A Deep Dive into Zero-Day Vulnerability Alerts with New Relic APM

A Deep Dive into Zero-Day Vulnerability Alerts with New Relic APM

Empowering Developers with Real-Time Security Insights and Proactive Vulnerability Management Amidst the ever-evolving landscape of cybersecurity, the recent revelation of a zero-day vulnerability in Fortinet’s FortiOS serves as a stark reminder of the constant cat-and-mouse game between defenders and attackers. Staying ahead of potential security threats isn’t just a best practice; it’s a necessity. For developers, the challenge lies not only in identifying vulnerabilities but in doing so proactively, especially when it comes to zero-day exploits. In this blog post, we’ll explore how New Relic application performance monitoring (APM) empowers developers to create zero-day vulnerability alerts, offering a robust solution to enhance security postures without the need for extensive scanning. ...

February 23, 2024 · 7 min · 1352 words · Harry Kimpel
Using .NET Aspire eShop application to collect all the telemetry

Using .NET Aspire eShop application to collect all the telemetry

Learn how to collect all the telemetry from the .NET Aspire eShop application and send it to an OpenTelemetry backend such as New Relic .NET Aspire is the new kid on the block when it comes to an opinionated, cloud-ready stack for building observable, production-ready, distributed applications. Having a built-in dashboard for the monitoring data is nice during development. But how do you configure OpenTelemetry correctly to send it to an observability backend? This is what this blog post is all about. And you’ll also learn how to send custom attributes by leveraging OpenTelemetry SDKs. ...

February 9, 2024 · 6 min · 1168 words · Harry Kimpel
Getting Started with OpenTelemetry: Zero-Code Instrumentation, Custom Signals, and the Collector

Getting Started with OpenTelemetry: Zero-Code Instrumentation, Custom Signals, and the Collector

“Instrumentation” is one of those words that gets thrown around constantly in the observability world - but what does it actually mean, and how does it work in practice? I’ve run this as a hands-on workshop several times, and what I find most effective is starting from first principles: build a tiny app, make it produce telemetry, and watch what comes out. By the end you understand why the pieces fit together the way they do. ...

January 18, 2024 · 8 min · 1690 words · Harry Kimpel
How to monitor Microsoft 365: Observing AD FS

How to monitor Microsoft 365: Observing AD FS

A practical guide to Active Directory Federation Services for a resilient Microsoft 365 ecosystem In our previous blog on how to monitor Microsoft 365 (M365), we delved into service overviews and the critical importance of synthetic user login monitoring. In this blog, we set our sights on a core component that forms the backbone of secure identity and access management: Active Directory Federation Services (AD FS). As organizations increasingly migrate their operations to the cloud, ensuring the robustness of identity and authentication mechanisms becomes paramount. AD FS plays a pivotal role in this landscape, acting as the linchpin for seamless and secure single sign-on (SSO) experiences within the M365 ecosystem. ...

November 27, 2023 · 7 min · 1484 words · Harry Kimpel
How to use CodeStream—and shift left your observability practice

How to use CodeStream—and shift left your observability practice

Your adventure in the world of observability, performance optimization, and security begins here. In the fast-paced world of software development, the quest for smoother, more efficient applications feels like a never-ending adventure. But in this adventure, it’s not about slaying dragons or uncovering hidden treasures; it’s about ensuring your code performs seamlessly and your users are happy. As a developer, I’ve faced the challenges of reactive observability, where we typically identify and resolve issues only after they’ve disrupted our applications. It’s a scenario that’s all too familiar for many of us. Adding New Relic CodeStream to your tool inventory can help rescue your team from a perilous fate and bring their observability game to a new level. ...

October 31, 2023 · 8 min · 1577 words · Harry Kimpel
How to monitor Microsoft 365: Getting started

How to monitor Microsoft 365: Getting started

One of the most popular and widely adopted business tool suites is Microsoft 365 (previously known as Microsoft Office 365) or just M365 for short. M365 offers a comprehensive array of applications and services, including email, document collaboration, video conferencing, and more, all hosted on the cloud. M365 provides numerous benefits in terms of flexibility and accessibility, but it also introduces new security, performance, and compliance challenges. This is why monitoring M365 applications is critically important for organizations of all sizes. Monitoring M365 applications is essential in helping businesses maintain a secure, efficient, and compliant digital environment. ...

October 17, 2023 · 9 min · 1774 words · Harry Kimpel
How to use IAST to prove exploitable vulnerabilities within your first-party code

How to use IAST to prove exploitable vulnerabilities within your first-party code

Enabling a true “shift-left” in software security by empowering DevOps and security teams to work together In some recent articles I shared how you as a developer can add security to your skillset by using New Relic capabilities. I also dug deeper into ways on how to mitigate hidden security risks of open source software libraries. Both of these blogs focused on third-party code and how it can impact the security of your software applications. In this article I will focus on the security of your own custom code, i.e. the code that you write yourself. ...

July 31, 2023 · 11 min · 2189 words · Harry Kimpel
Mitigate the hidden security risks of open source software libraries

Mitigate the hidden security risks of open source software libraries

Check your source code for any vulnerable libraries and start mitigating these issues Open source software libraries have become an integral part of modern software development. They are widely used by developers to accelerate the development process and reduce costs. On average, open source libraries make up 70-90% of an entire software application. However, the use of open source libraries also comes with hidden security risks that could potentially harm your organization’s reputation and financial well-being. ...

June 19, 2023 · 10 min · 2027 words · Harry Kimpel
Level up your security skillset with New Relic

Level up your security skillset with New Relic

Not every developer is a security expert, but use these tips to improve your skills In today’s digital age, security is a major concern for individuals and organizations alike. With the increasing number of cyber-attacks and data breaches, it’s crucial for developers to have a thorough understanding of security best practices. The security of an application is of the utmost importance, as it can directly impact the safety and privacy of users’ data. ...

May 15, 2023 · 7 min · 1289 words · Harry Kimpel
Updated Snyk Webhook Integration with New Relic

Updated Snyk Webhook Integration with New Relic

In a recent post I wrote about the ability to send all your application security vulnerabilities found by Snyk directly to your New Relic observability platform. Now, New Relic made it even easier to achieve that by providing a dedicated security ingest processor that ‘understands’ the payload from a Snyk webhook. All the details on how to get started, create and configure a Snyk webhook to send into your New Relic account is provided in this docs page: https://docs.newrelic.com/docs/vulnerability-management/integrations/snyk/ ...

April 12, 2023 · 2 min · 259 words · Harry Kimpel