In this post, I will describe in detail how to use the Threat Intelligence plugin that ships with Graylog. I’ll start with the steps necessary to prepare your data, then explain how to activate the feature and how to configure it for use.

SIEM solutions are a must-have in any organization’s security toolkit. They allow you to analyze events from your network, gain actionable insights into network activity, and detect and mitigate data breaches and other security incidents, all while remaining compliant with regulatory mandates. Log360 is ManageEngine’s comprehensive SIEM offering that helps organizations meet a wide range of auditing, security, and compliance needs.

CFEngine provides the services promise type to manage the state of a given service. services type promises are an abstraction of agent bundles, they can be used to declare the desired state for a collection of things identified by a name. Most commonly services type promises are used to manage standard operating system services though they can be used for abstracting other logical states.

Gartner has been a thought leader in the SIEM space for the last few years. Gartner’s Magic Quadrant is considered one of the top market research reports on SIEM’s capabilities and vendors. Very recently, I attended the 2019 Gartner Security & Risk Management Conference, and based on thousands of conversations Gartner has had with their clients, they have a good vantage point on the SIEM space this year.

Early adopter enterprises across verticals such as Retail, Manufacturing, Oil & Gas are looking to incorporate containers and Kubernetes as a way of modernizing their applications. Choosing k8s as a standard ensures that these applications can be deployed these on different data center infrastructures (bare metal/VMware/KVM on OpenStack etc) or on public clouds (AWS/Azure/GCP etc).

A critical vulnerability in Evernote’s Web Clipper Chrome extension recently allowed hackers to steal data present in active web sessions. Web Clipper, an extension that allows users to save screenshots of webpages, emails, images, articles, etc., had a vulnerability that provided hackers with easy access to the websites accessed by its 4.5 million users before it was fixed on May 31, 2019.

In the 20th century we were programmers. In the 21st century, developers. With the massification of telecommunications worldwide, operators began to help us in our work. That’s where the term DevOps (“developers” and “operations”) arose, which implies the concept of collaboration of both teams. But since change is the only constant, other practical considerations have forced us to see the entire forest instead of just a few trees.

We’ve discussed Magecart very frequently in recent months and it’s getting worse, with new attacks coming to light on a weekly basis. At RapidSpike, we are committed to raising exposure on these types of attacks and educating companies as to how they can effectively detect data breaches and reduce their exposure to them.

This is the third of a series of three articles focusing on Kubernetes security: the outside attack, the inside attack, and dealing with resource consumption or noisy neighbors. A concern for many administrators setting up a multi-tenant Kubernetes cluster is how to prevent a co-tenant from becoming a “noisy neighbor,” one who monopolizes CPU, memory, storage and other resources.

Over the last year, along with Kubernetes, Serverless computing platforms have acquired tremendous mindshare among the development community. As Serverless implementations begin to proliferate, I want to make the case that there are tremendous synergies to be gained by bringing both these paradigms together. Some of these benefits have been covered in previous posts. The majority of enterprises are embarking on their DevOps journey. Scaling such processes across a large enterprise is complicated.