Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

The SecOps Playbook: What I’ve Learned About Integrating Security Into DevOps

by Pete Cheslock, posted in Cloud Security, SecOps, DevSecOps, SecOpsPlaybook

SecOps Playbook Blog Banner v2.jpg

The Threat Stack SecOps Playbook is now available!

Why We Created a SecOps Playbook

I have experienced the transition to SecOps up close and personal. I’ve led teams in figuring out how to get security practitioners and DevOps teams in sync and in harmony.  Along the way, I’ve learned a number of valuable lessons that can be extended to any team that is thinking about bringing security deeper into the DevOps process.

Read More [fa icon=long-arrow-right"]

Oct 21, 2016 10:37:20 AM

[fa icon="comment"] 0 Comments

Threat Stack Supports Tech Gives Back & St. Baldrick’s

by Brian Ahern, posted in Tech Gives Back Day, Perkins School for the Blind, St. Baldrick's Foundation, Tech Tackles Cancer


With 2016 nearing an end, I can’t help reflecting on how fortunate I am in my personal and professional life. I am blessed with a beautiful, supportive family as well as the opportunity to work with a great team of employees, investors, board members, and customers at Threat Stack.

Read More [fa icon=long-arrow-right"]

Oct 20, 2016 9:06:03 AM

[fa icon="comment"] 0 Comments

A Look Back at AppSecUSA: From Application Security to DevOps and Beyond

by Tim Armstrong, posted in Cloud Security, DevOps, SecDevOps, SecOps, Event


Last week I spent two fantastic days in Washington, DC attending the AppSecUSA Conference on behalf of Threat Stack, one of the event’s Silver Sponsors.

When people think of the AppSec event, I assume the first thing that comes to mind is just that: Application Security. Given the fact that Threat Stack is more widely known for helping organizations protect their cloud environments, you might well ask why we took part in a show that’s not strictly dedicated to infrastructure security.

Great question, but as you’ll see, the answer is rooted in a match up between a rapidly evolving technology landscape and Threat Stack’s core mission.

Read More [fa icon=long-arrow-right"]

Oct 18, 2016 10:51:25 AM

[fa icon="comment"] 0 Comments

Cloud Security: Where to Get Started, Part 2

by Pete Cheslock, posted in Cloud Security, SecOps, Cloud Security Strategy, Cloud Security Best Practices


Last week, we released Part 1 of a two-part series on the low-hanging security best practices companies can implement to improve their security posture. Since security is no longer just the domain of the security experts, it’s important that everyone within your organization feel empowered to uphold security best practices regardless of their role.

This series is designed to give organizations a “starting point” on the security journey by identifying low-hanging fruit that can be picked off to gradually improve security. In Part 1, we explained the four security tools and services we recommend getting startedwith, and in this post we uncover the next set ofrecommendations, which can take you from level one to level two, so to speak.

Read More [fa icon=long-arrow-right"]

Oct 17, 2016 1:42:39 PM

[fa icon="comment"] 0 Comments

Myth Busting 3 Objections to Buying Cloud Security Solutions!

by Jim McDonough, VP Inside Sales, Threat Stack, posted in Cloud Security, Cloud Security Strategy


I was sitting with my Sales Team last Friday, listening to their experiences with prospects. They had some great stories about wins and interesting stories about losses. When I asked them about their biggest frustrations, they turned the tables and put me on the spot.

My biggest frustration? It comes in the form of three objections that can surface during the sales cycle. Let me explain.

Read More [fa icon=long-arrow-right"]

Oct 14, 2016 1:56:21 PM

[fa icon="comment"] 0 Comments

Cloud Security: Where to Get Started, Part 1

by Pete Cheslock, posted in Cloud Security, SecOps, Cloud Security Strategy, Cloud Security Best Practices


If you look at how and when different companies implement security, it’s clear the approach runs the gamut. Some go all in from day one while many others wait until the need is on top of them.

Of course, companies who get security off the ground as early as possible have many advantages, but that can be a daunting undertaking. This especially rings true in organizations that don’t have security pros on staff.

No matter where you are today, there are steps you can take to get more secure. And rather than succumb to analysis paralysis, it’s a good idea to just bite off what you can chew and start somewhere. So… where to start?

Read More [fa icon=long-arrow-right"]

Oct 13, 2016 12:31:47 PM

[fa icon="comment"] 0 Comments

5 Ways Product Managers Can Get Closer to Their Customers in the Cloud

by Megan Rees Ahigian, posted in Cloud Security, Product Enhancements, Customer Experience, Product Management


As a Product Manager, it‘s always your job to expand your understanding of the customer by finding out what they like and need, learning about problems they’re having, and listening to their ideas for new and improved features.

Read More [fa icon=long-arrow-right"]

Oct 12, 2016 2:34:46 PM

[fa icon="comment"] 0 Comments

The Ultimate Compliance Cheat Sheet: A Wrap Up of Threat Stack’s Cloud Compliance Series

by Anthony Alves, posted in HIPAA, Compliance, Compliance in the Cloud, PCI DSS, Compliance Playbook


We write about compliance (and talk to customers about it) pretty regularly, and if you’ve been following our blog over the last two months, then you know we also just did a full series on the topic. In addition, we released the The Threat Stack Compliance Playbook that’s full of practical information you can use to help your company achieve compliance without losing your sanity.

Read More [fa icon=long-arrow-right"]

Oct 7, 2016 11:13:05 AM

[fa icon="comment"] 0 Comments

Allocating Resources for a Compliance Audit: A Practical Framework

by Anthony Alves, posted in HIPAA, Regulatory Compliance, Compliance in the Cloud, PCI DSS, Compliance Audit, Resources


When companies prepare to meet compliance, whether it’s PCI DSS, HIPAA, or SOC 2, one thing that can be estimated inaccurately is the stakeholders who need to be involved — who they are, what departments they come from within your organization, what their roles are, what knowledge and skill sets they require, how long they’ll be needed, etc. This post is intended as a practical guide to help you develop a thorough and realistic resource plan for your next compliance audit.

Read More [fa icon=long-arrow-right"]

Oct 6, 2016 1:28:29 PM

[fa icon="comment"] 0 Comments

Protecting Sensitive Credentials by Sharing Secrets in the Cloud

by Pat Cable, posted in Cloud Security, Enterprise Security, Passwords, Credentials


In the life of many organizations, developers and operations people need credentials that they can use in case of emergency — when, for example, your external authentication services (either your multifactor service or your internal directory) experience an outage. The existence of these accounts presents a problem, however: one of the best ways for an adversary to ruin your organization is to compromise the login credentials of an account that is on every machine in your cloud.

Read More [fa icon=long-arrow-right"]

Oct 6, 2016 9:07:02 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all