their security configuration management (SCM), file integrity monitoring (FIM), vulnerability management (VM) and log management capabilities. These investments make sense, as the resources listed above can all help protect the organization.
The discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction”; it subsequently allows attackers to gain root-level code execution on the host. Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a single, simple rule: lock the door.
A business wants to hire a vendor. However, this vendor does not meet policy standards and has requested an exception. The question you face is whether or not to approve or deny that exception request. What’s good for business sometimes comes with added risk. In fact, many incidents are the direct result of a policy violation. For risk management, and business needs, maybe the answer isn’t a simple yay or nay but a more nuanced approach.
Threat hunting is a regularly-occurring activity in any high-performance SOC. But for less savvy organizations, it’s a must-have activity that can mean the difference between a malicious hack or a normal, uneventful day. With the stakes so high, it’s time to look at the history of threat hunting, what it looks like today, and the future of threat hunting – particularly as adversaries become more advanced every day.
