Blog Feed Post

6 Kinds of Tools You Need In Your Security Stack

Modern Security Monitoring: Which Tools Should Be in Your Stack?

The approach you take when it comes to security monitoring needs to be completely different when you manage cloud-native or containerized applications, because troubleshooting and resolving security incidents quickly using traditional tools isn’t feasible in such a complex environment.

With that in mind, here are some tools that can help you perform effective security monitoring in a cloud-based or containerized environment.

Container monitoring tools

Image scanning tools: Container images are central to Docker security. Publicly available images can introduce vulnerabilities to your system, and it’s essential to validate every container image used. Docker Hub provides basic image scanning features. For more control over the process, you could opt for the more robust Docker Trusted Registry (DTR) that can work even behind a firewall. Additionally, there are many third-party image scanners like Quay and GitLab Container Registry. Whichever image scanning tool you choose, it’s important to keep a tight rein on the kind of images that are allowed in your stack. Always opt for official repositories wherever possible, and if you have to use unverified images, ensure they’re always scanned thoroughly.

End-to-end container monitoring tools: These tools don’t just scan images, they also secure every layer of the Docker stack, including the kernel, networking, orchestration tools, and access control. Tools like Twistlock integrate with container security tools across the board and consolidate container monitoring in one place.

Cloud monitoring tools

Tools like Threatstack, Signal Sciences, and Evident.io are solutions that power intrusion detection and security monitoring across your web applications and cloud environment. These tools can handle the fast changes of public cloud environments and help you mitigate risk by providing visibility and helping you meet compliance requirements.

Open source monitoring tools

Open source monitoring tools are a staple of any monitoring suite. Their features are purpose-built for cloud-native applications, and their vibrant developer communities ensure they’ll stay around.

Calico is a network security tool for containers. Instead of providing a single firewall for the entire network, Calico secures each instance with a firewall. This way, even if one service or pod is compromised, the others still remain secure. Calico lets you define your network security using policies. It gives just enough access to services to enable them to complete their tasks, and then revokes that access.

The ELK stack needs no introduction as a log analysis solution. ElasticSearch, the database component of the stack, provides distributed storage and analysis of log data. With automatic failover for shards, and parallel processing of queries, the ELK stack is built for scale. As you scale your usage, maintaining the ELK stack can become more difficult, but you can opt for a managed service for ELK where the vendor takes care of the maintenance of the stack so you can focus on your logging.

Prometheus is one of the hottest open source monitoring tools today, and this is largely due to its deep integration with Kubernetes. It automatically discovers Kubernetes components like pods, services, containers, and nodes. It includes an Alerts Manager that provides basic management of alerts and notifications. For advanced alert management and response orchestration, it integrates with platforms like PagerDuty.

Log analysis tools

Managing the ELK stack on your own can be tedious—especially ensuring sharding happens seamlessly once you hit the limits on your nodes. In this case, cloud-based log analysis solutions like Splunk or Sumo Logic may be just what you need. These solutions leverage machine learning to glean predictive insight from log data. They also integrate well with other monitoring tools.

Incident management tools

With the complexity of your stack, there’s a constant inflow of reporting data about every component. This can get overwhelming, and cause you to lose important alerts in all the noise. This is where it’s essential to complement all other security monitoring tools with an incident management solution like PagerDuty.

PagerDuty integrates with a wide variety of monitoring tools and consolidates all their metrics in one place. It lets you apply powerful automation rules for alerts to both reduce false positives while ensuring that the right people are always notified of events requiring attention. In an incident, you need to engage the right people immediately on the status of your stack in real-time, and that’s what PagerDuty enables.

ChatOps tools

In firefighting situations, you’ll need to collaborate with others. Previously, this was done via email, or a ticket management system, but today, communication tools like Slack, HipChat, and Flock are leading the way in facilitating team collaboration during incidents. They also enable chatbots that generate a steady stream of machine-generated data right within their chat interfaces. With integrations like PagerDuty’s Slack integration, you can sync actions across your ChatOps interface and your incident management solution, to collaborate and resolve incidents even faster.

As you secure your cloud-native applications, take a best-of-breed approach to DevSecOps and your incident lifecycle. Many tools provide unique functionality but make sure the ones you choose play well with other tools.  Not only will you maximize your horsepower in detecting issues, you’ll also have the right data at your fingertips when it matters most.  

The post 6 Kinds of Tools You Need In Your Security Stack appeared first on PagerDuty.

Read the original blog entry...

More Stories By PagerDuty Blog

PagerDuty’s operations performance platform helps companies increase reliability. By connecting people, systems and data in a single view, PagerDuty delivers visibility and actionable intelligence across global operations for effective incident resolution management. PagerDuty has over 100 platform partners, and is trusted by Fortune 500 companies and startups alike, including Microsoft, National Instruments, Electronic Arts, Adobe, Rackspace, Etsy, Square and Github.

Latest Stories
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his general session at 18th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Part...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
"Venafi has a platform that allows you to manage, centralize and automate the complete life cycle of keys and certificates within the organization," explained Gina Osmond, Sr. Field Marketing Manager at Venafi, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
For far too long technology teams have lived in siloes. Not only physical siloes, but cultural siloes pushed by competing objectives. This includes informational siloes where business users require one set of data and tech teams require different data. DevOps intends to bridge these gaps to make tech driven operations more aligned and efficient.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...