April 2021

Featured Post

How the technology gap grew during 2020

Even before the emergence of a global pandemic that disrupted and catalysed modern workplace IT, IT professionals were under pressure. In a few years, many have learned to deliver more new technologies and advanced services than perhaps in the previous decade. Today's hybrid, distributed tech environments already pressured even senior admins to equip themselves with new skills to adapt to these changes and manage systems confidently.

Five worthy reads: Is DataOps the next big value driver in the analytics ecosystem?

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about DataOps, an interesting methodology that can help organizations fast-track their data analytics operations.


The Complete Guide of JMeter Controllers

In this blog post we are going to look at several JMeter Controllers, specifically: This is not an exhaustive list of controllers that JMeter offers but these once will give you a clear insight into how controllers are integral in defining load testing scenarios and how without them you will struggle to build complex and indicative load tests.


Accelerate Business Value with BPaaS Transformation and Low-code Automation Platforms

The COVID-19 pandemic has disrupted organizations around the world in many ways. Changing government regulations have created challenges for businesses and customers as they try to comply with mandates. As a result, customers have shifted their demands to digital channels for accessing goods and services. Business operations have also hit road bumps as their workforces may have decreased and/or have limited capacity working from home.

Product Training - Beyond Infrastructure Map & Monitor Critical Applications

SquaredUp’s Lead Solutions Engineer, Ashley Thompson, covers Enterprise Applications in depth, including availability tests, link monitoring, status messaging, and infrastructure mapping, and how to utilise Enterprise Applications to inform your service desk and beyond.

NiCE VMware Monitoring Adds Value 2021Q2

Virtualization is part of many IT environments and a very effective way to reduce expenses while boosting efficiency and flexibility. VMware monitoring using the NiCE VMware Management Pack for Microsoft SCOM enables you to ensure maximum performance and availability of your VMware vSphere and ESXi environments. The NiCE Management Pack enables insight beyond the virtualization layer and discovers how the virtualization configuration impacts your application services and end-user experience.

How a journey to the cloud helps a fintech leader deliver quality products

Securrency is a technology products company that delivers a complete suite of security and compliance tools. Their complex suite of financial technology needs to have top performance and security. Currently, Securrency has 50 developers working across their multiple software products and this software requires thorough testing. They have a dedicated QA team that does manual and automated testing.


The Application Blame Game - New Survey Reveals Troubling Trends in IT

Studies consistently show that a positive UX (user experience) drives revenue growth, repeat business and brand loyalty. Here’s a good example: in Robert Pressman’s book Software Engineering: A Practitioner’s Approach, he writes “For every dollar spent to resolve a problem during product design, $10 would be spent on the same problem during development, and multiply to $100 or more if the problem had to be solved after the product’s release.”


How to Handle Complexity in ISO 26262 Compliance Workflows

When you need to comply with functional safety standards like ISO 26262, you need to establish a compliance workflow. This is critical for both ISO 26262 semiconductor design and software design. In this blog, we breakdown how to handle complexity of semiconductor IPs in ISO 26262 compliance workflows.


Snyk & Intuit roundtable: Breaking silos, engaging with security and developer communities

I recently attended a Snyk roundtable with Intuit, and it was such a good session that I wanted to write a post sharing some of the insightful discussion and takeaways — starting with this great artistic impression of the session! As a TL;DR, here are my biggest takeaways from the session.


Guide to using Docker for your CI/CD pipelines

Docker is a platform for developers and sysadmins to develop, deploy, and run applications using containers. Docker is also referred to as an application packaging tool. This means that enabled applications can be configured and packaged into a Docker image that can be used to spawn Docker containers that run instances of the application. It provides many benefits including runtime environment isolation, consistency via code, and portability.

squared up

SquaredUp 5.1 is here

We are delighted to announce that SquaredUp 5.1 is now available! With this latest update, we are introducing new integrations and visualizations that extend the picture of your business services and applications by unlocking even more of your data that is trapped within silos. You can now get insights on your enterprise applications from any angle! These features are available in all our products, including our newest product Dashboard Server.


Why use a password manager?

Password managers protect your online logins. As more people are now working from home, issues of online security have made password managers an essential tool. It is too easy to fall into the habit of reusing the same password for multiple sites. Doing so is bad password hygiene. In this blog, we explore why you should use a password manager and what password hygiene is.

Free ITIL v4 training from ITIL 4 co-author Barclay Rae | ITIL4 implementation in non-IT areas | ESM

Learn about #ITIL4 and #enterpriseservicemanagement from one of the ITIL 4 architects and co-author on how to extend the scope of ITIL 4 beyond IT and best practices to benefit your organization. With the developments in ITIL 4 in recent years, organizations are now appreciating the real meaning of value “co-creation,” and the need for collaboration across organizations. So there is a lot of development and collaborative work taking place to synthesize and integrate work, tasks, and value streams across departments, teams, and functional groups—all well beyond IT.

Explainer Video: Splunk for Infrastructure Monitoring and Troubleshooting

Wherever you are in your cloud journey and whatever your environment looks like, Splunk can monitor the performance of all your servers, containers and apps in real-time. Get real-time observability for data from any cloud, any vendor, and any service. Try our free Infrastructure Monitoring Trial and see for yourself.

Self-healing E2E Tests with Healenium - SauceCon 2021

Do you want to spend less time on test maintenance and overcome the instability problems of end-to-end automated tests? With its self-healing capabilities, Healenium is an invaluable solution to overcome these challenges. During the session, EPAM Quality Architect Anna Chernyshova will show how, with a few updates to your Selenium script, you can adapt tests to deal with UI changes and fix issues with broken locators automatically.

Importance of Data Security For Mobile Healthcare Apps

Telemedicine or mobile healthcare apps are unquestionably important in our daily lives, as the world is increasingly shifting to an all-digital landscape. And when you think of the current pandemic scenario when social distancing and wearing masks are the new normal, nothing seems to be safer than using mobile health apps. But are we really safe while using these apps? Well, that brings us to the concern of being safe on the internet while using mobile healthcare apps.


The Top 4 Supply Chain Trends for 2021

In response to the many disruptions across supply chains over the past year, new trends are emerging and others are gaining more traction to help bolster resilience in this space. Organizations are pivoting operations, leveraging different resources, and taking advantage of new technologies to streamline their supply chain orchestration moving forward.


What You Missed at Aiming for Zero

In case you missed it, Netskope’s recent Aiming for Zero event was focused around how Zero Trust is more than just access controls and passwords—it’s a security concept that applies to all aspects of your network, your data, the applications you use, and the way you interact with them. If you missed the event and want to hear more about our deep dives int Zero Trust, there’s no need to worry!


How To Improve Workflow Productivity And Operational Efficiency?

Did you know that an average worker spends approximately 3 hours per 8 hour workday in personal or unproductive work? A significant amount of time is lost in repetitive or administrative tasks, which do not aid in increasing project productivity. Instead, they adversely impact employee satisfaction and efficiency by robbing substantial project time. As such, improving workflow productivity and efficiency has become a key challenge for organizations today.

See Inside the Datadog Platform

Datadog offers a single unified platform to monitor your infrastructure, applications, networks, security threats, UX, and more. For full visibility, you can seamlessly navigate between metrics, traces, and logs. Built-in machine learning tools, clear visualizations, and a companion mobile app make it easy to monitor growing environments. See inside any stack, any app, at any scale, anywhere.

Reasons Why Cloud Migrations Fail & Ways to Succeed

Organizations are moving big data from on-premises to the cloud, using best-of-breed technologies like Databricks, Amazon EMR, Azure HDI, and Cloudera, to name a few. However, many cloud migrations fail. Why? And, how can you overcome the barriers and succeed? Join Chris Santiago, Director of Solution Engineering, as he describes the biggest pain points and how you can avoid them, and make your move to the cloud a success.

End-to-End Observability Drives Great Digital Experiences

Mike Cohen, Splunk’s head of product management for network monitoring, joins theCube’s John Furrier for a conversation about how networks are an untapped source of data to help your organization achieve observability — and how to unlock that potential. Why understanding data flow and service interactions is key to understanding your systems Why distributed systems can cause extra troubleshooting issues — and what you need to know to fix them through network performance monitoring

Keeping Watch Over Microservices and Containers

Splunk Director of Product Management Craig Hyde joins theCube’s John Furrier for a conversation in the Leading With Observability series. They discuss the importance of digital experience monitoring, especially as the world sees a boom in remote, online business and increasingly complex technological infrastructures. Why starting with the end user in mind is critical for setting observability goals How full-fidelity end-end tracing impacts troubleshooting, to detect and alert in seconds

Under the Hood With Splunk Observability

Splunk Distinguished Architect Arijit Mukherji joins theCube’s John Furrier for a conversation about the value of having a holistic view of observability — and the right solutions — to help you achieve your business goals. Signs that your tool sprawl is becoming a big problem in dealing with the inherent complexities of modern IT environments Why full-fidelity ingest can be an observability superpower How real-time streaming analytics can improve MTTI and MTTR

Network Observability for Distributed Services

Mike Cohen, Splunk’s head of product management for network monitoring, joins theCube’s John Furrier for a conversation about how networks are an untapped source of data to help your organization achieve observability — and how to unlock that potential. Watch this segment of Leading With Observability on theCube to learn about addressing the gaps in your visibility, including: The ins and outs of monitoring metrics, distributed tracing and correlating logs with no management complexity

Un-Excuse-ing Upgrades

When we talk about upgrades here at SolarWinds, we spend a lot of time discussing the beneficial features, performance, and capabilities you can gain. That’s not by accident. The honest-to-goodness truth is, the most compelling reason to upgrade ANYTHING—from our phone to our game console to our monitoring software—is because we’ll be able to do something both new and useful to us.


5 Tips to Use Heroku and ETL to Automate Reporting

Heroku is a cloud platform as a service (PaaS) for efficiently building, deploying, monitoring, and scaling applications. Originally created to work with the Ruby programming language, Heroku is now part of the Salesforce platform and supports languages such as Java, Node.js, PHP, Python, and Scala. While Heroku makes it easy to develop production-ready applications fast, one question remains: how can you integrate your Heroku app data with the rest of your data infrastructure and workflows?


What is Threat Modelling? 10 Threat Identity Methods Explained

Threat modelling is a process for identifying potential threats to an organization's network security and all the vulnerabilities that could be exploited by those threats. Most security protocols are reactive - threats are isolated and patched after they've been injected into a system. Threat modelling, on the other hand, is a proactive approach to cybersecurity, whereby potential threats are identified and anticipated.


Managing Python dependencies for Spark workloads in Cloudera Data Engineering

Apache Spark is now widely used in many enterprises for building high-performance ETL and Machine Learning pipelines. If the users are already familiar with Python then PySpark provides a python API for using Apache Spark. When users work with PySpark they often use existing python and/or custom Python packages in their program to extend and complement Apache Spark’s functionality. Apache Spark provides several options to manage these dependencies.


How to build a CI/CD pipeline with Docker

I talk with many of my fellow engineers at conferences and other events throughout the year. One thing I like demonstrating is how they can implement a continuous integration/continuous deployment (CI/CD) pipeline into a codebase with very little effort. In this post I will walk through some demo code and the CircleCI config that I use in the demonstration. Following these steps will show you how to implement CI/CD pipelines into your code base.


Security Best Practices + Klocwork

Security best practices are essential to follow when installing any web-based application. Here, we outline the steps for setting up Klocwork, a static code analysis and SAST tool, for secure operations. This process is generally on-premises and behind a firewall. There should be additional precautions taken in the case of exposing anything on the internet. Read along or jump ahead to the section that interests you the most.


Dashbird becomes Gartner Cool Vendor 2021!

We’re officially cool! Dashbird is extremely proud to be named as a Cool Vendor by Gartner in Monitoring, Observability, and Cloud Operations in their 28 April 2021 report on “Cool Vendors in Monitoring, Observability and Cloud Operations”. “Dashbird provides a novel approach to observability for serverless applications that run inside an AWS environment.


SIEM Use Cases: Implementation and Best Practices

A security and information event management (SIEM) tool can be a valuable component of a mature security strategy. Indeed, effective SIEM solutions have been available for well over a decade. Organizations typically purchase SIEM tools expecting fast implementation and reliable security threat alerts that provide the intelligence required to respond promptly and prevent breaches. The reality is quite different.


Announcing support for the AWS managed Lambda Layer for OpenTelemetry

Datadog’s support of OpenTelemetry—a vendor-agnostic, open source set of APIs and libraries for collecting system and application telemetry data—has helped thousands of organizations implement monitoring strategies that complement their existing workflows. Many of our customers leverage OpenTelemetry for their server- and container-based deployments, but also need visibility into the health and performance of their serverless applications running on AWS Lambda.


Weekly Cyber Security News 29/04/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I don’t know about you, but I’ve always been wary of the risk of QR codes. Yes they are useful, but the risk of visiting a dodgy embedded URL without prompt goes against all we’re told. I’m pretty sure there have been issues in the past, but here is a new example.


Incident Response Alert Routing

You have identified a data breach, now what? Your Incident Response Playbook is up to date. You have drilled for this, you know who the key players on your team are and you have their home phone numbers, mobile phone numbers, and email addresses, so you get to work. It is seven o’clock in the evening so you are sure everyone is available and ready to respond, you begin typing “that” email and making phone calls, one at a time.


Monitoring for Success: What All SREs Need to Know

The last ten years have seen a massive change in how IT operations and development enable business success. From virtualization and cloud computing to continuous delivery, continuous integration, and rapid application development, IT has never been more complex or more critical to creating competitive advantage. To support increasingly Web-Scale IT operations and wide-scale cloud adoption, applications now operate as services.


Seamless Cloud account management - The Future of Qovery - Week #8

During the next two weeks, our team will work to improve the overall experience of Qovery. We gathered all your feedback (thank you to our wonderful community 🙏), and we decided to make significant changes to make Qovery a better place to deploy and manage your apps. This series will reveal all the changes and features you will get in the next major release of Qovery. Let's go!

Future of Data Meetup: Exploring Data and Creating Interactive Dashboards in the Cloud

In this meetup, we’re going to once again put ourselves in the shoes of an electric car manufacturer that is deploying a recently developed electric motor out into their new cars. We’re going to show how to explore some data that has been previously collected through various different sources and stored into Apache Hive within a data warehouse, with the goal of tracking down a specific set of potentially defective parts. We’ll then take the results of this data exploration and create an interactive dashboard that presents our results in a visually appealing way using a BI tool that’s integrated right into the same data warehouse.

Scaling Cypress, TestCafe, Playwright, and Puppeteer Tests on Sauce Labs = SauceCon 2021 Demo

In this demo Kunal Jain, Director of Product Management at Sauce Labs, will show you how to use new Sauce Labs capabilities to run your JavaScript tests at scale on Sauce Labs, while accessing test insights. In recent years, there’s been a shift towards JavaScript test automation frameworks. Today many Sauce Labs customers are using Cypress, TestCafe, Puppeteer, and most recently Playwright.

A Guide to AWS Certifications

If you’re interested in cloud computing, AWS certifications are one of the most rewarding paths to a dynamic career. As a worldwide leader in cloud infrastructure service, Amazon prepares certified experts who are highly sought after by IT organizations around the world. Did you know that 94% of organizations use a cloud service and 30% of their IT budgets are allocated to cloud computing?


Calligo moves up the Top 100 Solution Providers rankings in Canada

CDN’s annual ranking of the Top 100 Solution Providers in Canada places Calligo four places higher than last year, and is still the only one to place such emphasis on data’s intelligent use and continuous safety. Calligo was this week once again listed in Channel Daily News’ (CDN) annual Top 100 Solution Providers, rising up the rankings to 67th. The ranking is based on managed service providers’ (MSPs) 2020 Canadian revenue figures and is verified by the organisers.


The importance of creating a small business Cybersecurity plan

It’s estimated that cyber crime will cost businesses as much as $45,000,000,000 by 2025. Each year, small businesses who haven’t put a cyber security plan in place are at the mercy of hackers who are using ever increasingly sophisticated methods to breach their network, compromise their data - and even hold the business to ransom.


JFrog Expands APAC Presence To Support Growing DevOps Adoption

At JFrog, we’ve seen DevOps and DevSecOps adoption growing robustly in Asia-Pacific (APAC), as the region’s large enterprises recognize the competitive advantage and importance of DevOps and digital transformation. In fact, by 2025, up to 25% of Asia’s 500 largest companies will become software producers to digitally transform and maintain their A500 status, IDC predicts1.


Various Types of Software Bugs - Vol1

It’s been said that every line of code is a liability. We have to write code to create software, but every time we do we create the possibility of software bugs—or “bugs” for short. But what is a bug exactly? A bug is something that is either entirely wrong or not quite right with software. It can lead to wrong outputs or behaviors, or even crash the whole system.


7 Ways SRE Is Changing IT Ops And How To Prepare For Those Changes

SRE best practices are disrupting and catalyzing change in the ways organizations approach IT Operations. In this blog we look at 7 ways SRE is bringing this transition. ‍Site Reliability Engineering is a new practice that has been growing in popularity among many businesses. Also known as SRE, the new activity puts a premium on monitoring, tracking bugs, and creating systems and automations that solve the problem in the long term.


Covea Insurance drives customer service innovation with ServiceNow

The insurance sector is incredibly competitive and tightly regulated, so being able to provide great customer service is vital to success. And having the right technology is imperative to delivering quality service. At Covéa Insurance, the UK arm of France’s top mutual insurance group, we provide commercial, motor, high-net worth, property, pet, and protection insurance to more than 2 million customers.


How to monitor Microsoft SQL Server with Prometheus

In this article, you will learn how to monitor SQL Server with Prometheus. SQL Server is a popular database, which is very straightforward to monitor with a simple Prometheus exporter. Like all databases, SQL Server has many points of failure, such as delays in transactions or too many connections in the database. We are basing this guide on Golden Signals, a reduced set of metrics that offer a wide view of a service from a user or consumer perspective.


Improve your AppSec program with the Synopsys partner ecosystem

Understand how the Synopsys partner ecosystem can help your organization address your software quality and application security challenges. To build secure, high-quality software in today’s challenging environment, organizations need world-class partnerships backed by industry-leading software quality and application security products and services.


Key Kubernetes Metrics and Resources to Monitor for Peak Cluster Performance

Monitoring is not easy. Period. In our guide to Kubernetes monitoring we explained how you need a different approach to monitoring Kubernetes than with traditional VMs. In this blog post, we’ll go into more detail about the key Kubernetes metrics you have access to and how to make sense of them. Kubernetes is the most popular container orchestrator currently available. It’s available as a service across all major cloud providers. Kubernetes is now a household name.


How To Secure Your SDLC The Right Way

The ever-evolving threat landscape in our software development ecosystem demands that we put some thought into the security controls that we use throughout development and delivery in order to keep the bad guys away. This is where the secure software development life cycle (SSDLC) comes into play. Organizations need to make sure that beyond providing their customers with innovative products ahead of the competition, their security is on point every step of the way throughout the SDLC.


Managing From Home: Running Software Teams in a Remote-First World

Working from home, remote-first, asynchronous work. There are many ways to describe our new way of professional life. Much has been explored from an employees point of view, but how do leaders and managers deal with the new situation? We have a look at the challenges and needs of software engineering leadership.

How to Monitor Zoom Network Performance | Obkio

Zoom’s popularity has skyrocketed over the past year. It’s not only an application that we use for convenience, but for many of us, we rely on it for everyday conversation VoIP Quality and unified communication applications, like Zoom, can be drastically impacted by poor network performance. So monitoring network performance helps you identify performance issues & improve your Zoom performance.

What's new in Grafana Enterprise Metrics 1.3, our scalable, self-hosted Prometheus service

We built Grafana Enterprise Metrics (GEM) to empower centralized observability teams to provide a multi-tenanted, horizontally scalable Prometheus-as-a-Service experience for their end users. The GEM plugin for Grafana is a key piece of realizing this vision. It provides a point-and-click way for teams operating GEM to understand the state of their cluster and manage settings for each of the tenants within it.


Confessions of a CISO

Ever wonder what really bugs a CISO. Well, do we have a story for you. In this Log’s Honest Truth podcast, presented in partnership with ITSP Magazine, Devo CISO JC Vega discusses the confessions of “Mr. T” (we disguised his face to protect his identity) a veteran CISO. Listen to the podcast. “Mr. T” faced three primary challenges: Next up, the confessions of “Mr. V,” a digital security and fraud director.


Solving 3 Common IT Challenges with Low-Code

In 2020, companies had just a few short months to transform the way they conducted business in response to the COVID-19 pandemic. IT had to find new, more efficient ways to deliver powerful software applications that would keep businesses running. At the same time, IT teams continued to deal with three key challenges that plague every company: 1. Lack of developers. 2. Lack of time. 3. Lack of alignment between business leaders and IT.


Search for files and document contents in Mattermost

Finding the right information in Mattermost is critical to work smarter and be more productive. Searching in Mattermost now finds both relevant messages and files in your team’s conversation history. Search will return results for attachments that match the file name or contain matching text content within supported document types. File search is available today in Mattermost Cloud and in Mattermost Self-Managed v5.35 (available May 16), with mobile support coming soon.


Threat Hunting Frameworks and Methodologies: An Introductory Guide

Creating an effective threat hunting program is among the top priorities of security leaders looking to become more proactive and build active defenses. Yet finding the right expertise to staff a hunt team remains a challenge, with 58% of respondents in a recent SecOps survey saying they felt their organization’s investigative skills and capabilities were in need of improvement.


How to Introduce More Empathy into Security Operations

Long before he was forced to reconcile his passion for the Boston Red Sox with a new love interest, or became the king of late night, Jimmy Fallon made the “IT guy” famous. As Nick Burns, “Your Company’s Computer Guy,” Fallon expertly (and hilariously) personified the brutish, condescending and dismissive IT admin we all fear, the person with simply no time for their perceived lowly technical knowledge and unsuspecting nature of the average end-user.


6 Steps to Getting Started With Observability

During my office hours, I frequently get asked for practical tips on getting started with observability. Often it’s from folks on teams who are already practicing continuous delivery (or trying to get there) and are interested in more advanced practices like progressive delivery. They know observability can help—but as individual contributors—they don’t sign the checks, so they feel powerless to help get their team started with observability.


Continuous integration for React applications using Jest and Enzyme

React continues to be the web framework of choice for many UI developers, second only to jQuery, according to Stack Overflow. It provides an intuitive model for building data-driven user interfaces, and efficiently updates the DOM when this data changes. React pairs nicely with Redux, which enables managing the data that React needs to render interfaces. Redux offers a predictable way to structure and update the data in those frontend applications.

squared up

Dashboard Server: Working with the SQL tile

In my previous blogs in the Dashboard Server Learning Path, we looked at working with the Web API tile and the PowerShell tile. In this instalment, let’s try the SQL tile. This tile will let you connect to any SQL database and run a SQL query straight from SquaredUp. This tile is also available in both the SquaredUp for SCOM and Azure products, so I have some familiarity with it already.

Learning to Learn by Teaching DevOps | Kat Cosgrove on 99 Percent Visible

I'm a Developer Advocate. That means that ultimately, my job is to teach people things. Over the last year and some change, I've given dozens of talks and workshops about DevOps, the majority of them educational in nature. The way I approach developer education has changed pretty radically over that period of time – more difficult for me in some ways, but better for my audience in every way. The assumptions I make are different now, and the way I communicate has changed, too.

Instana Customer Case Study: Immocloud Unlocks Observability to Modernize Real Estate

Immocloud is a new online solution that makes managing real estate more efficient by fully digitizing processes between tenants and landlords. Users of Immocloud are able to provide restricted access to tax and bank consultants, as well as a variety of other necessary landlord partners, such as cleaning services and maintenance. A variety of digital services are offered through Immocloud, including banking integrations, document management, as well as landlord-to-tenant communication tools.

Accelerating DevOps Using Cloud Native Technologies With AWS, Docker & JFrog

In this webinar we help you gain a deeper understanding of the benefits of migrating and modernizing applications from a monolithic architecture to microservices, in order to accelerate DevOps processes. We outline the efforts required to reach this stage of sophistication in application development and deployment.

Fast Forward Live: Few-Shot Text Classification

Join us for this month's Machine Learning research discussion with Cloudera Fast Forward Labs. We will discuss few-shot text classification - including a live demo and Q&A. This is an applied research report by Cloudera Fast Forward. We write reports about emerging technologies. Accompanying each report are working prototypes or code that exhibits the capabilities of the algorithm and offer detailed technical advice on its practical application.

Tripwire ExpertOps: Managed Cybersecurity and Compliance

Welcome to Tripwire's Security-as-a-Service solution. Tripwire® ExpertOps extends your staff with experienced security professionals who leverage your in-house team. You’ll see rapid time to value with your choice of multiple services that can reduce your security risks and simplify your policy compliance—all hosted on a cloud infrastructure. Tripwire ExpertOps includes software, ongoing consulting, professional services, and cloud infrastructure in a single subscription.

The essentials of central log collection with WEF and WEC

Last week we covered the essentials of event logging: Ensuring that all your systems are writing logs about the important events or activities occurring on them. This week we will cover the essentials of centrally collecting these Event Logs on a Window Event Collector (WEC) server, which then forwards all logs to Elastic Security.


Why customer service matters for fintech startups

Personal finance is so important to consumers that more than a third of Americans review their checking account balance daily. Meanwhile, the rise in popularity of financial technology solutions, (fintech), means that more people than ever can make life-changing money moves with a tiny computer in their pockets. In fact, Fintech startups have a real opportunity to transform how customers engage with the global economy, but the stakes are high.


Your Cloud Optimization Questions Answered! Here are our FAQs

We created a survey to ask our consumers about their cloud to gain insight into how we can provide the best possible solution to our customers. 270 people responded in the tech community of all different job titles and cloud providers. This survey gave us lots of valuable insight into how companies are using the cloud for their business and their pain points, which is where we come in.


The New Releases of Apache NiFi in Public Cloud and Private Cloud

Cloudera released a lot of things around Apache NiFi recently! We just released Cloudera Flow Management (CFM) 2.1.1 that provides Apache NiFi on top of Cloudera Data Platform (CDP) 7.1.6. This major release provides the latest and greatest of Apache NiFi as it includes Apache NiFi 1.13.2 and additional improvements, bug fixes, components, etc. Cloudera also released CDP 7.2.9 on all three major cloud platforms, and it also brings Flow Management on DataHub with Apache NiFi 1.13.2 and more.


Logz.io and the AWS Distro for OpenTelemetry

Amazon Web Services has announced enhanced support for the open-source distribution of the OpenTelemetry project for its users. AWS Distro for OpenTelemetry (ADOT) now includes support for AWS Lambda layers for the most popular languages and additional partners integrated into the ADOT collector. And one of those partners is Logz.io! Logz.io is happy to announce that our exporter is now included in the AWS Distro for OpenTelemetry.


Announcing Calico Enterprise 3.5: New ways to automate, simplify and accelerate Kubernetes adoption and deployment

We are thrilled to announce the availability of Calico Enterprise 3.5, which delivers deep observability across the entire Kubernetes stack, from application to networking layers (L3–L7). This release also includes data plane support for Windows and eBPF, in addition to the standard Linux data plane. These new capabilities are designed to automate, simplify and accelerate Kubernetes adoption and deployment. Here are highlights from the release…


Automation: How to Thrive Amid Remote Work Stress, Part 2

The remote work revolution is here to stay. But making the emotional pivot to make remote work pay off won’t be easy. So says Joe Kennedy, a Partner and Technology Consulting Leader with PriceWaterhouseCoopers (PwC). In the last episode of this two-part post, Kennedy reminded us that we’ve always had the capability to do remote work. He says that the challenge now is to find and fix the rough patches in our business processes to make work more efficient.

Create Security Labs Users from the Veracode Platform

In this video, you will learn how to create Security Lab users from the Veracode Platform. Veracode Security Labs provides interactive training labs that give developers practical security knowledge. Security Labs teaches security and application security (AppSec) skills through hands-on experience. The lab-based approach to developer enablement can improve the time it takes to resolve findings and help developers avoid introducing flaws into the code.

How NOT to take a side project to startup - Dev Matters S1E03

What side projects make terrible startups? What should you avoid when trying to make the transition? In this episode of Dev Matters, Don and his guest Dylan Etkin discuss side projects and lessons learned taking Sleuth from a side project to a startup. This episode was recorded in front of a live studio audience on Twitch.

Executive Order on Cybersecurity Is Imminent: It's Been a Long Time Coming

Following President Biden’s address to Congress last night in which he referenced cybersecurity as a priority twice, news is circulating today that the executive order on cybersecurity is imminent. This news comes as a much awaited and long overdue step towards creating standardization and structure around cybersecurity.


How To - Monitor Split Tunnel Traffic with Catchpoint

When the world transitioned to a remote workspace, one of the things that most of us figured out quickly was that some applications just don’t work well with corporate VPN. Video and voice applications, like Microsoft Teams, are essential to business operations. I wouldn’t want to add another point of failure that I’d need to troubleshoot if I didn’t have to.


Extinguishing our performance fires and rebuilding for the future

I stepped into the role of Head of Engineering for Bitbucket Cloud in late 2020, having served as one of the team's senior engineering managers for several years. It is an honor and a privilege to lead this team, and I couldn't be prouder of the hard work we've done and continue to do each day to make Bitbucket a world-class product empowering teams to build, test, and deploy software to millions of people around the world. It has been an eventful journey, and the past few weeks are no exception.


4 Major Capabilities of Automated Incident Management

Automated incident management ensures that critical events are detected, addressed and resolved in a fast, efficient manner. Automation allows incident management tools to integrate with each other and fosters instant communication across the systems. Automation tears down barriers across IT operations (ITOps) teams and ensures all departments are on the same page. Teams gain full visibility into incident status to verify that incidents are addressed by the relevant groups.

How to Improve Kubernetes Management and Administration with LogDNA

In this video, we will show how LogDNA helps DevOps teams using Kubernetes to consume, control and collaborate with logs. By providing value to data from every source, including Kubernetes, developers are empowered to leverage logs to ensure they can continue to accelerate development cycles, and Ops teams can easily onboard microservices teams without the need to modify their infrastructure.

Helix ALM vs. Doors Next

Helix ALM is an application lifecycle management tool, which includes requirements management, test case management, and issue management. It is applicable across a broad range of methodologies, including modern agile practices, traditional waterfall development, or a hybrid approach. Because it encompasses a broad scope of records and team activities, Helix ALM specializes in end-to-end traceability and configurable workflows.


Q&A from the Moogsoft/Datadog Fireside Chat

On April 15th Moogsoft’s VP Marketing, John Haley, welcomed Datadog Product Manager, Alex Vetras, along with DevOps Institute Chief Ambassador, Helen Beal, and Moogsoft’s CTO, Dave Casper, for an informal roundtable exploring how users can now see rich-context incidents from across the full stack in minutes, and the opportunities this presents to organizations.

Fireside Chat with Jesse Robbins and Kolton Andrus Failover Conf 2021

Long before Chaos Engineering was even a phrase, Jesse Robbins was Amazon.com's "Master of Disaster" using intentional failure to help the company become more reliable. Kolton Andrus (CEO at Gremlin), sits down with Jesse to learn more about his early work with GameDays, the evolution of reliability, and where the future of SRE lies.

Fireside Chat with Ines Sombra and Ana Medina Failover Conf 2021

Reliability is a requirement for the modern internet. Ana Medina joins Inés Sombra, Sr. Director of Engineering at Fastly, to discuss their approach to resilience, how the past year has influenced the way they work, and what practices your engineering organization can adopt to become more reliable.

The Case for Cost Containment With Professional Services and Staff Augmentation

At the start of our enterprise cost containment series, Leon examined what cost containment is and why IT pros should care. Basically, you should care how your projects and work affect the business’s bottom line and should understand enough about it that you can communicate effectively with management. Even though you may not think about the business in this way most of the time, it directly affects your job.


Social Engineering: The Art of Human Hacking

In the beginning, social engineering was an art of social science. It is used to change people’s behaviour and make changes in society. It looks at a lot of groups, including government, media, academia and industries. Nevertheless, with the development of technology and people’s concerns about security, social engineering has started to be used. Cyber criminals use it to trick humans by using deceptive techniques or information that disguises their intentions.


Neither Cloud nor SaaS Will Deliver Your Data's Full Potential

Your data now resides in the cloud, and you’ve chosen SaaS providers that use their own products (or drink their own champagne, as I like to say). Does that mean you’re getting the full value from your data? No. Chances are high your data is still siloed. This time, the culprits are your SaaS providers who collect and store your data, thus limiting the analytics you can perform on it.


Marketing and Customer Communication Tools (External)

That’s why we’ve compiled a list of the best 25 communication tools for you and your team, so you can always stay in touch with each other and with your customers. These tools will help you handle team communication, manage your projects, and even automate customer communication. By the end of the article, you’ll know exactly which tools you should be using. Let’s get started.


Contextual analytics vs dashboards: What's the difference?

For 20 years, standalone BI tools have failed to penetrate more than 25% of the average organization, with most workers using them once a week, according to Eckerson Group. While many modern dashboards are sophisticated and user-friendly, they are still often accessed as standalone tools outside of line-of-business applications. This separation means it isn’t guaranteed that users will adopt BI, or gain insight from their data.


Rethinking external APIs

This blog post builds on the knowledge from my previous gRPC posts (Part 1: gRPC vs. REST, Part 2: A Breakdown of gRPC in Practice, and Part 3: Using gRPC in your Front End Application), however it can also be read as a standalone. More than a year has passed since we wrote the first line of code at StackPulse. Having previously used REST API, we wanted to use gRPC as our protocol of choice both for internal and external communication.


Virtual Reality Retail: Next-Gen Shopping Experience

Virtual reality retail experiences are transforming brick-and-mortar shopping. With the global augmented reality/virtual reality (AR/VR) market expected to reach 1.6 billion by 2021, there is massive potential to expand into virtual spaces. Creating a virtual shopping experience helps both retailers and consumers. It can reduce overall operating costs and offer immersive experiences for consumers to try and customize before they buy. So how can retailers build VR in retail?


Introducing Ably Asset Tracking - public beta now available

Over the past 18 months, as we’ve sheltered at home, the demand for global and last mile logistics, food delivery applications, and urban mobility services has skyrocketed. Realtime location data underpins much of the core value these applications and services provide. It enables delightful user experiences that make hungry end-users happy.


Developer Training Checklist: 5 Best Practices

The role of the developer has evolved over the past several years. Developers are not only responsible for writing code and releasing new software rapidly but also for securing code. By implementing security in the software development lifecycle, you can reduce risk and cost without slowing down time to production. But the developer role is already stretched so thin and many developers don’t have a background in security.


What Are AWS Lambda Triggers?

This is a basic introduction to Lambda triggers that uses DynamoDB as an event source example. We talk a lot about the more advanced level of Lambda triggers in our popular two-part series: Complete Guide to Lambda Triggers. If you want to learn more, read part one and part two. We’re going back to the basics this time because skipping some steps when learning something new might get you confused. It tends to get annoying, or it can even make you frustrated. Why?


5 Ways AI Is Changing B2B Marketing and Customer Support

Artificial Intelligence has had a massive influence on everything related to business. It’s not just the tech industry that has felt its impact, but also pretty much any other industry thanks to the versatility that is so characteristic of AI. Likewise, the B2B sector has also been affected by the spread of AI and its common usage by business owners and marketers alike.


Using Maths to Fight Financial Crime

Financial crime has become a red-hot topic over the last 12 months, as fraudsters have sought to exploit the monitoring gaps between people, process and technology across an ever-widening attack surface – driven by the growth in usage of remote (digital) channels. Even before its recent growth, the cost of fraud and financial crime was significant.


Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana. It's a project management tool that helps define, organize, track and manage work across teams, using a familiar kanban board view. We're currently in early-access beta, and are looking for feedback. So please download it today and let us know what you think. Focalboard is open source! Check out the source code here, and contribute to the future of this project.

Atlassian Open DevOps Overview Video

Software and DevOps teams have everything they need to develop, ship, and operate software in Atlassian Open DevOps, an development experience built on Jira Software.Open DevOps starts with Jira Software, Confluence, Bitbucket, and Opsgenie. Teams can easily add the tools they want, such as GitHub or GitLab, with a single click. In this video get an overview of Open DevOps and how it can supercharge your development.

Security Starts With People, Unfortunately.

One of the findings of our investigations pointed to a compromised account as a possible cause of the cyberoperation. While I was reading the results, I thought, “That could have been me. In fact, it could have been any of our employees,” and I began asking myself what I as an individual could do to increase the security of the company I’m working for. Let’s face it, most of the risk is produced by us humans and our behavior.


Using Coralogix to Gain Insights From Your FortiGate Logs

FortiGate, a next-generation firewall from IT Cyber Security leaders Fortinet, provides the ultimate threat protection for businesses of all sizes. FortiGate helps you understand what is happening on your network, and informs you about certain network activities, such as the detection of a virus, a visit to an invalid website, an intrusion, a failed login attempt, and myriad others. This post will show you how Coralogix can provide analytics and insights for your FortiGate logs.


JFrog and PagerDuty Extend Ecosystem Integration

JFrog and PagerDuty have deepened their technology integration to further boost IT operators’ and developers’ visibility into the software development lifecycle and accelerate incident resolution. The latest integration, which involves the JFrog Pipelines DevOps pipeline automation solution, simplifies and streamlines how to identify faulty builds that impact production environments.


Centralized Log Management for Multi-Cloud Strategies

The future of enterprise IT stacks is the cloud. In fact, according to a 2019 Gartner post, when we say “cloud infrastructure,” 81% of people really mean multi-cloud. Considering the analyst took this survey prior to the pandemic, we can safely assume that the number of companies with multi-cloud stacks is probably higher than this. Companies choose a multi-cloud strategy for a lot of reasons, including making disaster recovery and migration easier.


Are Software Developers Ready for Real-Time Payments?

Well, it’s official. The COVID-19 pandemic dramatically accelerated the digital economy, and there are no signs of letting off the gas. According to the U.S. Commerce Department, the COVID-19 pandemic resulted in a 44% increase in eCommerce sales from 2019 to 2020. Individuals increasingly prefer contactless payment methods – think holding up your phone to the credit card terminal – as a way to prevent the spread of coronavirus.


Have Your Say in the new Idea Portal

We’re excited to announce the launch of the all-new idea portal. A place where great ideas can grow, build support, and help shape the future of Auvik. The idea portal allows us to collect your suggestions while keeping you informed of what we’re working on, and what we’re planning to implement next. We can’t wait for your input!


Why Developers Should Care About Resilience

Recently, a friend reminded me of a joke we used to have when we were both developers at a huge software corporation (we won’t mention names, but back when printers were a thing, you probably owned one of theirs). We didn’t develop printers. We developed performance testing and monitoring tools. We were the dev team, which was completely separate from the QA team and from the Ops team (yes, I’m that old – we didn’t even call it DevOps back then).


Building CI/CD pipelines using dynamic config

Creating robust, manageable, and reusable functionality is a big part of my job as a CI/CD engineer. Recently, I wrote about managing reusable pipeline configuration by adopting and implementing pipeline variables within pipeline configuration files. As I showed in that tutorial, pipeline variables and orbs have added some flexibility to this process, but they are still a bit limited.


Introducing dynamic config via setup workflows

With the new release of dynamic config via setup workflows, CircleCI customers can now use jobs and workflows, not only to execute work but to determine the work they want to run. We built dynamic config because we know our users want more dynamism in the CircleCI build process. Historically, our platform has been very deterministic: the config is pre-set in a file based on the revision for a given pipeline.


Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass

The CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates. The kube-apiserver affected are: You are only affected by this vulnerability if both of the following conditions are valid: By exploiting the vulnerability, adversaries could bypass the Validating Admission Webhook checks and allow update actions on Kubernetes nodes.


Our $188M funding round fuels our mission to help customers confidently run modern cloud applications

Today, I am excited to share that we secured $188M in a new funding round, at a valuation of $1.19B (read more here). At the outset, I want to thank our employees, partners, investors and most importantly, our customers for this important milestone. The funding follows a year of unmatched innovation that led to accelerated revenue growth, installed base growth, and rapid community adoption of our open source projects.


The Simple Formula To Calculate SaaS Gross Margin

As the Software as a Service (SaaS) industry continues to grow, finding ways to win on gross margin becomes increasingly important. By finding sustainable strategies that either increase revenue or limit the cost of goods sold (COGS), SaaS companies can gain a competitive advantage and continue pursuing their broader growth objectives. While all SaaS brands want to be “profitable”, broadly speaking, there are many different ways to define what profitability actually means.

The Engineering Manager's Dilemma

In this talk, we’ll examine the trade-offs around adopting #BDD. While the benefits can be enormous, it doesn’t come for free, and it pays for everyone to be prepared to make this investment wholeheartedly, with your eyes open. We’ll explore some of the benefits people have enjoyed as they adopt BDD, and look at where the investment costs come, and how soon they start to amortize.

Standard Chartered Bank Embraces Digital Identity to Grow

Standard Chartered Bank is changing the future of banking by simplifying authentication for its customers --letting customers decide the best way to access their accounts and get things done, without jumping through extra hoops. In the ultra-competitive world of retail banking, customer service is the competitive advantage and identity is key. I recently had the pleasure of chatting with Alan Chiew, Executive Director and Head of Technology at Standard Chartered Bank.


Get instant Grafana dashboards for Prometheus metrics with the Elixir PromEx library

I have been using Grafana for almost four years now, and in that time it has become my go-to tool for my application observability needs. Especially now that Grafana allows you to also view logs and traces, you can easily have all three pillars of observability surfaced through Grafana. As a result, when I started working on the Elixir PromEx library, having Grafana be the end target for the metrics dashboards made perfect sense.


What Docker runtime deprecation means for your Kubernetes

On December 8, 2020, Kubernetes released version 1.20—the third and final release of the popular container orchestration platform in 2020. Kubernetes noted in a blog post that the version contained 42 enhancements. Of those enhancements, 16 entered into alpha, while the remainder moved to beta or graduated to stable at 15 and 11, respectively.


Introducing 2-way REST capabilities with Enterprise Alert 9

The REST API in Enterprise Alert 9 has now been extended with a 2-way functionality. This allows to call webhooks or REST endpoints from third party systems on alarm status changes (acknowledge, close). Thus, in Enterprise Alert 9, it becomes child’s play to establish a 2-way integration with almost any REST enabled third party system.


Selenium and Mobile Test Automation - Can Selenium Be Used for Mobile Testing?

Selenium is a tremendously popular automated testing tool for desktop, web applications. Testing on mobile devices is a major requirement that has grown exponentially in recent years. Why has the mobile testing requirement grown so much? The answer is pretty clear. Just look at how dependent each one of us has become on a mobile phone. Today mobile phones are as vital as breathing for us. That is the reason that going without a mobile phone for even a few hours seems impossible for us.


Enabling Oracle SSL/TLS Encryption

In our previous post on securing Oracle applications, we discussed how to enable Oracle Native Network Encryption for your client and server. In the conclusion however, we noted some of the shortcomings of using that security mechanism (potential for man-in-the-middle attacks, inability to control secure certificates, etc.). Here we begin to address those issues by instead enabling SSL/TLS encryption between the Oracle client and database.


Mattermost plugins: How to set up your developer environment

The goal of this four-part series is to help you learn how to write your own Mattermost plugins for the first time. To kick things off, this article teaches you how to set up your developer environment. My test computer is a five-year-old laptop with an Intel i5 processor and 4GB of RAM. You need at least 30GB of hard disk for this project. Of course, you’ll also need an internet connection. We start with a freshly installed Ubuntu 20.04. You don’t need to install the desktop environment.


Securing AWS Management Configurations By Combating 6 Common Threats

There’s a common misconception that cloud providers handle security, a relic leftover from hosting providers of previous decades. The truth is, cloud providers use a shared responsibility model, leaving a lot of security up to the customer. Stories of AWS compromise are widespread, with attackers often costing organizations many thousands of dollars in damages.


5 Best Security Practices for Remote Teams During Coronavirus and Beyond

Social distancing measures taken by responsible employers have greatly increased the number of employees working remotely. Even in the midst of this crisis, some companies and their employees can enjoy the objective benefits of not having to waste time and money on long commutes. At the same time, plenty of businesses really didn't have the structure in place to support a vast, full-time work-at-home workforce with the security or business processes they needed.


Enhanced customer experience: A conversation with Rogers Communications

The success of a modern business starts with recognizing the value of the customer and committing to provide a great experience. The best companies do this by putting respect and empathy at the core of every interaction. In today’s new era of work, delivering an enhanced customer experience has become increasingly connected with the employee experience. This creates new opportunities for organizations to drive stronger satisfaction for both parties simultaneously.


The Future of Work - Two Scary Statistics from Aternity's Webinar with 451 Research

Aternity recently sponsored a webinar with 451 Research, part of S&P Global Market Intelligence, on the future of work. Two scary statistics on the impact of end-user technology on employee engagement, satisfaction, and productivity were presented. This blog covers how Aternity helps organizations address the challenges of hybrid work environments.


Why Your Brand Protection Relies on Threat Intelligence?

Your brand is the image your customers have of your business; this is precisely what makes your brand into such a valuable asset. It’s no surprise that brand presence is increasingly shifting into the digital realm. And while digital transformation brings with it a whole new world of possibilities, the digitization of the brand also introduces new risks.


What Made SmartBear + Bugsnag a "No Brainer"?

Today marks a big day for two very successful companies, and I got the chance to sit down with SmartBear CEO, Frank Roe, and Bugsnag CEO and co-founder, James Smith. Tim: For those who perhaps haven’t already seen this morning’s press release, why don’t we kick things off by having you share this morning’s news. Frank: Sure, Tim.


SIEM vs Log Management

It now takes organizations 207 days to identify and 73 days to contain security breaches, according to IBM’s 2020 Cost of a Data Breach Report. That means the average “lifecycle” of an incident is a staggering 280 days — 7 months! Moreover, cybercrimes are becoming increasingly sophisticated and attackers are quicker than ever when it comes to finding cracks in corporate infrastructure.


Integrating Data to Build Emotional Health: How SU Queensland Uses Talend to Enrich Service Delivery

The mission statement is so direct and uncomplicated. SU Queensland, a non-profit organization based in Australia, is all about “bringing hope to a young generation.” The realities of delivering on this charter, of course, are multi-dimensional and complex.


Searching through logs with the free and open Logs app in Kibana

Log exploration and analysis is a key step in troubleshooting performance issues in IT environments — from understanding application slow downs to investigating misbehaving containers. Did you get an alert that heap usage is spiking on a specific server? A quick search of the logs filtered from that host shows that cache misses started around the same time as the initial spike.


Agent installation options for Google Cloud VMs

Site Reliability Engineering (SRE) and Operations teams responsible for operating virtual machines (VMs) are always looking for ways to provide a more stable, more scalable environment for their development partners. Part of providing that stable experience is having telemetry data (metrics, logs and traces) from systems and applications so you can monitor and troubleshoot effectively.


Cloud and Threat Report: Cloudy with a Chance of Malware

Cybercriminals are increasingly abusing popular cloud apps to deliver malware to their victims. In 2020, more than half of all the malware downloads detected and blocked by the Netskope Security Cloud platform originated from cloud apps. Cloud apps are commonly abused to deliver Trojans, with attackers attempting to exploit the trust placed in the app used for delivery. Increasingly, cloud apps are also abused for next-stage downloads, with attackers attempting to blend in with benign traffic.

New functionality for modifying server parameters in Pandora FMS

This video shows the new editor located in the Pandora FMS web console to be able to modify some parameters of the server configuration file. Do you need to monitor your services but you have less than 100 devices? In this video we will show you the available options Pandora FMS Lite 35 and Lite 70.

Combining Monitoring Approaches For Well-Rounded FIM | Tips & Tricks Ep.2

Traditional, agent-based monitoring from Tripwire® Enterprise brings best-in-breed file integrity monitoring (FIM) to your organization’s IT infrastructure. In regular practice, an agent is deployed to a supported operating system to facilitate asset monitoring. But how do you enforce FIM on operating systems that have reached their end-of-life for support, or endpoints that aren’t able to have agents installed?

Leaving the Nest: Guidelines, guardrails, and human error by Laura Santamaria Failover Conf 2021

When we talk about reliable systems, we talk a lot about human error. Human error in an incident or a bug report is often treated with a bit of a facepalm reaction. The term masks a lot of scenarios from accidents to exhaustion to everything in between. However, human error helps us understand where our processes failed and how we can prevent the same error from happening again. In short, we need to think in terms of a framework of guidelines and guardrails. In this short talk, let’s discuss how guidelines like runbooks and guardrails like automation can help us address the fact that everyone will, at some point, make mistakes.

Implementing DevSecOps in the DoD by Nicolas Chaillan Failover Conf 2021

Delivering software quickly and securely is important for every organization, but it's even more important at the US Department of Defence (DoD) where reliability directly impacts national security. Nicolas Chaillan (Chief Software Officer, US Air Force) will discuss the DoD Enterprise DevSecOps Initiative—an initiative he leads along with the DOD’s Chief Information Officer that brings automated software tools, services and standards to DoD programs. He'll also share about Platform One, the Air Force's DoD-wide DevSecOps Enterprise Level Service that provides managed IT services capabilities, on-boarding, support, and baked-in zero trust security. This insight from operating at the most rigorous level will help you level up your own organization.

Pragmatic Incident Response: Lessons learned from failures by Robert Ross Failover Conf 2021

Incident response is overwhelming. So where do you start? There's a lot of advice out there, but it's mostly theories that aren't taking reality into account. So how do you get a process in place that actually works and scales? In this session, FireHydrant CEO and Co-Founder, Robert Ross, will share quick stories from his experience as an SRE and what tips he’s learned along the way.

Whats Next for DevOps by Emily Freeman  Failover Conf 2021

For over a decade, the DevOps movement has been using cultural change to power technological transformation and help companies deliver better products faster and more reliably. While many organizations have embraced this change and reaped the benefits, it hasn't come without challenges and many more remain. In this session, Emily Freeman (author of DevOps for Dummies) shares what's next for DevOps and how it will impact your organization.

The Evolution of Observability and Monitoring panel discussion Failover Conf 2021

Observability and monitoring are critical to detecting and troubleshooting problems to build more reliable applications. As our systems become increasingly complex, our tools for getting this crucial visibility and the way we respond need to evolve too. We'll sit down with SRE leaders to discuss the processes they use to get the most insight into their applications, how they've increase the speed of detection and response, and what organizations need to do to stay on top of growing complexity.

The Evolution of Teams & Culture panel discussion Failover Conf 2021

The most successful organizations are the ones that embrace change and use it to become stronger and more resilient. In this panel discussion, we'll talk with engineering leaders about how they adapted to the challenges of 2020, what successes (and failures) they've seen, and where the future of reliable engineering teams is headed.

Business Software Testing Empowers Consumer-like App Experiences, According to Testlio's 2021 Industry Report

The State of App Testing 2021: Actionable testing insights from exclusive client data and case studies April 27th, 2021. Austin, TX and Tallinn, Estonia – Testlio today announced new market research and supporting industry best practices for business software testing. State of App Testing: Business Software leverages anonymized test records from Testlio clients in the business software industry to provide insights into testing practices.


Straight Talk, No Chaser: How to Jumpstart Your Hyperautomation Journey, Part 1

There’s no science to getting a good idea to spread, but it helps if you can get your idea across without the hype. Which is why automation expert Arjun Devadas talks about hyperautomation in terms a non-tech exec in any organization can understand. For example, Devadas talks about how insurance companies are using hyperautomation to process truckloads of documents to settle numerous claims.


How an Experience Level Agreement can Benefit your Business

The success of a business is dependent on two key components: a quality product/service that is being offered and a team that can market and communicate about that product/service effectively. However, that team needs to first be able to communicate with each other to brainstorm and strategize. With many businesses still working on a remote or hybrid model because of the global pandemic, digital communication has become an invaluable part of productivity.


Atlassian Open DevOps and Codefresh

Codefresh is excited to partner with Atlassian on their new Open DevOps launch. Codefresh is offering native support for connecting the two platforms and giving better visibility on deployments and features of each deployment for our mutual customers. At the heart of this integration is the Codefresh App; which can be found on the Atlassian Marketplace. Simply define Codefresh as the CI/CD partner that will connect to Atlassian’s DevOps API.


The Hidden Benefits of Compliance

If I were to ask you why you scanned for compliance at your company, I’d bet you’d tell me it was to help you pass requirements easier, to ensure that your audits are good on the first pass and so that you could troubleshoot technical issues with another process. You didn’t know about that last one? Wait, are you telling me you don’t know about the hidden benefits of compliance that you’re getting? Let’s talk.


Self-service support: Why companies need it and how to do it right

To offer superior support, customer service teams need their systems, tools, processes—and most of all—people to work in harmony. But in lieu of personalized service, self-service support is your stand-in, and it needs to be just as good as your agents. This harmonious approach is important because 69 percent of customers want to resolve as many issues as possible on their own using self customer service options, according to the Zendesk Customer Experience Trends Report.


Quick Demo: Ivanti UEM for Clients

Some of the many ways that malware, including ransomware, is commonly spread is through malicious attachments to business email, unsanctioned apps downloaded from third-party app stores, drive-by downloads via phishing and pharming attacks, employing brute-force tactics using Remote Desktop Protocol (RDP), and network propagation via SMB and CIFS sharing.


Mobile Devices are Ubiquitous, and so are Cyberattacks

We all like to enjoy untethered freedom, as is shown by the incredible growth of mobile devices we use every day for business and personal activities. We use mobile devices for buying products and services, and banking and investing. We download apps that allow us to connect with our favorite businesses and socially interact with friends and relatives.


Cloud Threats Memo: Beware Outsourced Cyber Attacks and Compromised Credentials

The trove of 1.3 million RDP credentials leaked recently is yet again proof that, In the underground economy, initial access brokerage is a flourishing market. Cybercriminals are outsourcing the initial access stage of the attack, so they can better focus on the execution and act more quickly.

Mobile App Development and Testing Done Right with TestFairy - SauceCon 2021 Demo

Mobile testing is complex. You need to test your apps across multiple devices in different environments, and account for the varied conditions experienced by real users in the field. This presents a big challenge for the mobile development and QA teams. Adding to that, being remote, by definition, makes it hard for developers to understand what happened on a mobile device before an app crashed or when things didn’t work as expected. Further, the increasingly quality-sensitive users make it imperative for the modern mobile development and testing teams to deliver a flawless mobile experience with every release.

Press Release: LogSentinel SIEM Named the Best Security Innovation at the 2021 DEVIES Awards Europe

28th April 2021 Naarden, The Netherlands – LogSentinel, the innovative next-generation SIEM provider, announced that its flagship product, LogSentinel SIEM, was recognized as the best innovation in security and networking at the annual European DEVIES awards. The official award ceremony was held last night as a part of the online DeveloperWeek Europe 2021 conference.


SIEM Deployment Remains Strategic in 2021

Some great new research coming out of the survey data published by 451 Research on Enterprise spending for Information Security. There have been more advanced ways of trying to implement security controls and avoid security issues by integrating security into the development or continuous integration and release pipelines. Despite that, there is still strong interest in using log and event data to manage the security posture of an organization in a SIEM solution.


Wandera recognized in Gartner's 2021 Market Guide for Mobile Threat Defense

We’re excited to share Wandera has been identified as a Representative Vendor in ‘Gartner’s Market Guide for Mobile Threat Defense’ (MTD) (Gartner subscription required). Wandera was the only vendor named in both the ‘Vendors That Offer All-Round Mobile Threat Defense Capabilities’ and ‘Vendors That Offer Network-Focused Mobile Security Capabilities’ categories.


10 Fivetran Competitors & Alternatives

As increasing aspects of business go digital, managing data has never been more crucial. According to Forbes, only one in four businesses has a "well-defined data management structure." If you’re looking to improve how you store, manage, and analyze your business data, it’s time to look at intelligent data integration tools. Fivetran is an ETL tool. ETL stands for "extract, transform, load".


Identify and Remediate Security Issues with Intelligent Risk Scoring

Today, having a strong data governance program is critical for many reasons: understanding and minimizing risk to sensitive data, maintaining security and trust, avoiding compliance fines, and empowering knowledge workers to be more effective at their jobs. The trouble is, if you don’t manage scope properly, and instead try to eat the proverbial data governance elephant all in one bite, you are setting yourself up for trouble.

Fostering Exceptional Microsoft 365 User Experiences

Enhanced visibility is crucial and to best meet current business needs requires an understanding of the level of satisfaction when using Microsoft 365. There is a growing demand to learn and know how users feel about the quality of their experience. Take a deep dive into the difference between Service Level Agreements and Experience Level Agreements and why the enhanced visibility is crucial to best meetyour current business needs.

Monitor cloud endpoint health with Datadog's cloud service autodetection

Your modern cloud-hosted applications rely on a number of key components—such as databases and load balancers—that are managed by the cloud provider. While these cloud resources can reduce the overhead of maintaining your own infrastructure, capturing and contextualizing monitoring data from services you don’t own can be difficult.


Launching RMM Central: A unified IT solution for managed service providers

We’re pleased to introduce ManageEngine RMM Central, a unified remote monitoring and management solution. Maintaining the IT infrastructure and systems of client networks is a herculean task for IT service providers. Multiple tools perform various capabilities in network management, be it maintaining or managing workstations, laptops, servers, and other networks.


Diagnosing latency: Lightstep vs. Jaeger

For many organizations starting out with distributed tracing, Jaeger is often the first tool used to ingest and visualize traces. It provides a way for developers to query for individual requests and see their behavior as they traverse all the services and operations to complete the request. As powerful as this is, it only provides a partial picture of your system’s performance because you are only able to visualize individual requests or at most compare two requests to each other.


DNS Load Balancing for Highly Available Enterprise WordPress Cluster

Scalability, high availability, and performance are fundamental to the success of a commercial product deployment. And if the workload includes multiple entry points for requests, it is important to properly set up smooth load balancing in order to achieve the required uptime and speed. One of the solutions in this case is to use a DNS service with origin servers health checks.


Priority on people - An argument against the excessive use of Cybersecurity technology

Despite what many advertisements and salespeople would like you to think, you don’t need to (and in many cases shouldn’t) spend a fortune on security tools to achieve a robust cybersecurity program. Some tools are essential, such as a ticketing tool or Security Information and Event Management (SIEM) system, but the best security programs are built off the employees that run the business.


Five Reasons to Use Catchpoint for Measuring Core Web Vitals

We are in this together. As part of our continuous efforts to meet customer expectations, we have recently added Core Web Vitals to our performance measurement programs. We are happy to share that these metrics are now a native part of the Catchpoint Platform. DevOps’ SREs, Platform Operations Engineers, and business and monitoring strategists alike will realize a series of key benefits from this addition.


GKE operations magic: From an alert to resolution in 5 steps

As applications move from monolithic architectures to microservices-based architectures, DevOps and Site Reliability Engineering (SRE) teams face new operational challenges. Microservices are updated constantly with new features and resource managers/schedulers (like Kubernetes and GKE) can add/remove containers in response to changing workloads. The old way of creating alerts based on learned behaviors of your monolithic applications will not work with microservices applications.


What is detection engineering?

Just as threat actors evolve their attacks and techniques, so too must security teams evolve their detection content. Detection engineering, therefore, is a life cycle that requires continual effort. However, when done well, detection engineering can reduce the mean time to detect and respond to a threat, as well as recover from a threat. Detection engineering is the process of identifying threats before they can do significant damage.


USMC Streamlines Provisioning and Cataloging with Appian

On March 5, 2021, the United States Marine Corps (USMC) launched the CATALYST application. The CATALYST application integrates the people, processes, and data involved in the USMC weapon systems repair, part provisioning, and cataloging. Provisioning and cataloging are critical logistics support processes. They help connect the iterative acquisition and logistics sustainment life cycle management processes for weapon systems and equipment.


Detectify Security Updates for 27 April

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.


Uncover How Your Employees Experience Their SaaS Applications in Real-Time

With employees depending on web applications every day, you can’t risk leaving anything to doubt when it comes to managing your IT estate. Although technology performance might appear “in the green” from IT’s perspective, how often are employees experiencing application outages or slowdowns you’re not aware of? Are they using that highly touted new app you rolled out – or avoiding it because of hidden usability problems?


Define, Reinforce and Track: Helping Develop Positive Cybersecurity Habits

Getting teams to improve security can be hard work, but it’s an important job that organisations must take seriously to protect an increasingly risky world. For this post, I wanted to explore some ways that an organisation or individual might start building a new security “habit” so that, in time, acting securely becomes automatic.


What's Changed in VMware vSphere 7 Update 2: All You Need to Know

VMware has recently released vSphere 7 Update 2, and there is a lot of new stuff to look out for. vSphere, VMware’s server virtualization product, has been an industry favorite for a long time. The vSphere 7 came out in April 2020, and this is so far the second update to it, hence the name. When you look at the changes they’ve rolled out, you’ll know that they are really focusing on some key areas. As a result, VMware infrastructure is getting pretty solid and modern.


Secure Elixir development with Snyk

We’re happy to announce support for Elixir, enabling development and security teams to easily find, prioritize and fix vulnerabilities in the Elixir and Erlang packages they are using to build their applications! Using the Snyk CLI, Elixir developers can now test and monitor their Mix/Hex projects manually or at key steps of their CI process, ensuring that known vulnerabilities are caught early on and before code is deployed into production.


Cable Companies Are Growing Up

Cable and Satellite companies in the US have emerged from a decade of acquisitions, consolidation and shakeout and are beginning to assert themselves as full service providers in the communications and media space. With Comcast just announcing its new suite of cellphone plans this month, and Charter, Altice and Dish ramping up their offerings, the Big Three in wireless – AT&T, Verizon and T-Mobile/Sprint – are looking over their shoulders.


What is Data Exfiltration and How Can You Prevent It?

Data security is key. Incidents of data exfiltration bring lots of unwanted attention to organizations and lead to reputational and financial losses. That’s why companies in various industries pay maximum attention to their cybersecurity measures and constantly enhance them. In this article, we define what data exfiltration is and how it’s performed. We also explore some recent examples of data loss and offer eight best practices that will help you prevent data exfiltration.


Getting Started with the Splunk Distribution of OpenTelemetry Java

Splunk Distro for OpenTelemetry is a secure, production-ready, Splunk-supported distribution of the OpenTelemetry project and provides multiple installable packages that automatically instruments your Java application to capture and report distributed traces to Splunk APM (no code changes required!), making it easy to get started with distributed tracing!


Flubot: The spyware being delivered by SMS

It has recently been reported that Flubot, spyware targeted at smartphones, has been spreading across the UK. The malware is being delivered via SMS, under the guise of a parcel delivery app, tricking users into downloading the malicious software. Network operators have said that millions of these malicious texts have already been sent across their networks, causing enough of a stir for the NCSC to issue remedial guidance.


Integrating a Cloudsmith repository with a Harness CD pipeline

In this blog, we will walk through the process of configuring a private Cloudsmith repository as an artifact source for a Harness Continuous Deployment pipeline. Harness is a Continuous Deployment platform that allows you to easily automate the deployment of your software to your infrastructure and environments.


FluBot: Malware as a Service Meets Mobile Phishing

Recently, Europeans were hit by an influx of SMS texts claiming to be package delivery notifications. It turns out these messages were orchestrated by threat actors seeking to distribute malicious apps laced with the banking trojan FluBot, also known as Cabassous. Once the victims download the malware, the app can intercept SMS messages, steal contact information and display screen overlays to trick users into handing over their credentials.

The Clear SHOW - S02E03 - Your Code == Feature Store

Ariel and T.Guerre discussing the reasoning behind features stores. Should you get one for your production pipeline? First time hearing about us? Go to - clear.ml! ClearML: One open-source suite of tools that automates preparing, executing, and analyzing machine learning experiments. Bring enterprise-grade data science tools to any ML project.

Announcing Services Discovery for tracking and improving service reliability

Gremlin helps teams proactively improve the reliability of their systems by running chaos experiments on infrastructure including hosts, containers, and Kubernetes clusters. But as microservice-based architectures and automated cloud platforms become the norm, engineers are shifting their focus from managing infrastructure to managing services. In order to keep these services as resilient as possible, they need tools that can help them find failure modes, reduce incidents, and improve availability.


Managing and troubleshooting Elasticsearch memory

Hiya! With Elastic’s expansion of our Elasticsearch Service Cloud offering and automated onboarding, we’ve expanded the Elastic Stack audience from full ops teams to data engineers, security teams, and consultants. As an Elastic support rep, I’ve enjoyed interacting with more user backgrounds and with even wider use cases.


Benchmarking Grafana Enterprise Metrics for horizontally scaling Prometheus up to 500 million active series

Since we launched Grafana Enterprise Metrics (GEM), our self-hosted Prometheus service, last year, we’ve seen customers run it at great scale. We have clusters with more than 100 million metrics, and GEM’s new scalable compactor can handle an estimated 650 million active series. Still, we wanted to run performance tests that would more definitively show GEM’s horizontal scalability and allow us to get more accurate TCO estimates.


How our Field Teams' Productivity Skyrocketed with our New AIOps Studio

Lately, I have seen fewer call outs from our field teams to our solution engineering team, and I was wondering what could be the reason? Sometimes, our field engineers approach our solution engineering team with advanced requests for data analysis, running what-if scenarios and assessing the quality of data and what new value can be gleaned by combining related datasets.


Cox Automotive Runs Robust Pipelines on Databricks with Unravel

Cox Automotive is a large, global business. It’s part of Cox Enterprises, a media conglomerate with a strong position in the Fortune 500, and a leader in diversity. Cox also has a strong history of technological innovation, with its core cable television business serving as a leader in the growth and democratization of media over the last several decades.


DevOps: Post-Mortem Reporting for Enhanced Operations

Migrating to a DevOps model of culture merges Development and IT Operations. This powerful unity enables organizations to release updates in smaller increments at a greater frequency. While this model reduces the risk of failure of an individual release and reduces the system development life cycle, it does not, however, necessarily decrease the number of incidents technicians need to respond to.


Why We Need to Rethink Authorization for Cloud Native

Companies have moved to cloud native software development so that they can increase development speed, improve product personalization, and differentiate their buyer experiences in order to innovate and win more customers. In doing so, enterprises have also redefined how they build and run software at a fundamental level.


Global Privacy Control has the potential to solve the consent banner problem

Data privacy regulation has made great steps toward protecting the privacy of people using web products, but it has come with user experience friction. Consent and disclosure banners are a solution for compliance, but they are not elegant. Browser makers, the W3C, and a group of participating organizations are working to fix that. The first step is a proposal called Global Privacy Control (GPC).


Why automation is critical for your software development

Automation, when done properly, can improve the productivity, quality, safety and security in your software development. Automation isn’t just a “nice-to-have” element of modern business. It’s a “must-have.” Companies simply can’t compete on multiple levels—quality, speed to market, safety, and security—if they rely on manual tools and processes.


9 Best Cloud Logging Services for Log Management, Analysis, Monitoring & More [2021 Comparison]

Log management stopped being a very simple operation quite some time ago. Long gone are the “good old days” when you could log into the machine, check the logs, and grep for the interesting parts. Right now things are better. With the observability tools that are now a part of our everyday lives, we can easily troubleshoot without the need to connect to servers at all. With the right tools, we can even predict potential issues and be alerted at the same time an incident happens.


How Your Network Became "The Bermuda Triangle" and How You Can Fix It

“Where’s your app? Where’s your data?” For a long time, if you needed to know where your applications or data were, the answer was clear: it was always either on-premises or in a branch. Universally, almost regardless of organization size, infrastructures were contained, and visible within a defined boundary—you have a data center, a network, a branch, a user.


How we revamped our end-user portal for accessibility

In one fell swoop, we embarked on what was at once fascinating and essential. To comply with accessibility standards, we decided to revamp the end user portal in its entirety. The word “revamp” is always fascinating. It allows us to add new and improved forms, structures, or appearances with a plethora of choices. We designed the new portal with accessibility in mind.


The Ultimate Guide to Security Awareness Training

The definition of security awareness is likely broader and deeper than your organization may realize. Security awareness aims to address one of the trickiest weak points in your organization: its people. Security awareness is intended to change behavior and reinforce good security practices among your employees and other third parties. In short, it should be a cultural change.


Why and when enterprises should care about Model Explainability

Machine learning models are often used for decision support—what products to recommend next, when an equipment is due for maintenance, and even predict whether a patient is at risk. The question is, do organizations know how these models arrive at their predictions and outcomes? As the application of ML becomes more widespread, there are instances where an answer to this question becomes essential. This is called model explainability.


3 Ways to Protect Your APIs With Kong Konnect and Fastly (Signal Sciences)

Fastly’s next-gen WAF (formerly Signal Sciences) integrates with Kong Konnect to block malicious requests to your services. Kong Gateway provides a robust and secure enterprise API management platform to front web traffic. In partnership, Fastly focuses on Layer 7 application security for that traffic. This article will explain how Kong Konnect and Fastly work together.


Improve Your CMDB for Business Outcomes with Application Dependency Mapping

A configuration management database (CMBD) is a centralized repository that stores information about all the significant entities in your IT environment. These can include your hardware, installed software applications, documents, business services, and even the people who are part of your IT system. The CMDB is designed to help you maintain and support the interrelationships between the configuration items (CIs) within a vast IT structure.

How Insider Threats and the Dark Web increase Remote Work Risks for Organizations

In our latest podcast, we take a deep dive into the gloomiest part of the internet, the “Dark Web” as we try to demystify everything we think we know. This is the realm of internet land where criminals and offenders can be found lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Join Dr. Christine Izuakor and a special guest from Equifax, Dr. Michael Owens as we unravel the Dark Web.

How Can Companies Integrate Ethical AI? | Splunk's Ram Sriharsha & Dr. Rumman Chowdhury

Organizations use AI to be more competitive, deliver better business outcomes and avoid falling behind. However, business leaders should know they pose their organizations’ serious risk if they do not comply with ethical standards. Leadership must enable teams to practice ethical business strategies, up-level talent strategy, and enable organizational resilience. Dr. Rumman Chowdhury and Ram Sriharsha, Head of Machine Learning at Splunk, discuss the challenges companies will face if they do not comply with ethical standards and how to solve for fairness and privacy.

Simon Stewart: Dopamine Driven Development - SauceCon 2021 Keynote

Software development can be a real grind, but one thing that makes it more bearable is the joy of a passing build. Not only is that green bar important when you're iterating on a feature, but it's normally a vital part of determining whether or not your software can be released. Getting to a green build as quickly as possible allows you to experience that joy of a passing build more frequently, and allows you to verify that the next release is good more quickly than your competitors. It's a vital building block as we move towards Continuous Deployment.

The Remote HR Department: Best Practices to Manage Employees from a Distance

Not only are HR departments charged with developing and implementing pandemic safety protocols, onerous budget and personnel reductions, and the rapid transition to remote work, but they must also support a workforce that’s stressed out, less productive, and off-site. This problem predates the pandemic, but it’s taking on renewed importance as companies fight to thrive in an increasingly digital environment.


Insider Threats and the Dark Web increase Remote Work Risks

The “Dark Web” is often portrayed as a gloomy realm of internet land where you can find criminals and offenders lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Furthermore, the continuous embracement of remote work has led to an unexpected shift in the way the dark web is being used today.


How to deploy an application on Friday

No one likes giving their weekends up to fix release issues. Developers and operations teams are traditionally hesitant to make changes or deploy applications on a Friday, in case something goes wrong and they have to spend their weekend making emergency fixes. Or worse, trying to roll back changes that were made. However, with a strong set of practices and a reliable deployment pipeline, there should be no reason why a deployment cannot happen anytime — even on a Friday afternoon.

Introducing Datadog in 45 seconds

Datadog offers a single unified platform to monitor your infrastructure, applications, networks, security threats, UX, and more. See inside any stack, any app, at any scale, anywhere. Get started with a free 14-day trial: datadog.com