Threat Stack Blog

Continuous security monitoring for your cloud.

How to Create an Effective Cloud Security Alerting Process

by Venkat Pothamsetty, posted in Cloud Security Playbook, Cloud Security Strategy, Cloud Security Platform, Cloud Security Alerting System

TS16031_ThreatStack_eBook_BlogImg.jpg

The first component of any security program should be an alert system. Alerts are typically the fastest and most effective way to be notified when something goes wrong so you can jump into action. But alerts also have the stigma of being too noisy, throwing out false positives, or requiring a lot of fine tuning to get right. After all, a minor bug in the code that doesn’t affect end users isn’t the type of thing you should be woken up in the middle of the night for.

Read More [fa icon=long-arrow-right"]

May 26, 2016 11:45:17 AM

[fa icon="comment"] 0 Comments

Why I Deferred Harvard to Work Full Time at a Startup

by Michael Chen, posted in Degree Deferrment, Deferring Graduation

TS16031_ThreatStack_MichaelChen_BlogImg_1.jpg

After my third year as a Harvard computer science major, I decided to defer my degree to start working as a full-time software engineer at Threat Stack, Boston-based company providing cloud security and compliance. It was a hard decision, but definitely the right one. As a computer science major, it seemed like the majority of my time was spent studying theories instead of writing my own code or solving real problems. Even after summer internships at well-established companies like Microsoft and Qualcomm, I still didn’t feel like I had the hands-on experience I needed to go out and have an impact in the real world. So I decided to fast track to the real world to get it.

Read More [fa icon=long-arrow-right"]

May 25, 2016 8:06:49 AM

[fa icon="comment"] 0 Comments

Using webpack Build System in Existing Codebases

by Vitaliy Zakharov, posted in webpack, webpack build system

TS16031_ThreatStack_Webpack_ThreatStack_BlogImg2.jpg

There are many tutorials, blog posts, and articles in the internets that deal with using cool and shiny new tools in cool and shiny new projects. As any developer knows, useful codebases that are anything more than “Hello World” don’t stay in that hipster-happy state for too long. Even in the most disciplined teams, the tech debt grows and consumes the code; once active and well-maintained libraries gradually become forgotten and slowly await death in dusty corners of GitHub. Unfortunately, adding shiny new tools to older projects is not always well covered.

Read More [fa icon=long-arrow-right"]

May 24, 2016 11:46:35 AM

[fa icon="comment"] 0 Comments

Boston SOURCE Conference 2016: I Got the T-Shirt and a Whole Lot More

by Nathan Cooprider, posted in Cloud Security, Security

TS16031_ThreatStack_SourceBoston2016_BlogImg.jpg

The SOURCE Conference held in Boston last week was a terrific opportunity to meet a lot of fascinating industry folks while sharing great ideas about the intersection of business, technology, and security. I attended some outstanding presentations, which I’ve highlighted below, and also gave my own talk, “How Security Changes In the Cloud and Why You Care,” which I’ll summarize in a later post.

Read More [fa icon=long-arrow-right"]

May 23, 2016 12:03:21 PM

[fa icon="comment"] 0 Comments

Does "Cloud-Native" Really Matter When it Comes to Cloud Security?

by Palen Schwab, posted in Cloud Security, Cloud, Cloud-Native

TS16031_ThreatStack_CloudNative_BlogImg.jpg

Cloud-native: It’s an adjective that gets tossed around a lot, but we don’t frequently unpack its meaning or its value for businesses.

Today we want to talk about what cloud-native means in the context of cloud security and whether it’s truly necessary. Cloud-native means that a piece of software was built in the cloud, for the cloud. When it comes to security, a cloud-native platform is a natural fit for protecting cloud-based data. But is it a must-have?

Read More [fa icon=long-arrow-right"]

May 20, 2016 12:35:05 PM

[fa icon="comment"] 0 Comments

Threat Stack and AppArmor – a Match Made in Cloud Security Heaven!

by Toni Noble, posted in Cloud Security, Linux, AppArmor, Infrastructure


TS16031_ThreatStack_AppArmorThreatStack_BlogImg.jpg

Recently, we’ve had a few customer inquiries about how the Threat Stack Agent co-exists with AppArmor. This led us into a detailed exploration of AppArmor’s componentry, how it interacts with the kernel audit system, and how customers can effectively use our platform along with AppArmor.

Read More [fa icon=long-arrow-right"]

May 19, 2016 9:42:56 AM

[fa icon="comment"] 0 Comments

Your Cloud Security Goals: Where to Start?

by Venkat Pothamsetty, posted in Cloud Security Playbook, Cloud Security Strategy, Cloud Security Goals


Goals.jpgWe’re willing to assume that cloud security is important to your company, but proactively building and implementing a strategy to make it happen is often bypassed in favor of a more reactive and tactical approach to cloud security.

Read More [fa icon=long-arrow-right"]

May 18, 2016 11:05:18 AM

[fa icon="comment"] 0 Comments

Who is That EC2 User?

by Venkat Pothamsetty, posted in EC2, File Integrity Monitoring, Identity Management

Identity-Management-in-the-Cloud.png

Identity management is a difficult problem in the cloud, especially when it comes to sharing user accounts — an all too familiar (and problematic) practice today. Sharing accounts is very common on EC2, in particular, because EC2 instances come with a standard set of user accounts that a team can begin using immediately. Although it’s possible to create more user accounts, doing so is a resource-intensive task that is not a top priority for most operations personnel — and as a result, teams often end up sharing the default accounts.

Read More [fa icon=long-arrow-right"]

May 17, 2016 11:53:20 AM

[fa icon="comment"] 0 Comments

May 13, 2016 9:31:20 PM

[fa icon="comment"] 0 Comments

Creating a Framework to Enable Compliance in the Cloud

by Sam Bisbee, posted in Compliance, Cloud Security Strategy, Cloud Security Platform

Compliance_Framework.png

How many times have you finished a 1,000-piece puzzle? How about a serious game of Monopoly? Both of these activities have parallels with the process of meeting compliance regulations.

Read More [fa icon=long-arrow-right"]

May 13, 2016 10:02:42 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all