Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Do you KYC?

Compliance has often been a checkbox exercise, primarily seen as a defensive strategy in preventing financial penalties and PR embarrassments. However, some organizations have taken a different approach. They’ve used compliance on the offensive - to give a competitive edge, turning “compliance teams” into “innovation teams”. These companies have improved processes and increased customer experience. They’ve installed an elevator instead of fixing the ladder.

How Can the Public Sector Get Remote Working Right?

Mobile working is becoming the reality for an increasing number of public sector staff. But the threat and impact brought by the coronavirus COVID-19 outbreak has seen many organizations instructing office-based employees to work remotely, as a way to minimize the risk of infection and spreading of the virus.

Don't Let Security Go Up, Up and Away (in the Clouds), Start with Data

Security teams can’t defend what they can’t see. As organizations move more workloads to the cloud, security teams need added visibility into these new workloads or risk having blind spots that lead to compromise. In the first installment of our "Getting Data In" webinar series, "Modernizing your SOC for the Cloud Age Starts with Security Foundations," we demonstrate how to quickly and easily onboard data into Splunk Cloud.

Filter Company Allowed 3.4 Million Customers to Shop on Hacked Site

Filters Fast knowingly allowed approximately 3.4 Million customers to shop on their compromised website for over 5 months, in a year-long data breach. FiltersFast.com sells a variety of home filtration products. The company is based in North Carolina, USA, and according to SimilarWeb, the company averages approximately 574,190 website visitors each month.

Privacy and Ethical Web Analytics

Web analytics is often based on invasively collecting and aggregating user data. But web analytics doesn’t have to be an invasion of privacy. A growing movement of businesses, including performance monitoring services like Request Metrics, are working to create sustainable web analytics tools. Tools that give web developers the metrics they need to improve their websites without compromising the privacy of our users.

Beyond the EHR: 3 Other Places Healthcare Organizations Need to Watch to Ensure HIPAA Compliance

With the state of the world today, healthcare facilities of all kinds and sizes are operating under a state of distress. Employees are working on the frontlines, while also having to manage low budgets for IT security, coupled with low resources and all the while having to manage legal and compliance issues on top of it. Sometimes there’s so much emphasis put on the primary platform where patient health information (PHI) resides, other parts of the network are overlooked to determine compliance.

Master the art of VPN encryption: The ITOM podcast [Episode 2]

Gear up as The ITOM podcast returns with an all new episode specially tailored to help ease all your remote work woes in an IT environment. In the last episode, we discussed VPNs, their protocols, and the advantages of using a VPN in the remote work setting. Episode 1 helped set the stage for us to dive deeper into the nuances of VPN security and encryption. Encryption helps transform confidential information into cipher text or coded text for safe transit across secure VPN tunnels.

Dynamic SSL Certificate Storage in HAProxy

Use the HAProxy Runtime API to update SSL certificates in HAProxy without a reload. When you route traffic through an HAProxy load balancer, you gain the ability to terminate SSL at the load balancer. HAProxy encrypts communication between the client and itself and then sends the decrypted messages to your backend servers, which means less CPU work on the servers because there’s no encryption work left to do.

How to monitor Harbor registry with Prometheus metrics

In this blog post, we are going to explain how to monitor Harbor container registry with Prometheus metrics. Harbor is an open-source container registry, originally developed by VMware and now under the CNCF umbrella. Although many of us typically use hosted container registries such as DockerHub, Quay, ECR, GCR, or ACR, when you need a self-hosted registry, Harbor is a great choice. Harbor provides great features such as RBAC, replication, and image scanning.