Operations | Monitoring | ITSM | DevOps | Cloud

In this blog post, we’re going to explain how to monitor Open Policy Agent (OPA) Gatekeeper with Prometheus metrics. If you have deployed OPA Gatekeeper, monitoring this admission controller is as relevant as monitoring the rest of the Kubernetes control plane components, like APIserver, kubelet or controller-manager. If something breaks here, Kubernetes won’t deploy new pods in your cluster; and if it’s slow, your cluster scale performance will degrade.

This is the final blog of our three-part blog series on living-off-the-land (LOTL) attacks. If you missed last week’s blog, you can read it here. LOTL attacks are also known as “malware-free” attacks because your own tools are used against you, either to hide malicious activities under a legitimate system process, or to leverage genuine system activities for malicious purposes.

Company security usually depends on your ability to come up with a diverse set of passwords and then manage them. Remembering all of them is considered a tad too difficult for most mere mortals, so a number of password storage apps have emerged. But they too have to be secured, and ultimately results in inefficient access and flawed security. Single-sign on (SSO) is still preferred, but to make it effective, companies like Okta have to secure integration across a number of apps.

Binary classification aims to separate elements of a given dataset into two groups on the basis of some learned classification rule. It has extensive applications from security analytics, fraud detection, malware identification, and much more. Being a supervised machine learning method, binary classification relies on the presence of labeled training data that can be used as examples from which a model can learn what separates the classes.

Ransomware is a serious threat to institutions of all kinds, resulting in mounting costs for organizations that must literally pay ransom to regain access to their essential systems. A ransomware attack takes place when a cybercriminal denies an organization access to the data it needs to conduct business, usually by encrypting the data with a secret key. The attacker then offers to reveal the encryption key in exchange for a payment. The payment can vary in amount or kind.

On April 7, 2020, the San Francisco International Airport (SFO) released a notice confirming that two of its websites, SFOConnect.com and SFOConstruction.com, were targets of a cyberattack in March 2020. The attack has been attributed to a hacker group that was attempting to steal the Windows logins of the airport’s employees. When we hear news about cyberattacks, a few typical, yet crucial questions spring to mind: How did the attackers perform the cyberattack?

“As we expand, it’s critical for our team to have both a fast and automated rollout process for each customer environment. In the end, each of our user’s access experience must be identical. Rancher is one product that’s critical to that strategy.” – Jeff Klink, VP Engineering, Cloud and Security Specialist, Sera4 Security worries keep many of us awake at night – no matter our industry.

If you want to skip ahead to see the MITRE ATT&CK eval round 2 results visualized in an easy-to-configure Kibana dashboard, check it out here.