Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Using HAProxy as an API Gateway, Part 6 [Security]

In almost every case, APIs have changed how modern applications connect to their data. Mobile apps, single-page web apps, IoT devices, integration hooks between software—all of these things rely on APIs to fetch, update, delete, and create data. In fact, one set of APIs might serve as the backbone of a website, mobile app, voice assistant device, and more, meaning one data store owns a treasure trove of information about us, the human users.

Bitbucket Pipelines and OpenID Connect: No more secret management

Bitbucket Pipelines now allows you to talk to your favorite third-party applications without an access token or secret. You no longer need to store your secrets in Bitbucket Pipelines. You can generate an OpenID Connect token in Bitbucket Pipelines, and use that to talk to any third-party application that supports OpenID Connect.

Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

Every security team should utilize security frameworks in their strategy and tactics to help reduce risk from common cybersecurity threats. Security frameworks guide organizations on how they should develop, build, and maintain their IT security policies and procedures while sharing best practices for meeting compliance requirements. Healthcare operations in particular are often presented with increasing regulatory scrutiny and obligations that must be met in order to be competitive.

Secure by Design | Securing the Software Development Build Environment

The recent SUNBURST cyberattack on the SolarWinds software build environment is a concerning new reality for the software industry, representing the increasingly sophisticated actions by outside nation-states on the supply chains and infrastructure on which we all rely. SolarWinds is committed to sharing our learnings about this attack broadly given the common development practices in the industry and our belief that transparency and cooperation are our best tools to help prevent and protect against future attacks.

Is Your Home Built to Last? Investing in Cloud-Based ITSM for a More Secure Tomorrow

Buying a home requires thoughtful planning and takes a significant amount of time and resources. Beyond your list of must-haves, you’ve likely kept tabs on houses of interest to you, the state of the market, how safe the neighborhood is, and more. Another factor in your decision is how the house is equipped to grow with you—will it continue to meet your needs in the next five years? It’s critical to establish a sound foundation that works for you today and in the future.

The DevSecOps Cultural Transformation

Let’s take a moment and think about security in your organization. Security is often separate from other engineering teams such as development, operations, networking, IT, and so forth. If you narrow down your focus to specifically releasing new software or features and functions in existing software, you’ll find that while development and operations are working together very quickly and efficiently, they’re still vaulting these functions and features over to security.

Hunting for Lateral Movement using Event Query Language

Lateral Movement describes techniques that adversaries use to pivot through multiple systems and accounts to improve access to an environment and subsequently get closer to their objective. Adversaries might install their own remote access tools to accomplish Lateral Movement, or use stolen credentials with native network and operating system tools that may be stealthier in blending in with normal systems administration activity.