Operations | Monitoring | ITSM | DevOps | Cloud

On July 14, 2020, Microsoft released a security update related to a remote code execution (RCE) and denial of service (DoS) vulnerability (CVE-2020-1350) in Windows DNS Server (2003 - 2019).

This is the first in a three-post series themed around Ops-led DevOps, where I’ll explore the relationship between observability and a set of software delivery lifecycle practices that support the adoption of DevOps practices and the transition from project to product-centric ways of working. I’ll start with Site Reliability Engineering, move onto Value Stream Management and finish with Continuous Delivery.

Serverless has been around for a minute now but it’s safe to say that it’s still in its infancy in 2020 and definitely has a long way to go. But serverless architecture is a major step away from to dependence on humans and towards reliance on machines. Are the machines already talking over? Not literally the “Terminator” movie scenario quite yet but is this the beginning of the end of an era in the world as we know it?

An IT director and an MSP walk into a bar… Well, it wasn’t actually a bar, it was a panel session on the second day of the Protect & Streamline Summit for IT Leaders. And they didn’t so much walk in as hit join meeting from their respective home offices. Nevertheless, the discussion between Bryan Schultz and Bob Coppedge, moderated by Datto’s Rob Rae, felt a lot like a candid conversation between friends.

Ansible is an open source continuous configuration automation (CCA) tool. You can use it to automate the management of the configuration of host systems. For example: installing and configuring applications, services, security policies; or to perform a wide variety of other administration and configuration tasks.

When developers think of log files and log analysis, their minds typically transports into the world of contributing factors and incident remediation. However, analyzing log events doesn’t always need to be about a specific bug and its corresponding resolution. In fact, log analysis can be a very useful resource for organizations looking to develop a more high-level and large-scale plan for their application moving forward.

Our team recently discovered an exposed endpoint without authentication enabled, though we know it had previously been required. The root cause was a missing configuration as a result of a recent upgrade a few weeks earlier, and was easy to fix by simply enabling the configuration parameter correctly. We needed a way to catch this type of issue quickly going forward, for this and for other public endpoints, which should be secure by default. Here is how we solved it.

We are excited to share that ManageEngine’s Log360 has been awarded the 2020 Fortress Cyber Security Award for Threat Detection. The Business Intelligence Group’s unique scoring system measures performance across multiple business domains.

A Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to the distribution of malware. Whilst blocking attacks is important, it is also useful to be notified of attacks when they happen. A breach could bring your organization to a halt — from broken webpages to data breaches.

Kubernetes is a powerful orchestration system, however, it can be really hard to configure its deployment process. Specific apps can help you manage multiple independent resources like pods, services, deployments, and replica sets. Yet, each must be described in the YAML manifest file.