In a hyper-connected world, the threat landscape is undoubtedly evolving. Ensuring the security of your enterprise networks on a daily basis is essential to protect your business, no matter how big (or small) it is. According to SophosLabs’ 2019 threat report, one dangerous ransomware called SamSam cost companies $6.5 million ($10K to $50K per ransom).

In the midst of all the turmoil and debate around Open Distro for Elasticsearch, Elastic continues to produce, and last week announced both a new major release of the Elastic Stack — version 6.7 (and also the first release candidate for 7.0!). As usual, I’ve put together a brief overview of the main features introduced. One change I’ve applied this time is adding a comment for each feature detailing what license it falls under.

Spring has finally sprung! I realize that was a groaner, but new features are no joke – using them will simplify your troubleshooting process and open up time for all the cool tasks you want to do. Besides parsing logs, of course.

The ELK Stack (Elasticsearch, Logstash and Kibana) is the weapon of choice for many Kubernetes users looking for an easy and effective way to gain insight into their clusters, pods and containers. The “L” in “ELK” has gradually changed to an “F” reflecting the preference to use Fluentd instead of Logstash and making the “EFK Stack” a more accurate acronym for what has become the de-facto standard for Kubernetes-native logging.

Amazon EC2 is the cornerstone for any Amazon-based cloud deployment. Enabling you to provision and scale compute resources with different memory, CPU, networking and storage capacity in multiple regions all around the world, EC2 is by far Amazon’s most popular and widely used service.

In a previous post we looked at 6 key considerations to keep in mind when selecting a log management solution: data collection, search experience, scalability, security, advanced analytics and cost effectiveness. Hopefully, you’ve managed to use this list to finally select your solution. What now?

An important element of operating Kubernetes is monitoring. Hosted Kubernetes services simplify the deployment and management of clusters, but the task of setting up logging and monitoring is mostly up to us. Yes, Kubernetes offer built-in monitoring plumbing, making it easier to ship logs to either Stackdriver or the ELK Stack, but these two endpoints, as well as the data pipeline itself, still need to be set up and configured.

The threat landscape has become increasingly diverse and the systems used to attack are more sophisticated than ever before. In 2018, enterprises and organizations of all sizes and across all industries faced serious data breaches (information leaks were experienced by Aadhar —1.1B users; myFitnessPal —150M; Quora—100M; Facebook—29M and many more). One of the biggest victims was Marriot.

Logstash plays an extremely important role in any ELK-based data pipeline but is still considered as one of the main pain points in the stack. Like any piece of software, Logstash has a lot of nooks and crannies that need to be mastered to be able to log with confidence. One super-important nook and cranny is the Logstash configuration file (not the software’s configuration file (/etc/logstash/logstash.yml), but the .conf file responsible for your data pipeline).

Famed management thinker Peter Drucker is often quoted as saying, “You can’t manage what you can’t measure.” Tracking and analyzing data of a system provides metrics to measure, predict, and improve the underlining health of the system. Logging data is the simplest act of collecting data for measurement and plays an important role in modern enterprises, as it provides a way to measure the health of hardware devices and software applications alike.