Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

styra

Real-time authorization with Enterprise OPA and gRPC

Jul 19, 2023 By Philip Conrad In Styra

In this article, you will learn about how to achieve high-throughput, real-time authorization. You should gain a basic understanding of the different protocols for interacting with the Open Policy Agent (OPA) and Styra Enterprise OPA APIs, as well as how and when to use different options. We will also cover the strengths of different protocol choices, and where they may make sense in your system architecture.

Read Post

Unlocking AI Potential: Streamlining Database Access with Teleport

Jul 19, 2023 By Teleport In Teleport
- Captivated by the capabilities of OpenAI’s ChatGPT, today, many of our data research friends are experimenting with tools and datasets to learn how Artificial Intelligence (AI) and Generative Pretrained Transformers (GPT) can be used to solve unique and challenging business problems. While many sample corpora datasets exist, experimenting on your production datasets is often needed but difficult due to access restrictions, challenging network configurations, or complicated approval processes.
View Video

Understanding GitGuardian Roles and Teams

Jul 18, 2023 By GitGuardian In GitGuardian
GitGuardian makes it easy for teams of any size to manage code security. We also make it simple to manage access to the GitGuardian dashboard as your security team grows and you need to assign roles and permissions. In this video, we will take a closer look at the various Workspace member roles. We will also explore how to create and manage Teams, allowing you to group users and incidents, as well as give users more fine-grained permissions.
View Video
mend

The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk

Jul 18, 2023 By Rami Elron In Mend

AI-related security risk manifests itself in more than one way. It can, for example, result from the usage of an AI-powered security solution that is based on an AI model that is either lacking in some way, or was deliberately compromised by a malicious actor. It can also result from usage of AI technology by a malicious actor to facilitate creation and exploitation of vulnerabilities.

Read Post
armo

Unlocking efficiency: a strategic approach to handling Kubernetes security findings

Jul 17, 2023 By Yossi Ben Naim In ARMO
Kubernetes has emerged as the de facto standard for container orchestration, enabling organizations to manage and scale their applications efficiently. However, with this increased adoption comes the need to address security concerns within Kubernetes environments. The following blog post will explore the concept of ignoring security findings as a means of prioritizing fixes effectively.
Read Post
CalCom

IIS 10 CIS Benchmark Audit Procedure using PowerShell

Jul 17, 2023 By John Gates In CalCom
CIS IIS 10 Benchmark provides prescriptive guidance for establishing a secure configuration posture for Microsoft Internet Information Services (IIS) version 10. The benchmark provides guidance for establishing a secure configuration posture for IIS version 10. The benchmark is divided into two levels of security controls: Level 1 and Level 2. Level 1 provides a set of fundamental security measures that can be implemented with little or no impact on service availability.
Read Post
teleport

Version Control Best Practices With Teleport RBAC Roles

Jul 14, 2023 By by Kenneth DuMez In Teleport

Imagine you've just deployed a working Teleport cluster and you're making changes to the Role Based Access Controls (RBAC) roles, fine-tuning all of your resource permissions, and making sure every role is following the principle of least privilege. You go for a week-long vacation, do some fishing and completely relax. Getting back you find that the DevOps intern you just hired made a bunch of changes to the roles screwing everything up.

Read Post
Snyk

Top 5 security concerns for infrastructure as code

Jul 14, 2023 By Eric Smalling In Snyk

Infrastructure as code (IaC) has changed how we deploy and manage our cloud infrastructure. Instead of having to manually configure servers and networks with a large operations team, we can now define our service architecture through code. IaC allows us to automate infrastructure deployment, scale our entire fleet of servers, document a history of changes to our architecture, and test incremental changes to the network.

Read Post
styra

OPA in Production - How Reddit and Miro Built Enterprise Authorization with OPA

Jul 13, 2023 By Adam Sandor In Styra

Two web-scale companies have recently shared how they solved mission-critical authorization challenges using Open Policy Agent (OPA). These accounts validate the value of what we’ve built with OPA and give important blueprints for engineers looking to address similar challenges. We consider these required reading for anyone considering or using OPA at scale. In this post we review these two case studies to highlight common patterns and important differences.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.