Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

5 Things Security Can Learn From Operations' Transition Into DevOps

by Tom McLaughlin, posted in Cloud Security, Security, SecOps, DevSecOps

Operations Transition to DevOps Blog Banner.jpg

Over the past couple of years, a discussion has been brewing in the Security community about the future of its work. On one hand, the need for security is more urgent than ever as all areas of business and personal computing are being impacted by cyber threats. On the other hand, the process of delivering software has changed: We have significantly streamlined the development process by reducing organizational silos through various implementations of a DevOps culture.

So here’s the question: Faced with this changing landscape, how can Security transform the way it does business in order to contribute its full value — without negatively impacting development schedules and operational procedures?Security needs to adjust to the rapid and agile world of the cloud, but the transition doesn’t have to be difficult. The Ops community faced a similar transition when it integrated with Dev, and there’s much that Security can learn from their experience.

Read More [fa icon=long-arrow-right"]

Dec 2, 2016 12:41:16 PM

[fa icon="comment"] 0 Comments

Threat Stack Broadens Cloud Security Platform With New Configuration Auditing

by Megan Rees Ahigian, posted in Cloud Security, AWS Security, Cloud Security Platform, AWS Configuration Auditing

Config Audit Blog Banner.jpg

How securely configured is my AWS environment? Have I checked all the right boxes? Have I locked all my doors and windows?

With the release of AWS Configuration Auditing — a major new feature of the Threat Stack Cloud Security Platform® (CSP) — Threat Stack is the only cloud security monitoring platform that enables customers to assure that their AWS environment is configured to policy and from there, implement continuous security monitoring, alerting, and investigation at any stage in their company’s cloud maturity lifecycle.

Configuration Auditing enables Threat Stack customers operating in AWS to implement AWS security best practices by automatically auditing current environments and providing an immediate, concise report of configurations that are non-compliant with best practices. Threat Stack then offers steps to remediate the issues and make the AWS environment more secure.

Read More [fa icon=long-arrow-right"]

Dec 1, 2016 10:37:16 AM

[fa icon="comment"] 0 Comments

Threat Stack Cloud Security Platform: Streamlined Workflows, Part 2

by Megan Rees Ahigian, posted in Cloud Security, Threat Stack Cloud Security Platform, HIDS, Workflow Enhancements, Server Management, Software Vulnerability Assessment & Management

CSP Streamlined Workflow Part2.jpg

In the first part of 2016, Threat Stack’s Product Development team concentrated on its goal of continuing to build a powerful, cloud-based security platform with all the features users need to keep their cloud environments protected as they scale.

More recently, we have focused on our second goal — streamlining workflows in three key areas of our Cloud Security Platform® — to ensure that it is easy to use and customize, thus enabling users to move as fast as possible while they prioritize security issues and strengthen their organization’s security.

In Part 1 of this series I explained how we streamlined our Host Intrusion Detection (HIDS) workflows. In Part 2, I am going to describe improvements we’ve made to workflows in the following two areas:

  • Server Management
  • Software Vulnerability Assessment and Management

Read More [fa icon=long-arrow-right"]

Nov 30, 2016 11:31:06 AM

[fa icon="comment"] 0 Comments

The Realities of Hybrid Computing Today & How to Stay Secure

by Tim Armstrong, posted in Cloud Security, Security, Linux Security, Windows Agent, Hybrid Environments, Windows Security

Hybrid Computing Blog Banner.jpg

As we hurtle into the future, it often seems that talk in the tech media revolves around cloud computing. But the reality for many companies, especially larger enterprises, is that the transition to the cloud is going to take time. In many cases, today’s environments are more of a hybrid — with some assets residing in the cloud, while others are firmly on-premise, and still more are in a state of transition. Regardless of where your organization is on this continuum, security needs to go right along with it.

The good news is that there’s no need to sacrifice security — or visibility — because some or all of your resources remain on-prem.

Read More [fa icon=long-arrow-right"]

Nov 30, 2016 9:16:52 AM

[fa icon="comment"] 0 Comments

Considerations For Creating Secure User Groups on AWS Using IAM

by Anthony Alves, posted in AWS Security, IAM, Identity Access and Management, IAM Users and Groups

AWS IAM Blog Banner.jpg

A big difference in the way on-premise infrastructures and cloud infrastructures are implemented centers on the way that user permissions are assigned. As you move towards software-defined everything, where data and systems are far more connected (generally a good thing), you need to pay special attention to the roles and permissions you grant to ensure that users are only given as much access as they absolutely need. No more, no less.

Read More [fa icon=long-arrow-right"]

Nov 29, 2016 10:11:08 AM

[fa icon="comment"] 0 Comments

Too Big to Succeed: Monolithic Madness

by Lucas DuBois, posted in services, scalability, architecture, microservices

Monolithic Madness Blog Banner.jpg

We’ve all been there. You start your pretty new [insert language here] project, with a vow to do things right. You carefully discuss the project structure, you agree on what the database schema will look like, and your unit test coverage is at a staggering 99.8%! “It’s perfect,” you think as you crack that well-deserved beer and watch bits flow happily through your brand new service.

Fast forward six months, and you’re presented with a completely different scene. The latest set of features has wreaked havoc on your precious project. You have files with 500+ lines of code, your coverage has sunk to a barely acceptable 70%, and your list of complaints with every architectural decision you’ve made is growing by the minute. What an idiot past you was! What happened, and how do we fix it?

Read More [fa icon=long-arrow-right"]

Nov 28, 2016 10:14:50 AM

[fa icon="comment"] 0 Comments

Nov 23, 2016 10:05:22 AM

[fa icon="comment"] 0 Comments

5 Factors to Consider When Building Your Security Budget

by Kevin Durkin, posted in Cloud Security Strategy, Budget, Security Budget

Security Budget Blog Banner.jpg

I have worked in finance roles in the tech industry for much of my career, but since joining Threat Stack I’ve had my eyes opened wide to the world of security. I have learned just how vital an effective security strategy is to the health of any modern business — and as a corollary, how critical a carefully planned security budget is.

Building a security budget can be a complex and sometimes fraught process, so I wanted to share some insights from my viewpoint as the CFO of a cloud security company. Below are five things I urge you to consider when you put together your own organization’s security budget.

Read More [fa icon=long-arrow-right"]

Nov 22, 2016 10:10:30 AM

[fa icon="comment"] 0 Comments

Threat Stack Cloud Security Platform® Support for Windows & Hybrid Environments

by Venkat Pothamsetty, posted in Cloud Security, Intrusion Detection, Threat Stack Cloud Security Platform, Windows Agent, Windows

Windows Agent Release Blog Banner.jpg

As part of its ongoing mission to bring customers the most comprehensive and powerful cloud security solutions, Threat Stack has extended the capabilities of its Threat Stack Cloud Security Platform® to enable continuous security monitoring of Microsoft Windows and hybrid environments.

The new Windows agent adds to Threat Stack’s existing support for Linux environments, and enables companies to collect important information about users, processes, network connections, and files, as well as security events from Windows environments. The range and depth of detail provides a deep level of visibility and information that growing companies need in order to remain secure and compliant as they grow.

Read More [fa icon=long-arrow-right"]

Nov 21, 2016 11:39:59 AM

[fa icon="comment"] 0 Comments

Best Practices for Implementing & Scaling Security in AWS

by Tim Armstrong, posted in Cloud Security, AWS, AWS Security, Cloud Security Best Practices

Nov Webinar Recap Blog Banner.jpg

Security is a shared responsibility when you run your business on Amazon Web Services (AWS). To hold up your end of the bargain, there are many best practices at companies should be employing early on (but often don’t) to ensure that they’re maintaining security and that it can scale as the company grows.

Read More [fa icon=long-arrow-right"]

Nov 18, 2016 1:28:44 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all