Operations | Monitoring | ITSM | DevOps | Cloud

Latest posts

SUNBURST Backdoor: What to look for in your logs now - Interview with an incident responder

Yesterday, FireEye published a report about a global intrusion campaign that utilized a backdoor planted in SolarWinds Orion. Attackers gained access to the download servers of Orion. They managed to infect signed installers downloaded by Orion users who had all reason to believe that the packages are safe and had not been tampered with. With this information out in the world, teams are scrambling to investigate if their environments are affected by this breach.

How to flatten the ITOM curve

As I sit here writing this blog, I can’t believe how much things have changed. No more chats in the hall or booking a conference room. With this pandemic, everything is virtual. My laptop and mobile are my lifeline. They are the only way I can work. I know I’m not alone. How many of you are reading this blog at the kitchen table—or, if you’re lucky, in your home office? And I suspect it’s not going to change any time soon. If ever.

ServiceNow leaders on 2020's most significant trends of the years

Reflect on 2020 and hear from ServiceNow leaders as they discuss some of the most significant trends of the year – from cybersecurity to customer and employee experiences – when the global health crisis is creating new realities for all of us. Take a fresh look at the trends shaping what’s next in the workplace. Industry Trends in Vulnerability Response with Dr. Larry Ponemon Today’s cybercriminals are tenacious, well‑funded, and smart.

Partner With Splunk on Our Data-To-Everything Journey

As we approach the end of an unpredictable year, it’s a good time to reflect on the ways data has made a positive impact. Data is helping stop human trafficking with Global Emancipation Network, connected relief resources during crises with NetHope, and saved lives during wildfires with Zonehaven. And with our powerful partner ecosystem, and the arrival of the Data Age, there is so much more we can accomplish together.

Rancher: Kubernetes Master Class: Declarative Security with Rancher, KubeLinter, and StackRox feat. StackRox

As companies adopt containers and Kubernetes to accelerate application development, they're wrestling with securing this new attack surface. Fortunately, the declarative, immutable nature of Kubernetes environments provides inherent security opportunities, and Kubernetes itself offers a broad set of native controls. However, these protections are not enabled by default, and many organizations are learning both the infrastructure aspects and the security aspects of Kubernetes in parallel.

Elastic: Operationalizing machine learning for SIEM

Unsupervised machine learning (ML) is a core capability for most security operations teams looking to implement an advanced threat detection or insider threat program. However, the deployment of ML can present adoption challenges for security teams. Unless they have in-house data scientists to develop and tune threat models and skilled threat hunters to investigate alerts and manually follow up on interpreting anomalous behaviors, teams may find themselves struggling to gain useful insights and operational value out of ML tools.

Elastic: Learn more from your logs with Elastic APM

When you're trying to troubleshoot and debug system behavior, logs only tell you one part of the story. Application performance monitoring (APM) and distributed tracing give logs much-needed context and timing information, link together the behavior of multiple components, and put logged events into a much broader context of observability. Learn how the Elastic Stack can help you enrich logs with metadata, link logs to metrics and traces, and use logs for visualizations and anomaly detection.

Remote troubleshooting made easy with Mobile Device Manager Plus

System administrators play a vital role in every organization’s IT department, and one of the key responsibilities they have is to troubleshoot employees’ devices in case of device issue or malfunction to prevent loss of productivity. With employees working from remote locations, especially now during the pandemic, troubleshooting can be challenging without the device being physically present.