Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Security vs. Compliance: What's the difference?

The first two posts in our compliance blog series focused on managing compliance through automation. In this third post, we take a step back to explore a more foundational — but no less important — topic: What’s the difference between compliance and security? Is compliant infrastructure secure infrastructure? People often talk about compliance and security as though they’re one and the same.

Not All Buzzwords are Created Equal: Real Applications of Zero Trust Security for IoT

Zero Trust security. Some would say it’s the latest and greatest buzzword and this disposition is understandable given the amount of jargon introduced into the Information Technology market each year. With vernacular being used interchangeably like “AI,” “Machine Learning,” and “Deep Learning,” these words get stripped of their real significance.

Show your Website some Love this Valentine's Day

If you care about your website, show it some love this Valentine’s Day. RapidSpike is there, like Fred from First Dates, to keep the spark alive. We will be your relationship counsellor through the tough times with your website, from downtime to Magecart style attacks, and even the occasional website launch! They say healthy relationships are built around the pillars of trust, communication and passion.

How to Block an External Attack with FortiGate and Flowmon ADS

It’s a question we hear often - how to use Flowmon to block an attack? Flowmon is not an inline appliance to stand in the path of inbound traffic, so we partner with 3rd party vendors who supply equipment like firewalls or unified security gateways. In this post, I’m going to show you how to instruct Fortinet’s firewall FortiGate via Flowmon ADS to block traffic in response to a detected anomaly or attack.

Runtime security in Azure Kubernetes Service

Runtime security for Azure Kubernetes Service (AKS) environments requires putting controls in place to detect unexpected and malicious behavior across your applications, infrastructure, and cloud environment. Runtime threats include things like: Even if you’re taking advantage of tools like container image vulnerability scanning, Kubernetes pod security policies, and Kubernetes network policies with AKS, not every risk will be addressed.

Using Puppet to detect the SolarWinds Orion compromise

SolarWinds' widely-used Orion IT platform has been the subject of a supply-chain compromise by an unidentified threat actor. The attack was discovered in December 2020, but it appears to have begun in March 2020 when the attacker used trojan malware to open a backdoor on SolarWinds customers around the world.

Best Practices for Writing Secure Java Code

Every Java developer should follow coding standards and best practices to develop secure Java code. It is critical your code is not vulnerable to exploits or malicious attacks. In recent times, even big organizations like eBay, the CIA, and the IRS have fallen victim to vulnerabilities in their applications that have been discovered and exploited by attackers. The following guidelines provide a solid foundation for writing secure Java code and applications.

Getting started with Kubernetes audit logs and Falco

As Kubernetes adoption continues to grow, Kubernetes audit logs are a critical information source to incorporate in your Kubernetes security strategy. It allows security and DevOps teams to have full visibility into all events happening inside the cluster. The Kubernetes audit logging feature was introduced in Kubernetes 1.11.

Breaking the Logjam of Log Analytics

To understand the value of logs—those many digital records of hardware and software events—picture a big puzzle. You put all the pieces together to make sense of them. Every day the modern enterprise generates billions of logs, each capturing a user log-in, application record change, network service interruption—as well as the messages these entities send to one another.