Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C … [Read more...] about Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons
Collecting Metrics from Windows Kubernetes Nodes in AKS
Windows applications constitute a large portion of the services and applications that run in many organizations. When moving to a Kubernetes-based architecture, there is a need to support these as well. Up until April 2020, the lack of container support within the Windows operating system left Linux container images as the only viable option for Kubernetes container deployment. … [Read more...] about Collecting Metrics from Windows Kubernetes Nodes in AKS
Elastic Stack 6.8.23 released with Log4j update
Version 6.8.23 of the Elastic Stack was released today. We recommend you upgrade to this latest version.The 6.8.23 patch release contains an updated version of Log4j (2.17.1) for both Elasticsearch and Logstash.For a full list of changes for each product, please refer to the release notes:6.8.23 release notesElastic Stack Source link … [Read more...] about Elastic Stack 6.8.23 released with Log4j update
Logz.io Now Fully PromQL Compatible
The popularity of Prometheus speaks for itself. The project doesn’t post official numbers, but there are at least 500,000 companies using this project today as one of the most mature CNCF projects – one that has over 40k Github stars as of the writing of this blog. And since Prometheus is highly interoperable, compatibility is key. This comes into play not only with the … [Read more...] about Logz.io Now Fully PromQL Compatible
Elastic Stack 7.16.3 released | Elastic Blog
Version 7.16.3 of the Elastic Stack was released today. We recommend you upgrade to this latest version.The 7.16.3 patch release contains an updated version of Log4j (2.17.1) for both Elasticsearch and Logstash.For a full list of changes for each product, please refer to the release notes:7.16.3 release notesElastic StackElastic Enterprise SearchElastic ObservabilityElastic … [Read more...] about Elastic Stack 7.16.3 released | Elastic Blog
Someone Like Me: A marketing leader finds support during her child’s transition
My first week at Elastic, I showed up to orientation and sat next to a trans woman with bright blue hair. That evening, at a welcome reception with executives all in casual attire, a male colleague arrived wearing a black skirt and combat boots. It was pretty obvious from Day 1 that Come as YOU Are was not lip service, it was truly part of our source code. As the years of my … [Read more...] about Someone Like Me: A marketing leader finds support during her child’s transition
Identifying beaconing malware using Elastic
The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain … [Read more...] about Identifying beaconing malware using Elastic
Investigate Log4Shell exploits with Elastic Security and Observability
OverviewFollowing the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted.In this blog, we expand on these initial posts and highlight how the combination of security and … [Read more...] about Investigate Log4Shell exploits with Elastic Security and Observability
Why it’s time for more CISOs to embrace DevSecOps
While nearly one in five companies say they are releasing code 10 times faster than in the past, more software means more security flaws, and greater opportunity for bad actors to take advantage of them. The faster pace and increasing risks highlight the need for IT leaders to get serious about embracing DevSecOps, a management approach that makes security a shared … [Read more...] about Why it’s time for more CISOs to embrace DevSecOps
Open Banking: Building customer trust through secure experiences
The rise of “Open Banking” has enabled banking customers to choose to share their previously inaccessible, locked down data with all sorts of third parties — from budgeting apps to mobile wallets, to peer to peer payment providers. This revolution has been a welcome boon for banks, customers, and financial services innovators alike. The ability to securely share access and … [Read more...] about Open Banking: Building customer trust through secure experiences