Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Container inspection: walking the security tight rope for cloud DevOps

Containers have become very popular with DevOps as a way to increase speed and agility. However, with recent reports of hackers utilizing vulnerabilities in Docker container images to compromise hosts and launch malicious containers – how can we identify this at the time of development to prevent security costing us later?

Developing security monitoring use cases for SIEM

At Logsign, we believe that every one of our clients faces a unique set of threats. There can be overlapping; however, it would be highly rare that two organizations face the same set of threats. Accordingly, when you are using a SIEM solution like Logsign SIEM, there will be use cases that are more important to your business than others. If you have used a SIEM tool previously, you know that a SIEM is a powerful tool to identify the smallest of threats in your entire technical infrastructure.

Open source licenses: No license, no problem? Or ... not?

In 2019, the Black Duck® Audit Services team audited 1,253 codebases to identify open source components, their associated licenses, security vulnerabilities, and overall community activity. Our Audit Services team has extensive experience in not only identifying open source licenses, but also researching the more than 2,700 license permutations that exist in the open source world. But what happens when an open source component has no license at all?

Security awareness training explained

Cyberattacks are an almost daily occurrence for many IT and security professionals, and there are a host of different security solutions in the marketplace today that look to help companies detect and prevent those attacks. However, despite all the technology organizations have in place, their users remain their weakest link. Phishing is still one of the top initial attack vectors. Why?

Why misconfigurations are such an issue in your containers and Kubernetes

Organizations are increasingly incorporating containers and Kubernetes into their IT infrastructure. As reported by ZDNet, Flexera’s “2020 State of the Cloud Report” found that about two-thirds (65%) of organizations were using Docker and that another 14% intended to begin using it at some point. Slightly fewer organizations (58%) were using Kubernetes at the time of the survey, by comparison, with 22% of participants saying they planned to adopt it.

Detectify releases new and improved integrations

Integrations are intended to make work and the flow of information smoother. In our case, the integrations expedite critical vulnerability information found by Detectify to security teams and the application owners. That way, you can receive vulnerability information directly into your digital workplace of choice. Our solution seemed to be achieving this for our customers and the use cases kept growing and eventually outgrowing our scalability.

SKILup Day DevSecOps | How To Securely Access Compute Resources In Cloud Environments | Virag Mody

Virag Mody, Technical Writer for Gravitational gave a concise talk on Infrastructure Security best practices for SKILupDays DevSecOps 2020. In the talk he covers why certificate authorities are so important, and what individuals can do to create a more secure infrastructure access process.