DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

The Latest Software Design and Architecture Topics

article thumbnail
Let the Oracle Database Operator for Kubernetes Do the Job
An introduction to OraOperator, the open source project that makes Oracle Database Kubernetes-Native.
Updated January 10, 2022
by Paulo Simoes
· 5,311 Views · 3 Likes
article thumbnail
Penetration Testing 101: A Beginner’s Guide to Ethical Hacking
In this article, you’ll learn what penetration testing is and why it is used. It also highlights the different types and approaches to penetration testing.
January 10, 2022
by Anish Roy
· 4,864 Views · 3 Likes
article thumbnail
Streaming Data Exchange With Kafka and a Data Mesh in Motion
Data Mesh is an architecture paradigm, not a single technology. This post looks into this principle to explore why no single technology is fit to build a Data Mesh.
January 10, 2022
by Kai Wähner DZone Core CORE
· 4,862 Views · 7 Likes
article thumbnail
API Prototyping with Postman
Postman can help you start building the core of your API-driven integration on both sides of the API—either as the provider or the consumer.
January 10, 2022
by Michael Bogan DZone Core CORE
· 11,469 Views · 8 Likes
article thumbnail
A Tentative Comparison of Fault Tolerance Libraries on the JVM
From a number of libraries implementing fault tolerance features on the JVM, this post will look at Microprofile Fault Tolerance, Failsafe, and Resilience4J.
January 10, 2022
by Nicolas Fränkel
· 3,470 Views · 5 Likes
article thumbnail
Using GraphQL Java With Spring
This blog post will cover how to use GraphQL Java within a Spring application that exposes an endpoint for clients to send queries to.
January 10, 2022
by Dan Newton
· 5,431 Views · 6 Likes
article thumbnail
How Zero Trust Will Change Incident Response
Image Source: Pixabay What Is Incident Response? Incident response involves responding to potential threats, such as unauthorized access to a corporate network. An event can be a sign of a breach or a false positive. However, it still requires investigation to determine the appropriate response. The goal of incident response is to detect and remediate attacks quickly. Organizations use incident response to minimize risks, respond promptly, and prevent breaches. An incident response plan is generally considered the first line of defense and, ideally, the last if it helps you prevent a breach or quickly block an attack. Here are the three main components of incident response: Incident response plan—a clear and concise plan that outlines how the organization responds to each type of security threat, providing detailed instructions and definitions of roles and responsibilities. Incident response team—security experts that work in-house or externally as third parties hired to protect the organization against various security threats. Incident response technology—supports the team in detecting, blocking, and analyzing threats. Some incident response solutions can also intelligently respond to threats. NIST Incident Response Steps The National Institute of Standards and Technology (NIST) drafted the Incident Handling Guide with guidelines for incident responders. Here are the four phases for incident handling outlined by NIST: Preparation—the incident response team must have a well established incident response plan indicating who is responsible for each part of incident response and how to deal with specific types of incidents. Detection and analysis—the cyber incident response team detects cyber incidents and collects relevant data, analyzing that data. They document and prioritize the incident when necessary before informing the appropriate authorities. Containment, eradication, and recovery—following an incident, the cyber incident response team must create and implement strategies to stop the attack, remove the threat and begin the recovery process. Post-incident activity—once an organization successfully resolves an incident, the team should go back to the first step and prepare for the next incident. Knowledge gained from each incident should inform the next preparation process, helping add new information or fine-tune processes. The NIST incident response guide suggests that preparing for incidents is an organization’s best defense. What is Zero Trust? Zero trust is a new approach to cybersecurity that secures an organization by doing away with implicit trust and continuously authenticating each stage of digital interaction. The “never trust, always verify” model informs the zero trust approach. This process works according to the premise that any user, resource, or asset is untrustworthy. Zero trust encompasses a set of principles, initiatives, policies, architecture, and frameworks. Here are characteristics of zero trust networks (ZTN): ZTN is an end-to-end functional solution that involves zero trust technology, policies, and systems designed to manage security. ZTNs are architected to manage security related to identities, credentials, identities, operations, access, hosting environment, endpoints, and infrastructure. A zero trust network deployment can have components that are cloud-based or on-premise. With a zero trust model, an organization must continually evaluate and authenticate all users before providing them with access to sensitive organizational data. Zero Trust and Incident Response Incident response is a critical organizational process used to detect cyber attacks and respond to them in a timely manner, preventing or minimizing damage to the organization. Zero trust networks provide new capabilities for incident responders. In the past, a security incident would require detailed investigation just to understand where the network was breached and how. In a zero trust environment, detailed information is available about suspicious access requests, and which individual user or device was involved in the incident. The following principles can guide incident response in a zero trust environment: Assume breach—the corporate network and insiders are not trusted. Focus on deterring violations and limiting incident damage for attackers already inside the network perimeter. Monitor identities, devices, applications, and data—a zero-trust network provides detailed information about these four elements with regard to any user request. When incident responders discover an incident, they can relate to the specific entities, applications and data involved. React to any anomaly—in a traditional network, incident responders received thousands of alerts, most of which were false positives. However, in a zero-trust environment alerts are much more focused and indicate a violation of network access rules, so they are more likely to indicate a real incident. Automated response—in a zero-trust environment, it is critical to put in place automatic detection and mitigation. Systems like zero trust network access (ZTNA) can detect anomalous access requests and automatically change network segmentation rules to protect sensitive systems. Automated response should provide a first line of defense, and deeper investigation can be carried out by human security teams. In a world of zero trust, security incidents will still happen. No technology can magically eliminate security threats. However, narrowing down the domain of trust will reduce the involvement of multiple resources in a single event. In other words, when an incident occurs, the smaller the trust area, the lesser the risk that other systems face. This enables faster detection, more efficient response, and greater confidence that a threat has really been eradicated. Conclusion In this article, I explained the basics of incident response and zero trust and explained how the zero trust revolution will impact how we defend computing systems: Assume breach mentality—an incident response process must take into account that attackers are already inside the secured perimeter. Visibility of devices and applications—in order to respond to security incidents, security teams must have complete visibility of the devices accessing corporate systems, and what applications, data or capabilities they are using. Continuous verification—the network must be able to continuously verify access attempts and any anomaly in verifications should be treated as a security incident. Automated response—in a zero trust environment, automated remediation is key to incident response, but it must be combined with human oversight and identification of root cause. I hope this will be useful as you adapt your organization’s security processes to a new zero trust environment.
January 10, 2022
by Gilad David Maayan
· 6,470 Views · 3 Likes
article thumbnail
Enterprise Architecture Governance: A Holistic View
A massive, in-depth look at architecture governance within modern enterprises.
January 9, 2022
by Dr Gopala Krishna Behara DZone Core CORE
· 21,915 Views · 10 Likes
article thumbnail
Why a Developer Should Be a Bit of a Cloud Engineer: The Need for Cloud Services
In this article, discover the importance for developers and programmers to know how to use cloud services as a part of current everyday reality.
January 8, 2022
by Kirill Kazakov
· 9,760 Views · 14 Likes
article thumbnail
Develop a Spring Boot REST API in AWS: PART 4 (CodePipeline / CI/CD)
Develop Spring boot REST API in AWS - PART 4/4 (CodePipeline / CI/CD)
January 8, 2022
by Boris Lam
· 9,508 Views · 6 Likes
article thumbnail
Raising the Bar on Security by Purging Credentials From the Cloud
In this post, dig into elemental cloud security challenges, such as a centralized native cloud-only model for identity verification and authentication.
Updated January 7, 2022
by Gene Allen
· 16,066 Views · 11 Likes
article thumbnail
What Is Zero Trust Security and Why Is It Necessary?
Zero Trust security systems are the impenetrable security we need today for robust products and services. Read about the principles that form the foundation.
January 7, 2022
by Jyoti Sahoo
· 7,811 Views · 5 Likes
article thumbnail
Virtual Reality and Augmented Reality in the Browser
This article about Progressive web apps is about implementing Virtual Reality (VR) and Augmented Reality (AR) with A-Frame.
Updated January 6, 2022
by Peter Eijgermans
· 32,320 Views · 8 Likes
article thumbnail
Getting Started With AWS Amplify
In this article, learn how AWS Amplify works and how to build and deploy an image gallery with user authentication, storage, and file upload capabilities.
January 6, 2022
by Kentaro Wakayama
· 6,743 Views · 3 Likes
article thumbnail
DevOps on AWS: Everything You Need to Know
AWS DevOps allows software developers to leverage AWS' Infrastructure as Code tools to speed up application and service delivery.
January 6, 2022
by Anthony Neto
· 11,761 Views · 5 Likes
article thumbnail
CockroachDB With Kerberos and Docker Compose
Today, we'll automate all the things with Docker and docker compose specifically to stand up a quick and repeatable environment to troubleshoot CockroachDB and Kerberos.
January 6, 2022
by Artem Ervits DZone Core CORE
· 5,682 Views · 3 Likes
article thumbnail
Kubernetes Hardening Tutorial Part 1: Pods
In my previous articles, we discussed Kubernetes security and enhancing K8s. Today, we'll get a deeper understanding of Kubernetes Pods security with this first tutorial.
January 6, 2022
by Tiexin Guo
· 5,893 Views · 6 Likes
article thumbnail
Improving Performance With SQL Aggregate Functions
SQL aggregate functions helped me take the performance of my backend application to the next level and avoid the bottlenecks that were slowing it down.
January 5, 2022
by Antonello Zanini
· 5,165 Views · 2 Likes
article thumbnail
Batch Processing in Go
Batching is commonly used to split a large amount of work into smaller chunks for optimal processing. Here, look at two ways to batch process in Go.
January 5, 2022
by Priyanka Nawalramka
· 24,277 Views · 5 Likes
article thumbnail
Is Spring Boot Still State of the Art?
In this post, I'll take a closer look at whether the application framework Spring Boot is still relevant in modern Java-based application development.
January 5, 2022
by Ralph Soika
· 10,556 Views · 16 Likes
  • Previous
  • ...
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • ...
  • Next
  • RSS
  • X
  • Facebook

ABOUT US

  • About DZone
  • Support and feedback
  • Community research

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 215
  • Nashville, TN 37211
  • [email protected]

Let's be friends:

  • RSS
  • X
  • Facebook
×