IaC: Azure Resource Manager Templates vs. Terraform

IaC: Azure Resource Manager Templates vs. Terraform

Infrastructure as code (IaC) is the process of configuring infrastructure through code instead of manually. A manual process requires operators and system administrators to configure any changes to the infrastructure. Using IaC, DevOps teams can store the infrastructure configuration code and application code in a centralized repository. IaC ensures consistent and more secure deployment. By avoiding error-prone manual configuration and deployment, security standards and policies are easier to maintain. And, DevOps engineers can improve scalability…

Read More

3 Remote Work Security Tips for CISOs

3 Remote Work Security Tips for CISOs

Remote and hybrid work environments are here to stay, which means CISOs need to establish an effective security strategy for managing the expanding attack surface. Organizations can no longer afford (quite literally) to play catch-up with remote work security as ransomware cases and demands continue to rise. Greg Young, Trend Micro’s VP of cybersecurity and Mick McCluney, technical lead for Trend Micro Australia, explore how to create a resilient work from home (WFH) security strategy….

Read More

What is Cloud Native?

What is Cloud Native?

As businesses have moved to the cloud and adopted new cloud services, the architectures and methodologies for building software have had to mature to meet these new demands. According to Gartner, “more than 70 percent of companies have now migrated at least some workloads into the cloud.” We can expect this momentum to continue due to COVID-19, which changed the way businesses operated. The term “cloud native” has grown in popularity, but it has mixed…

Read More

How to Detect Apache Log4j Vulnerabilities

How to Detect Apache Log4j Vulnerabilities

How to Detect Apache Log4j Vulnerabilities Network Security Explore how to detect Apache Log4j (Log4Shell) vulnerabilities using cloud-native security tools. By: Nitesh Surana January 27, 2022 Read time:  ( words) In my previous blog, I reviewed how to detect Apache HTTP server exploitation from vulnerabilities in October. Weirdly enough, I wrote that article before the Apache Log4j (Log4Shell) news broke in December 2021. So I’m back to write about how to detect the infamous Log4j vulnerability (CVE-2021-44228) that…

Read More

Microservice Security: How to Proactively Protect Apps

Microservice Security: How to Proactively Protect Apps

Microservice Security: How to Proactively Protect Apps Serverless Security Microservices are growing in popularity—how can development teams embed seamless security into the entire pipeline? Fernando Cardoso, solutions architect at Trend Micro, breaks it down for you. By: Melanie Tafelski, Fernando Cardoso January 19, 2022 Read time:  ( words) Microservices Overview As many organizations moved to serverless functions to maximize agility and performance in the cloud, microservices became the new go-to design architecture for modern web…

Read More

Analyzing DevSecOps vs. DevOps

Analyzing DevSecOps vs. DevOps

PEOPLE Many organizations think DevOps is all about tools, but in actuality, strong leadership and culture are vital to its success. Gartner research found that through 2023, 90% of DevOps initiatives will fail due to the limitations of management approaches used by leadership. Shifting to the “assume breach” mindset Seems impossible, right? In his CloudSec 2021 session, Microsoft DevOps Architect Davide Benvegnu, discussed how his engineering team (focusing on Microsoft Azure DevOps) changed their mindset….

Read More

Organized Cybercrime Cases: What CISOs Need to Know

Organized Cybercrime Cases: What CISOs Need to Know

Organized Cybercrime Cases: What CISOs Need to Know Risk Management Jon Clay, VP of Threat Intelligence at Trend Micro, explores the latest Trend Micro Research covering Access as a Service (AaaS), an emerging business model selling all-access passes to other malicious actors. By: Jon Clay January 07, 2022 Read time:  ( words) What is access as a service? Recently, Trend Micro Research analyzed a new service offering, called Access as a Service (AaaS), in the…

Read More

Apache Log4j: Mitigation for DevOps

Apache Log4j: Mitigation for DevOps

Apache Log4j: Mitigation for DevOps Cloud Native What can DevOps teams do to mitigate Apache Log4j risks? Explore how to secure your apps for today and against future vulnerabilities. By: Melanie Tafelski January 05, 2022 Read time:  ( words) What is Apache Log4j? You’ve most likely heard of the critical flaw CVE-2021-44228, discovered in the popular Java-based library, Apache Log4j. Nicknamed Log4Shell, it impacts numerous Apache projects, including Druid, Dubbo, Flink, Flume, Hadoop, Kafka, Solr, Spark,…

Read More

Top 5 DevOps Resource Center Articles of 2021

Top 5 DevOps Resource Center Articles of 2021

Top 5 DevOps Resource Center Articles of 2021 Cloud Native We look back on the 5 most popular DevOps Resource Center articles in 2021 to help you build at your best in 2022. By: Melanie Tafelski December 29, 2021 Read time:  ( words) 2021 Cloud Security Roundup 2021 was yet again an active year for security and development teams. And as Apache Log4Shell dominates the news, the need for effective, proactive cybersecurity continues to grow….

Read More

Apache Log4j: Mitigating risks

Apache Log4j: Mitigating risks

Apache Log4j: Mitigating risks Risk Management Explore tactical measures and strategic guidance to mitigate ongoing risks caused by Apache Log4j (Log4Shell). By: William Malik December 23, 2021 Read time:  ( words) Apache Log4j (Log4Shell) poses serious challenges for IT teams. In this article, I’ll discuss various tactical measures to navigate the current situation and provide strategic guidance for what to do after the immediate crisis abates. The Problem Log4j is a very useful tool incorporated…

Read More
1 13 14 15 16 17