Blog Feed Post

6 Kinds of Tools You Need In Your Security Stack

Modern Security Monitoring: Which Tools Should Be in Your Stack?

The approach you take when it comes to security monitoring needs to be completely different when you manage cloud-native or containerized applications, because troubleshooting and resolving security incidents quickly using traditional tools isn’t feasible in such a complex environment.

With that in mind, here are some tools that can help you perform effective security monitoring in a cloud-based or containerized environment.

Container monitoring tools

Image scanning tools: Container images are central to Docker security. Publicly available images can introduce vulnerabilities to your system, and it’s essential to validate every container image used. Docker Hub provides basic image scanning features. For more control over the process, you could opt for the more robust Docker Trusted Registry (DTR) that can work even behind a firewall. Additionally, there are many third-party image scanners like Quay and GitLab Container Registry. Whichever image scanning tool you choose, it’s important to keep a tight rein on the kind of images that are allowed in your stack. Always opt for official repositories wherever possible, and if you have to use unverified images, ensure they’re always scanned thoroughly.

End-to-end container monitoring tools: These tools don’t just scan images, they also secure every layer of the Docker stack, including the kernel, networking, orchestration tools, and access control. Tools like Twistlock integrate with container security tools across the board and consolidate container monitoring in one place.

Cloud monitoring tools

Tools like Threatstack, Signal Sciences, and Evident.io are solutions that power intrusion detection and security monitoring across your web applications and cloud environment. These tools can handle the fast changes of public cloud environments and help you mitigate risk by providing visibility and helping you meet compliance requirements.

Open source monitoring tools

Open source monitoring tools are a staple of any monitoring suite. Their features are purpose-built for cloud-native applications, and their vibrant developer communities ensure they’ll stay around.

Calico is a network security tool for containers. Instead of providing a single firewall for the entire network, Calico secures each instance with a firewall. This way, even if one service or pod is compromised, the others still remain secure. Calico lets you define your network security using policies. It gives just enough access to services to enable them to complete their tasks, and then revokes that access.

The ELK stack needs no introduction as a log analysis solution. ElasticSearch, the database component of the stack, provides distributed storage and analysis of log data. With automatic failover for shards, and parallel processing of queries, the ELK stack is built for scale. As you scale your usage, maintaining the ELK stack can become more difficult, but you can opt for a managed service for ELK where the vendor takes care of the maintenance of the stack so you can focus on your logging.

Prometheus is one of the hottest open source monitoring tools today, and this is largely due to its deep integration with Kubernetes. It automatically discovers Kubernetes components like pods, services, containers, and nodes. It includes an Alerts Manager that provides basic management of alerts and notifications. For advanced alert management and response orchestration, it integrates with platforms like PagerDuty.

Log analysis tools

Managing the ELK stack on your own can be tedious—especially ensuring sharding happens seamlessly once you hit the limits on your nodes. In this case, cloud-based log analysis solutions like Splunk or Sumo Logic may be just what you need. These solutions leverage machine learning to glean predictive insight from log data. They also integrate well with other monitoring tools.

Incident management tools

With the complexity of your stack, there’s a constant inflow of reporting data about every component. This can get overwhelming, and cause you to lose important alerts in all the noise. This is where it’s essential to complement all other security monitoring tools with an incident management solution like PagerDuty.

PagerDuty integrates with a wide variety of monitoring tools and consolidates all their metrics in one place. It lets you apply powerful automation rules for alerts to both reduce false positives while ensuring that the right people are always notified of events requiring attention. In an incident, you need to engage the right people immediately on the status of your stack in real-time, and that’s what PagerDuty enables.

ChatOps tools

In firefighting situations, you’ll need to collaborate with others. Previously, this was done via email, or a ticket management system, but today, communication tools like Slack, HipChat, and Flock are leading the way in facilitating team collaboration during incidents. They also enable chatbots that generate a steady stream of machine-generated data right within their chat interfaces. With integrations like PagerDuty’s Slack integration, you can sync actions across your ChatOps interface and your incident management solution, to collaborate and resolve incidents even faster.

As you secure your cloud-native applications, take a best-of-breed approach to DevSecOps and your incident lifecycle. Many tools provide unique functionality but make sure the ones you choose play well with other tools.  Not only will you maximize your horsepower in detecting issues, you’ll also have the right data at your fingertips when it matters most.  

The post 6 Kinds of Tools You Need In Your Security Stack appeared first on PagerDuty.

Read the original blog entry...

More Stories By PagerDuty Blog

PagerDuty’s operations performance platform helps companies increase reliability. By connecting people, systems and data in a single view, PagerDuty delivers visibility and actionable intelligence across global operations for effective incident resolution management. PagerDuty has over 100 platform partners, and is trusted by Fortune 500 companies and startups alike, including Microsoft, National Instruments, Electronic Arts, Adobe, Rackspace, Etsy, Square and Github.

Latest Stories
Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams. In his session at 22nd Cloud Expo | DXWorld Expo, Daniel Jones, CTO of EngineerBetter, will answer: How can we improve willpower and decrease technical debt? Is the present bias real? How can we turn it to our advantage? Can you increase a team’s effective IQ? How do DevOps & Product Teams increase empathy, and what impact does empath...
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that's no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, explored how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He expla...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, discussed how given the magnitude of today's application ...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
You know you need the cloud, but you're hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You're looking at private cloud solutions based on hyperconverged infrastructure, but you're concerned with the limits inherent in those technologies. What do you do?
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
Recently, WebRTC has a lot of eyes from market. The use cases of WebRTC are expanding - video chat, online education, online health care etc. Not only for human-to-human communication, but also IoT use cases such as machine to human use cases can be seen recently. One of the typical use-case is remote camera monitoring. With WebRTC, people can have interoperability and flexibility for deploying monitoring service. However, the benefit of WebRTC for IoT is not only its convenience and interopera...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone inn...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He also discussed the evaluation of communication standards and IoT messaging protocols, data...
Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in order to protect your data and privacy, IoT applications need to embrace Blockchain technology for a new level of product security never before seen - or needed.