The security staff is often the most unappreciated members of a workforce. It is a problem that seems to be at the root of its failings. With the exponential growth of networks and the increasing number of breaches, it is clear that security is a pressing issue. However, there is a lack of awareness and understanding surrounding the imperfections and limitations of security measures. It is essential for organizations to elevate awareness, forge a cohesive internal culture, and invest in the right tools and training to support their security teams. Additionally, responsible packaging and marketing from vendors can help buyers make informed decisions. Ultimately, removing obstacles and valuing security specialists is essential for ensuring cyber resilience. Watch the delegates from the recent Security Field Day event explore this at a roundtable discussion.
Security Is Hard
In this article, Alex Neihaus acknowledges the difficulty and challenging nature of enterprise security. Calling attention to the recent delegate roundtable discussion at Security Field Day, Alex highlights the asymmetric nature of the battle, where securing an environment requires perfection while attackers only need to exploit a single vulnerability.
Grokking a Cosmos’ Worth of Logs
In this thought-provoking article, Alex Neihaus expresses his skepticism towards the concept of “big data” and highlights the challenges of managing and extracting actionable insights from massive amounts of operational logging data. He references Cribl’s product, Stream, showcased at Security Field Day, which intelligently eliminates data noise and selectively ingests log data into any destination. By reducing unnecessary data, Stream not only offers cost savings but also enhances the quality and accuracy of analysis, allowing organizations to focus on the most relevant security information within their logging data.
You Are Your APIs
In this article, Alex Neihaus discusses the emerging category of API security products and the potential security vulnerabilities posed by APIs. He highlights Noname Security’s product, which was outlined at Security Field Day 9. Alex is impressed with the capabilities of Noname’s API security solution, including its ability to analyze network traffic and categorize APIs based on public domain names. The post emphasizes the importance of API security in protecting businesses and encourages readers to consider adding API security to their security product arsenal.
Login…rinse…repeat
In this LinkedIn post, Alex Neihaus discusses the challenges faced by cloud infrastructure architects, engineers, and developers when it comes to managing access to hosts and databases. He highlights the convenience of storing credentials in insecure locations and the need for a more secure solution. Alex introduces HashiCorp Boundary, a cloud-native infrastructure access management tool presented at Security Field Day that combines scalable proxying and cloud-native network constructs to solve these challenges. He emphasizes its secure and auditable nature, as well as its open-source architecture, which allows for internal examination and trust in enterprise environments.
Is the Topic of Security “dry as Dust?”
In preparation for Security Field Day, Alex Neihaus refutes the notion that enterprise security is a dry and boring topic, emphasizing its criticality as the existential risk in enterprise computing. Alex promises to provide updates on what he sees and learns at Security Field Day, which can be followed on his blog and Twitter page.
VMware on AWS VPC Route Table Example
At Cloud Field Day this month, Alex Neihaus got a deep dive into VMware’s AWS integration. When this was first announced in 2016, he saw it as two walled gardens put next to each other. After the event, he’s beginning to see some portholes getting put in to see to the other side. Alex saw the presentation as confirming that VMware fundamentally perceives AWS as a hardware platform for its hypervisor, rather than a virtualization platform. He has a lot of interesting takeaways, so be sure to read the whole piece.
Sysdig for Cloud-Native Monitoring
At Cloud Field Day, Alex Neihaus saw Sysdig present on a fascinating system for monitoring and trouble-shooting cloud-native applications and the containers running them. They did this using their network-style approach to monitoring in the cloud, enabling them to get almost the same level of capture data a network capture would. Since capturing the packets lets you know everything about the applications, Alex found it an older approach but applied to the cutting edge of applications.
Meet Field Day Delegate – Alex Neihaus
There are a number of new delegates coming to Cloud Field Day next week, and we’re excited that Alex Neihaus is one of them. Before the event, be sure to get a little more detail about Alex’s background in this Meet the Delegates post from Gestalt IT. You can find out how Alex got started in IT, where he sees it going, even his first computer. It’s a great way to learn a little more about the faces around the delegate table at the event.
Alex Neihaus
Alex Neihaus is an AWS and Azure cloud infrastructure architect, cloud solutions architect and consultant.
