Threat Stack Blog

Continuous security monitoring for your cloud.

How to Prepare for the Next Shellshock: [New Webinar]

by Palen Schwab, posted in Threats, Webinar, Shellshock, EC2

Webinar-banner

On September 24, 2014, a bug in the Unix Bash shell known as Shellshock was disclosed. The vulnerability widely affected Linux distributions, was easy to exploit, and allowed an attacker to gain unauthorized access to a computer system. This net shattering event left many organizations wondering whether they were compromised and if so, the extent of the damage.

That’s why on Wednesday, December 10th at 1:30pm EST, our Co-Founder and Chief Scientist, Jen Andre, and CEO, Doug Cahill, will be discussing lessons learned from this vulnerability and what companies can do to stay protected from the next one.

During this webinar you will learn how-to:

Uncover new threats

Using behavioral-based intrusion detection to protect against zero day attacks.

Protect your customer data

Using continuous security monitoring and auditing to keep data secure.

Reduce your EC2 workload attack surface

Gaining visibility and understanding your security coverage in AWS.

Join us for this live, interactive discussion and you will also receive a Threat Stack t-shirt. The webinar is already filling up fast -- save your seat today for “Preparing for the Next Shellshock”.

                     


                     
Read More [fa icon=long-arrow-right"]

Nov 25, 2014 10:02:08 AM

[fa icon="comment"] 0 Comments

4 Steps To Effectively Integrate DevOps Workflows With Cloud Security Practices

by Pete Cheslock, posted in Cloud Security, DevOps

I’ve spent most of my career in Operations, and the last 5 years at various organizations advocating and instilling DevOps principles in the teams I work with. One thing I’ve noticed is that most companies value speed over security, which has traditionally been a blocker in delivering software.  

Recently, however, with more and more breaches and vulnerabilities reported (Shellshock and Heartbleed to name a just few), I’ve changed my tune. I’m not going to say I’ve become paranoid, but one of the reasons I’ve joined Threat Stack is because I believe how important it is that security gets integrated into the operations process.   

Read More [fa icon=long-arrow-right"]

Nov 24, 2014 3:02:02 PM

[fa icon="comment"] 0 Comments

Announcements and Highlights: Threat Stack at AWS re:Invent 2014

by Kristin Dziadul, posted in Announcements, AWS, AWS ReInvent

We just returned from a great week in Las Vegas, NV for the AWS re:Invent Conference. The conference brought together over 13,500 developers, architects and many other technical users of the Amazon Web Services (AWS) infrastructure for an intensive four-day event. It is the year’s top spot to dive deep into the most pressing AWS topics and issues as well as learn about new services and brings the entire AWS ecosystem together.

Threat Stack at AWS re:Invent

Read More [fa icon=long-arrow-right"]

Nov 20, 2014 12:29:24 PM

[fa icon="comment"] 0 Comments

It’s Here! Threat Stack Launches Out of Beta at AWS re:Invent

by Doug Cahill, posted in Announcements, AWS, AWS ReInvent

Today we’re extremely excited to announce the general availability of Threat Stack!  

Right on the heels of our successful beta program with hundreds of active users, and a very busy summer that included shipping many new features, hiring key members of our executive team, and participating in several major AWS events, we have officially launched our service at the AWS re:Invent Conference. We are thrilled and honored that Threat Stack, among just a handful of other companies, was selected by Amazon Web Services (AWS) to join Amazon's CTO, Dr. Werner Vogels, on stage during his Start-up Launch Keynote to introduce our services to the entire AWS community.

Read More [fa icon=long-arrow-right"]

Nov 14, 2014 9:00:00 AM

[fa icon="comment"] 0 Comments

Nov 6, 2014 9:47:00 AM

[fa icon="comment"] 0 Comments

Bringing Infosec Into The DevOps Tribe: Q&A With Gene Kim

by Pete Cheslock, posted in DevOps, SecDevOps, InfoSec

Last week, I had a call with Gene Kim, founding CTO of Tripwire and author of The Phoenix Project (see end of post for more details). I've known Gene from the DevOps community for awhile now, so we took this time to dive into all things DevOps and Security, in the end resulting in this great Q&A to share with you all on what bringing Security into DevOps means for us all.

Read More [fa icon=long-arrow-right"]

Oct 8, 2014 4:51:00 PM

[fa icon="comment"] 0 Comments

CVE-2014-6271 And You: A Tale Of Nagios And The Bash Vulnerability

by Jen Andre, posted in Nagios, Attack Vector, Linux, Monitoring, Bash Exploit, Vulnerabilities, Threat Stack Agent

The internet is yet again feeling the aftereffects of another “net shattering” vulnerability: a bug in the shell ‘/bin/bash’ that widely affects Linux distributions and is trivial to exploit. The vulnerability exposes a weakness in bash that allows users to execute code set in environment variables, and in certain cases allows unauthenticated remote code execution.

Possible vectors for attack include:

Read More [fa icon=long-arrow-right"]

Sep 25, 2014 4:52:00 PM

[fa icon="comment"] 0 Comments

Sep 4, 2014 4:53:00 PM

[fa icon="comment"] 0 Comments

Sep 3, 2014 4:53:00 PM

[fa icon="comment"] 0 Comments

Threat Stack vs. Red Hat Auditd Showdown

by Jen Andre, posted in Linux Security, SecDevOps, Auditing, AuditD

One of things we like at Threat Stack is magic.  But since magic isn’t real, we have to come up with the next best thing, so we’ve hired one of the libevent maintainers Mark Ellzey Thomas (we like to call him our ‘mad kernel scientist’) to make our agent the best in its class. 

Many of the more savvy operations and security people that use our service are blown away by the types of information we can collect, correlate, and analyze from Linux servers. They say something to the effect of, “I’ve tried to do this with (Red Hat) auditd, with little to no success… how do you guys do it?”  

Read More [fa icon=long-arrow-right"]

Aug 21, 2014 4:54:00 PM

[fa icon="comment"] 0 Comments

Subscribe via email: