CNAPP Security: Cloud Native Application Protection Platform

CNAPP Security: Cloud Native Application Protection Platform

According to Gartner, manual integration is the most common method of integrating different security tools to streamline DevOps. By consolidating capabilities, security teams are freed from manual correlation and investigation between several, disparate point products. And comprehensive visibility leads to better identification, assessment, prioritization, and adaptation to risks in cloud native applications. Ok, good for them, you may be thinking, but how does this help me? DevOps and CNAPP Think of it this way: the…

Read More

Cryptojacking Attacks Target Alibaba ECS Instances

Cryptojacking Attacks Target Alibaba ECS Instances

Cryptojacking Attacks Target Alibaba ECS Instances Workload Security Discover how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero. By: Alfredo de Oliveira February 04, 2022 Read time:  ( words) Cryptojacking attacks continue to increase. Unlike ransomware, cryptojacking cybercriminals make their money staying silent and undetected, leeching the computer power from their target to mine valuable cryptocurrency. Cryptomining can cause serious downtime for developers by draining the enterprise’s processing…

Read More

IaC: Azure Resource Manager Templates vs. Terraform

IaC: Azure Resource Manager Templates vs. Terraform

Infrastructure as code (IaC) is the process of configuring infrastructure through code instead of manually. A manual process requires operators and system administrators to configure any changes to the infrastructure. Using IaC, DevOps teams can store the infrastructure configuration code and application code in a centralized repository. IaC ensures consistent and more secure deployment. By avoiding error-prone manual configuration and deployment, security standards and policies are easier to maintain. And, DevOps engineers can improve scalability…

Read More

What is Cloud Native?

What is Cloud Native?

As businesses have moved to the cloud and adopted new cloud services, the architectures and methodologies for building software have had to mature to meet these new demands. According to Gartner, “more than 70 percent of companies have now migrated at least some workloads into the cloud.” We can expect this momentum to continue due to COVID-19, which changed the way businesses operated. The term “cloud native” has grown in popularity, but it has mixed…

Read More

How to Detect Apache Log4j Vulnerabilities

How to Detect Apache Log4j Vulnerabilities

How to Detect Apache Log4j Vulnerabilities Network Security Explore how to detect Apache Log4j (Log4Shell) vulnerabilities using cloud-native security tools. By: Nitesh Surana January 27, 2022 Read time:  ( words) In my previous blog, I reviewed how to detect Apache HTTP server exploitation from vulnerabilities in October. Weirdly enough, I wrote that article before the Apache Log4j (Log4Shell) news broke in December 2021. So I’m back to write about how to detect the infamous Log4j vulnerability (CVE-2021-44228) that…

Read More

Microservice Security: How to Proactively Protect Apps

Microservice Security: How to Proactively Protect Apps

Microservice Security: How to Proactively Protect Apps Serverless Security Microservices are growing in popularity—how can development teams embed seamless security into the entire pipeline? Fernando Cardoso, solutions architect at Trend Micro, breaks it down for you. By: Melanie Tafelski, Fernando Cardoso January 19, 2022 Read time:  ( words) Microservices Overview As many organizations moved to serverless functions to maximize agility and performance in the cloud, microservices became the new go-to design architecture for modern web…

Read More

Analyzing DevSecOps vs. DevOps

Analyzing DevSecOps vs. DevOps

PEOPLE Many organizations think DevOps is all about tools, but in actuality, strong leadership and culture are vital to its success. Gartner research found that through 2023, 90% of DevOps initiatives will fail due to the limitations of management approaches used by leadership. Shifting to the “assume breach” mindset Seems impossible, right? In his CloudSec 2021 session, Microsoft DevOps Architect Davide Benvegnu, discussed how his engineering team (focusing on Microsoft Azure DevOps) changed their mindset….

Read More

Apache Log4j: Mitigation for DevOps

Apache Log4j: Mitigation for DevOps

Apache Log4j: Mitigation for DevOps Cloud Native What can DevOps teams do to mitigate Apache Log4j risks? Explore how to secure your apps for today and against future vulnerabilities. By: Melanie Tafelski January 05, 2022 Read time:  ( words) What is Apache Log4j? You’ve most likely heard of the critical flaw CVE-2021-44228, discovered in the popular Java-based library, Apache Log4j. Nicknamed Log4Shell, it impacts numerous Apache projects, including Druid, Dubbo, Flink, Flume, Hadoop, Kafka, Solr, Spark,…

Read More

Top 5 DevOps Resource Center Articles of 2021

Top 5 DevOps Resource Center Articles of 2021

Top 5 DevOps Resource Center Articles of 2021 Cloud Native We look back on the 5 most popular DevOps Resource Center articles in 2021 to help you build at your best in 2022. By: Melanie Tafelski December 29, 2021 Read time:  ( words) 2021 Cloud Security Roundup 2021 was yet again an active year for security and development teams. And as Apache Log4Shell dominates the news, the need for effective, proactive cybersecurity continues to grow….

Read More

2022 Cybersecurity Trends for DevSecOps

2022 Cybersecurity Trends for DevSecOps

How many articles have you read that started with some variation of “the COVID-19 pandemic accelerated digital transformation?” This concept isn’t new, but you may be wondering how these sudden changes will impact security. We’ll explore Trend Micro Research’s predictions for 2022 and the impact on DevSecOps—the cultural approach that helps you build secure apps as quick as you can say “the COVID-19 pandemic accelerated digital transformation.” Cybercrime in the cloud Due to the sudden…

Read More
1 5 6 7 8