Threat Stack Blog

Continuous security monitoring for your cloud.

File Integrity Monitoring and Its Role in Meeting Compliance

by Anthony Alves, posted in HIPAA, Cloud Security, File Integrity Monitoring, Regulatory Compliance, PCI DSS


When’s the last time someone made an unauthorized change to your system files?

To answer this and other important security questions, as well as to meet many compliance requirements, you first need to have file integrity monitoring. In case you aren’t familiar with the term, file integrity monitoring (sometimes abbreviated to FIM) is the method for knowing exactly when and how your files are being changed at any moment in time. This includes critical system files, configuration files, and content files.

Read More [fa icon=long-arrow-right"]

Sep 27, 2016 11:14:32 AM

[fa icon="comment"] 0 Comments

My Journey in Scala, Part 3: None is Better Than Undefined

by Joe Baker, posted in Scala Best Practices, Scala, Functional Programming


Here’s the situation: At Threat Stack we consume a torrent of security event data every day, and as many new customers come on board, the amount of data we need to ingest, transform, store, and retrieve just keeps growing. About a year ago, we implemented a caching layer to allow us to display more aggregated information to customers on our Dashboard, which was powered by ElasticSearch Aggregates.

Read More [fa icon=long-arrow-right"]

Sep 26, 2016 10:18:17 AM

[fa icon="comment"] 0 Comments

Invest in Security Using a 4 Point Plan

by Kevin Durkin, posted in Cloud Security, Cloud Security Strategy, Cloud Security Technologies


In an earlier blog post I wrote about looking at security as an investment (as opposed to an expense), focusing on the value that an integrated cloud-native security platform can deliver to investors, board members, and C-Level executives. In this post, I’m going to broaden my focus to include some of the other issues you need to include in your “security as an investment” plan.

Read More [fa icon=long-arrow-right"]

Sep 23, 2016 4:27:57 PM

[fa icon="comment"] 0 Comments

How to Create a Security-Minded DevOps Organization: Three Best Practices

by Pete Cheslock, posted in Cloud Security, Security, DevOps, Cloud Security Best Practices


You’re a week into your new job and a colleague shouts out across the room before a big deployment: “Hey John, you’ve got security covered, right?” You rush over to your good friend Google for a few quick ideas on implementing security best practices into DevOps and timidly shake your head “yes” at your colleague.

Read More [fa icon=long-arrow-right"]

Sep 22, 2016 1:15:57 PM

[fa icon="comment"] 0 Comments

Budgeting for a Compliance Audit: A Practical Framework

by Anthony Alves, posted in HIPAA, Regulatory Compliance, Compliance in the Cloud, PCI DSS, Compliance Audit


Companies can easily underestimate the investment required to meet compliance. Thinking compliance is a one-and-done activity that you can skate by with minimal spend only sets you up for unpleasant surprises later on. Compliance can be a long, drawn-out process, involving everyone including HR, finance, security, and leadership. So it’s important to look at all the costs up front in order to set aside a realistic budget.

A good way to approach compliance is to treat it like a new product launch. You’ll need a dedicated project team, new technology, a reasonable budget, and more to get it off the ground.

Read More [fa icon=long-arrow-right"]

Sep 21, 2016 3:30:42 PM

[fa icon="comment"] 0 Comments

Building Strong Partnerships: Why We’re a Proud Sponsor of the PagerDuty Summit

by Palen Schwab, posted in Cloud Security, PagerDuty, Incident Management, PagerDuty Summit


After the Threat Stack team attended last week’s PagerDuty Summit in San Francisco, it became clear why PagerDuty is the market leader in agile incident management solutions. Not only do they have a great product, they also have an active community of users who are driving the conversation around incident response in the twenty-first century.

Read More [fa icon=long-arrow-right"]

Sep 20, 2016 1:34:08 PM

[fa icon="comment"] 0 Comments

Why All Employees Should Be Security Ambassadors — and How to Do It

by Pete Cheslock, posted in Cloud Security, Security, DevOps, Security-Enabled DevOps


 A recent Motherboard article caught our eye and got us thinking about who is — and who should be — responsible for security in an organization. The article, titled “We Need to Change the Psychology of Security,” makes the argument that, by treating security as a specialization that belongs only to a few people in an organization (the security team), we are crippling our ability to successfully achieve security at scale.

The author, Adrian Sanabria, makes some excellent points. After reading the article, we wanted to share some actionable ways that organizations can go about deputizing their employees as security ambassadors.

Read More [fa icon=long-arrow-right"]

Sep 15, 2016 12:14:49 PM

[fa icon="comment"] 0 Comments

The Compliance Playbook: How to Build PCI & HIPAA Compliant Businesses in the Cloud

by Anthony Alves, posted in HIPAA, Cloud Security, Regulatory Compliance, Compliance in the Cloud, PCI DSS



The Threat Stack Compliance Playbook for Cloud Infrastructure is now available!

The Compliance Playbook is intended for readers who want to understand what’s involved in becoming compliant in a cloud environment — without getting caught up in the details and complexity that the compliance process is well known for.

Read More [fa icon=long-arrow-right"]

Sep 14, 2016 1:04:41 PM

[fa icon="comment"] 0 Comments

Scala @ Scale, Part 2: Compose Yourself!

by Dave Hagman, posted in Scala at Scale, HTTP request builder, Scala, Function Composition, Functional Programming


Function composition is an extremely useful tool for creating modular, testable programs. One of the most natural applications of functional composition that I’ve found is creating a lightweight, composable HTTP request builder, and with that objective in focus, this post will equip you with the tools you need to simplify your HTTP clients.

Read More [fa icon=long-arrow-right"]

Sep 12, 2016 2:20:04 PM

[fa icon="comment"] 0 Comments

DevOpsDays Chicago 2016: Dev, Ops, & the Role of Security

by Tom McLaughlin, posted in Security, DevOps, InfoSec, Event, CloudSecurity, DevOpsDays


Last week I spent two great days at DevOpsDays Chicago. Usually, I attend conferences to listen to the talks, but in Chicago I was representing Threat Stack (one of the event’s Gold Sponsors), so my job was mostly listening to engineers discuss their organization’s security stance and requirements. I learned a lot from the conference — especially about the integration of Security into a DevOps world.

Read More [fa icon=long-arrow-right"]

Sep 9, 2016 9:57:39 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all