Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

To Predict Cloud Security’s Future, We Must First Understand Its Past

by Tim Armstrong, posted in Cloud Security, Webinar, Cloud Security Best Practices, Cloud Security's Future

Jan Webinar Recap Blog Banner Part 1.jpg

The conversations about cloud security are changing rapidly. A few years ago, companies were hesitant to even talk about moving to the cloud because of all the unknowns — specifically in regard to security. Cloud service providers like Amazon, Google, and Microsoft have made bold commitments to security, so today the conversation is shifting from how secure the cloud itself is, to how individual companies can better secure their data and systems.

On Tuesday, January 17, Threat Stack’s Director of Products, Vikram Varakantam, and OneLogin’s CISO, Alvaro Hoyos, hosted a webinar to discuss where they each see cloud security headed in the coming year.

Read More [fa icon=long-arrow-right"]

Jan 19, 2017 2:15:29 PM

[fa icon="comment"] 0 Comments

New Threat Stack Feature: S3 File Integrity Monitoring

by Venkat Pothamsetty, posted in File Integrity Monitoring, S3, FIM, CloudTrail Events

FIM Product Feature Blog Banner.jpg

Threat Stack customers receive a great deal of value from our Linux File Integrity Monitoring (FIM), and we have now extended that capability to S3.

Many of our AWS customers are storing their critical files on S3, and for various security and compliance reasons, those files need to be monitored to see if any are being accessed, altered, or deleted.

To help ensure the integrity of the files in S3 buckets, Threat Stack now supports alerting on access and changes to files in specific buckets. AWS now has capabilities for putting object level access into CloudTrail events, and we have added rules to our base rule set to support that feature.

Read More [fa icon=long-arrow-right"]

Jan 17, 2017 12:53:08 PM

[fa icon="comment"] 0 Comments

Boston Cloud Security & Incident Management Workshop Recap

by Tom McLaughlin, posted in Cloud Security, DevOps, SecOps, PagerDuty, DevSecOps, Incident Management, Workshop, Cloud Security Maturity Model

PagerDuty Workshop Event Recap Blog Banner.jpg

Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.

Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination!

Read More [fa icon=long-arrow-right"]

Jan 13, 2017 4:29:58 PM

[fa icon="comment"] 0 Comments

Why Banks are Moving to the Cloud — And Why You Should Too

by Jim Crowley, posted in Cloud Security, Banks, FinTech, Banking Industry

Banks Cloud Blog Banner-1.jpg

A major shift is taking place in banking right now. It’s a shift many banks have been pretty hush-hush about until now, and that naysayers said would never happen.

Banks are rapidly testing and moving to the cloud.

What happened in the past two years that changed how the banking industry approaches the cloud? Two words: Capital One. In October 2015, Capital One’s CIO, Rob Alexander, revealed that the bank was all-in on AWS. They were one of the very first U.S. banks to not only commit to the cloud in a big way, but also to announce it loudly and proudly.

Read More [fa icon=long-arrow-right"]

Jan 12, 2017 1:40:58 PM

[fa icon="comment"] 0 Comments

Why You Can’t Wait Until a Security Person is Hired

by Tim Armstrong, posted in Cloud Security, SecOps, Cloud Security Strategy, Cloud Security Best Practices

Security Person Unicorns Blog Banner-4.jpg

Organizations wait to implement security solutions for a variety of reasons. One that we often hear is that they’re looking to land that security expert to help them make all the right product selections and correctly implement and maintain the solutions they choose.

This would be great in a perfect world: these organizations would make that hire, buy those products, and start improving security.

Unfortunately there’s a big gap between the ideal world and the one we actually operate in.

Read More [fa icon=long-arrow-right"]

Jan 11, 2017 12:31:36 PM

[fa icon="comment"] 0 Comments

What Insurance Companies Need to Know About Cloud Security in 2017

by Jim Crowley, posted in Cloud Security, Compliance, Insurance Companies, Insurance

Insurance Companies Blog Banner.jpg

Few understand the concept of mitigating risk better than the insurance industry. The insurance industry faces a unique set of challenges when it comes to cloud adoption and security. In this post, we’ll walk through some of the reasons why moving to the cloud is an excellent idea for insurance companies and provide some guidance on how they can overcome the most common hurdles.

Read More [fa icon=long-arrow-right"]

Jan 10, 2017 2:20:51 PM

[fa icon="comment"] 0 Comments

MineralTree Achieves PCI Compliance With Threat Stack

by Kevin Eberman, posted in Compliance, File Integrity Monitoring, PCI DSS, HIDS, Compliance Audit, Vulnerability Monitoring

Customer Post MineralTree Blog Banner.jpg

Compliance processes have a reputation for being expensive, time-consuming, and fraught with difficulties — and sometimes certifications are looked upon with skepticism. However, most of the PCI requirements are common sense, best practices that any organization that is concerned with security should adopt. At MineralTree, we use Threat Stack to mitigate security threats. Additionally Threat Stack helps us adhere to PCI requirements and document our compliance.

Let me explain  . . .

Read More [fa icon=long-arrow-right"]

Jan 9, 2017 10:10:30 AM

[fa icon="comment"] 0 Comments

Cicadas & Security: How an Alternate Reality Game Teaches Encryption and Best Practices, Part 1

by Toni Noble, posted in Security Best Practices, Cicada 3301, Encryption, Alternate Reality Games, ARG

Cicadas and Security Part 1 Blog Banner.jpg

When you think of alternate reality games (ARGs), things such as Ingress or Pokemon GO probably come to mind. While thinking about ways to use encryption or navigate the Tor network, you most likely wouldn’t think to start by browsing 4chan’s /x/ (paranormal) board. Yet on January 5, 2012 many people found themselves intrigued and began their journey to greater security knowledge, and perhaps to “enlightenment” (as a later puzzle states).

Read More [fa icon=long-arrow-right"]

Jan 6, 2017 10:49:30 AM

[fa icon="comment"] 0 Comments

3 Ways Businesses Can Address IoT Security Failures

by Tim Armstrong, posted in IoT, IoT Security, IoT Devices

IoT Security Failures Blog Banner.jpg

I watched a Twilight Zone marathon over the New Year’s weekend, and it got me wondering about today’s Internet of Things (IoT). Are “Things” really taking over our world, and if so, how can we peacefully coexist with them or even prosper together?

The IoT is really just a fancy way of saying that technology is becoming more pervasive in everything we use, from sensors to thermostats to our trusty office gadgets. But with such pervasiveness, where does security come in, if at all?

Read More [fa icon=long-arrow-right"]

Jan 5, 2017 8:57:17 AM

[fa icon="comment"] 0 Comments

A Year in the Life of Threat Stack’s Cloud Security Platform®

by Megan Rees Ahigian, posted in CSP, Threat Intelligence, Cloud Security Platform, Vulnerability Monitoring, AWS Configuration Auditing

CSP Year Blog Banner.jpg

Before we get too far into 2017, we want to take a final look back at 2016 — specifically at some of the great enhancements we made to Threat Stack’s Cloud Security Platform®.

In the security world, 2016 was filled with major incidents, including massive data breaches, nation-state cyber interference, crippling DDoS attacks, and increased numbers of ransomware incidents — along with all the less glamorous, day-to-day security threats that had the potential to impact every cloud-based business in existence. So much for the bad news!

At Threat Stack, 2016 was the year we transformed our best-of-breed Host Intrusion Detection System into the industry’s first cloud-native, end-to-end Cloud Security Platform to deliver a unified view into workloads, infrastructure monitoring, vulnerability management, threat intelligence, and compliance reporting.

Read More [fa icon=long-arrow-right"]

Jan 3, 2017 12:35:48 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all