The issue of unsecured databases is growing. In 2019, 17 percent of all data breaches were caused by human error — twice as many as just a year before. And the IBM/Ponemon 2019 report found that the estimated probability of a company having repeated data breaches within two years grew by 31 percent between 2014 and 2019. Why is this happening?

Here at Graylog, we have recently had an increase in conversations with security teams from leading companies. We want to share our key findings with the Graylog community. The good thing is that cybercriminals use a methodical approach when planning an attack. By understanding their process and knowing your network, you will be better prepared and able to stay one step ahead.

Different IT organizations have different needs. The one-man shop might find the best success with open-source software, while enterprises often need something a little more. But occasionally you’ll see an enterprise using open-source or something designed for a small to medium-sized business. This can be a good thing in certain instances, though it’s not without risks. So, why might you want to use SMB or open-source gear in an enterprise setting, and when might it be a good thing?

It’s been shown that if you follow a proven collection of practices for developing, designing, testing, implementing, and maintaining your software, you will produce a much higher quality product. Over the past few years, we have seen an increasing number of cases of attacks on the application layer. The Open Web Application Security Project, OWASP, estimates that around one-third of web applications contain security vulnerabilities.

Today we are pleased to announce our partnership with Nutanix, creators of the industry’s most popular hyper-converged infrastructure (HCI) technology. HCI combines datacenter hardware using locally-attached storage resources with intelligent software to create flexible building blocks that replace legacy infrastructure consisting of separate servers, storage networks, and storage arrays.

In part one of this series on Kubernetes RBAC, we introduced authentication and authorization methods. In this article, we’ll dive a little deeper into authentication — a prerequisite for RBAC. As we saw, there are a few authentication methods including client certificates, bearer tokens, HTTP basic auth, auth proxy, and impersonation. Because HTTP basic auth and statically configured bearer tokens are considered insecure, we won’t cover them here.

HTTP, which stands for Hypertext Transfer Protocol, is a communication protocol used by your browser to connect to the web server of the site you're looking for. When HTTP data transfer between the browser and the web server is shared via unencrypted hypertext, anybody connected to your network can intercept the data you're transferring. To combat this, it's best to switch to HTTPS, the more secure extension of HTTP. You can't verify data integrity with HTTP

Compared to even just a few years ago, the tools available for data scientists and machine learning engineers today are of remarkable variety and ease of use. However, the availability and sophistication of such tools belies the ongoing challenges in implementing end-to-end data analytics use cases in the enterprise and in production.