Tag: continuous

Logging. Its the modern day tower of Babel. So I’m using an EFK (Elasticsearch, Fluent, Kibana) stack for log management. Its a common combination (don’t argue with me that logstash is better, its merely different). And as I’ve wandered down …

The rabbit-hole of log parsing: istio-proxy sidecar log routing and parsing with fluent-bit Read More »

Tagged with: , , ,

I’m doing a (guest) webinar for RootSecure¬†on Wednesday Oct 24th @ 11:00 EDT (Toronto) time. You can register¬†if you want to hear a bit about things that might surprise you as you migrate from a safe secure comfy closet to …

My upcoming webinar on security surprises in cloud migration Read More »

Tagged with: , , ,

Lets say you have a micro-services app. Its got a bunch of containers that you’ve orchestrated out with Kubernetes. Deployments, Pods, Daemonsets all over the place. Autoscaling. You are happy. Now it comes time to implement that pesky ‘security’ step. …

When your security tools cost more than the thing they protect Read More »

Tagged with: , , ,

So the other day I posted my pride and joy regex. You know, this one? ‘^(?<host>[^ ]*) – \[(?<real_ip>)[^ ]*\] – (?<user>[^ ]*) \[(?<time>[^\]]*)\] “(?<method>\S+)(?: +(?<path>[^\”]*?)(?: +\S*)?)?” (?<code>[^ ]*) (?<size>[^ ]*) “(?<referer>[^\”]*)” “(?<agent>[^\”]*)” (?<request_length>[^ ]*) (?<request_time>[^ ]*) \[(?<proxy_upstream_name>[^ ]*)\] (?<upstream_addr>[^ …

They got in via the logging! remote exploits and ddos using the security logs Read More »

Tagged with: , , ,

A lot of my background is telecom related. And one of the things telecom is very good at is alarm + fault management. Its an entire industry devoted to making sure that when something goes wrong, the right action happens …

The infinite uncertainty engine: what cloud can learn from telecom Read More »

Tagged with: , , ,