Operations | Monitoring | ITSM | DevOps | Cloud

Your cloud platform probably came with tools to secure and manage the resources you create. We call those cloud-native security tools because they’re proprietary to the vendor you’re using them on. Third-party alternatives, on the other hand, are usually created to be compatible with several cloud provider platforms at once.

In the dynamic landscape of financial services, data is not just currency; it's the key to innovation and operational excellence. Data is constantly streamlining from devices, logins, transfers, transactions, and much more, and it’s bound to increase with an ongoing reliance on digital channels. This creates a massive opportunity and responsibility for financial institutions, as their customers (and regulators) demand more from banking providers.

We recently announced AppSignal Business Add-Ons, our alternative to pricy enterprise plans. The add-ons offered HIPAA BAA, Long-Term Log Storage, and Two-Factor Authentication Enforcement for an additional fee. However, after listening to feedback from our customers, we decided that Two-Factor Authentication Enforcement is a core feature that should be available to all organizations on all plans for free.

Microsoft Defender offers everyone comprehensive threat prevention, detection, and response capabilities—from individuals looking to protect their families to the world’s largest enterprises. Microsoft Defender allows IT and Security teams to prevent, detect, and respond to attacks across devices, identities, apps, email, data, workloads, and clouds. Have you ever wondered if you can use Cribl Stream to help manage your Microsoft Defender for Endpoint logs? The answer is Yes (plus benefits)!

In November 2023 we discovered an issue in the Go standard library’s net/http.Client that allowed an attacker who controls redirect targets on a server to exfiltrate authentication secrets. Soon after, we discovered a similar issue in net/http/cookiejar.Jar. The issues, collectively designated CVE-2023-45289, have now been fixed in Go 1.22.1 and Go 1.21.8, released on March 5, 2024. This blog post dives into the technical details behind those two bugs and the patch that addresses them.

In the realm of information technology and cybersecurity, the regular updating of software is a cornerstone of operational integrity and security posture. The critical importance of software updates transcends mere IT maintenance; it is a strategic imperative in today’s digital ecosystem.

Have you ever admired those cool graphics on the web? They look nice but can be the wolf in sheep’s clothing. In this post you will learn about SVG injections and how to avoid them.

Infrastructure as Code (IaC) has emerged as a cornerstone for efficiently managing and provisioning infrastructure. Among the many tools available, Terraform has gained unparalleled popularity, offering a declarative approach to defining and deploying infrastructure. But as organizations increasingly embrace IaC to achieve scalability, consistency, and agility, a critical challenge emerges: how to ensure compliance and authorization for infrastructure changes.

Flowmon QRadar integration provides a single pane of glass to detect and respond to Flowmon ADS events directly in IBM QRadar. The integration packages were updated to support the latest version of Flowmon products and the IBM QRadar platform. Security Information and Event Management (SIEM) systems are considered foundational elements in a company's security toolkit.

Within Kubernetes, the Domain Name System (DNS) plays a pivotal role in facilitating service discovery, allowing pods to effectively locate and interact with other services within the cluster. For organizations transitioning their workloads to Kubernetes, establishing connectivity with services external to the cluster is equally important.