Security and Observability for Cloud Native Platforms Part 3

Monitoring and observability are essential for Kubernetes runtime security, i.e., protection of containers (or pods) against active threats once the containers are running.
Monitoring is a predefined set of measurements in a system that are employed to detect the deviations from a normal range. Kubernetes can monitor a variety of data types (Pod logs, Network flow logs, Application flow logs and Audit logs) and metrics (Connections per second, Packets per second, Application requests per second and CPU and memory utilization). These logs and metrics are utilized to identify known failures and provide detailed information to resolve the issue.

Read more...

The Complete Guide to Data Security for Omnichannel Retailers

The retail sector is rapidly digitizing. As consumers push for seamless online experiences, many retailers have embraced an omnichannel approach to marketing and sales. Retailers are considered omnichannel when they incorporate several different methods of shopping such as an online shop, a physical store and excepting phone sales. While this shift has many business advantages, data security for omnichannel retailers often falls short — and retail cyber attacks grow.
Omnichannel strategies aim to provide a consistent experience across in-store, social media and online shop interactions on all devices. Businesses employing them retain 89% of their customers, so omnichannel is quickly becoming the norm. However, these strategies’ cybersecurity challenges become more concerning as retail data security issues rise.

Read more...

Security and Observability for Cloud Native Platforms Part 2

There are several possible routes to attacking a containerized deployment, and one way to map them is to think of the potential attack vectors at each stage of a container’s life cycle.
The life cycle starts with the application code written by a developer. This code, as well as the third-party dependencies on which it relies, may contain flaws known as vulnerabilities. There are thousands of vulnerabilities that have been published, and if they exist in an application, an attacker may have the ability to exploit them. Examples of vulnerabilities are secret exposure and application (including CNF microservices) traffic in plane text, which can be intercepted and altered.

Read more...

Security and Observability for Cloud Native Platforms Part 1

This article comprises three parts. We first introduce what a cloud native platform is with a deep dive into Kubernetes (K8s), which is the most popular open-source solution to container orchestration. Then, we discuss the threat landscape and overall security framework for mitigating the corresponding risks. The last part of the article focuses on monitoring and observability using the extended Berkeley Packet Filter (eBPF) technology.

Read more...

The History of Hacking Part 2

So, we are at the second part of the history of hacking. If you missed the first part, you can find the article right here on Cybersecurity Magazine. Last time we looked at the Legion of Doom (LoD) and we’ll stick with them here at the start, because in the early nineties what became known as the hacker wars were raging! These wars were fought between members of the LoD and members of the Masters of Deception(MoD). This time it is about the story from the ’90s until 2010.

Read more...

Competing For Talent: How to Close the Cybersecurity Skills Gap

The cybersecurity sector is experiencing an unprecedented skills shortage and the bad news is that it is set to get worse. According to recent figures from the Department for Media, Culture and Sport (DCMS), there is an annual deficit of 14,000 entering the market which will lead to cumulative shortages. It is a situation further exacerbated by the Great Resignation which is seeing an exodus from the industry due to high stress levels and burn out rates, with more than a third tempted to quit their jobs.
There is particular demand for those in middle management or senior roles with three years of experience or more, according to the DCMS report, which is likely to cause problems for businesses over the next few years while new entrants hone their craft.

Read more...

Hackers History: Part 1

erm “hacker” was used as a term of honour for someone who was able to come up with creative solutions to programming problems. The term hacker changes from something positive to something negative during this period. This happens when a journalist gets the term changed after an interview. When exactly this happens, there is a lot of disagreement about, therefore I will refrain from giving a precise year. This is also the period when you start hearing the name Kevin Mitnick for the first time. He has been described far and wide in many places, including in a movie.

Read more...