Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

OneLogin Gains Granular Security Control With Threat Stack on AWS

by Michal Ferguson , posted in Threat Stack Cloud Security Platform, AWS Services, OneLogin

OneLogin Case Study Blog Banner.png

OneLogin’s Journey on AWS

OneLogin, an identity and access management (IAM) company, is dedicated to superior security for their users, which starts with their own stringent security posture. Since OneLogin’s customers typically come from regulated industries such as healthcare and online retail, OneLogin needed the ability to definitively show that their security, and that of their customers, was as secure as possible at any given moment.

Read More [fa icon=long-arrow-right"]

May 22, 2017 9:45:14 AM

[fa icon="comment"] 0 Comments

Test-Driven Security With Chef InSpec

by Tom McLaughlin , posted in DevSecOps, Test-Driven Security, Chef InSpec

Chef InSpec Blog Banner.png

Test-Driven Security

Test-driven security is the implementation of tests into the development process, and Chef InSpec is one tool that will help you get started with this process. These security tests are intended to define the security features required for a system to be production ready.

In this post, we will walk through the process of using test-driven security, with proscriptive security tests, using Chef InSpec.

Read More [fa icon=long-arrow-right"]

May 19, 2017 1:49:57 PM

[fa icon="comment"] 0 Comments

Configuration Auditing Adds Single View for Multiple AWS Accounts

by Threat Stack Product Team , posted in AWS Configuration Auditing, AWS Configuration Auditing Single View

Multiple AWS Accounts Blog Banner-1.png

Continuing our ongoing commitment to improving the user experience, we are announcing the most recent enhancement to AWS Configuration Auditingthe ability to view multiple AWS accounts from one central location. 


  • If you are a current customer, this feature will be updated automatically.

  • If you’re not yet a Threat Stack customer, the links at the bottom of this post will give you excellent insights into the capabilities of Threat Stack's AWS Configuration Auditing.
Read More [fa icon=long-arrow-right"]

May 18, 2017 9:34:27 AM

[fa icon="comment"] 0 Comments

May 17, 2017 11:32:14 AM

[fa icon="comment"] 0 Comments

Join Threat Stack’s Pete Cheslock at Monitorama 2017

by Michal Ferguson , posted in Monitorama, Pete Cheslock, The Vasa: Redux, Software Project Management

Pete Cheslock Monitorama Blog Banner.png

On August 10, 1628, the Swedish warship Vasa began its maiden voyage, and after sailing approximately 1,400 feet, promptly heeled over and sank, causing total loss of the ship as well as the deaths of 53 sailors.

What does this have to do with project managing large, complex software systems? Find out by joining Threat Stack’s Pete Cheslock at Monitorama in Portland, Oregon, May 22–24.

Read More [fa icon=long-arrow-right"]

May 16, 2017 12:30:36 PM

[fa icon="comment"] 0 Comments

5 Key Takeaways From DevOpsDays Austin 2017

by Travis Wilkins , posted in Cloud Security, DevOpsDays Austin 2017

DevOpsDays Austin Recap 2017 Blog Banner.png

Once again Threat Stack was pleased to be a sponsor and a participant at DevOpsDays Austin 2017 on May 4 & 5. Right off the bat it’s clear that this vibrant conference is continuing to expand, with its year over year increase in the number of attendees (650) and sponsors (40). Of particular note: The importance that people in the DevOps space are placing on security is definitely continuing to grow — and I put together five key observations about security, compliance, and the way DevOps teams operate. So without further commentary, here’s what I learned at DevOps Days Austin.

Read More [fa icon=long-arrow-right"]

May 15, 2017 11:11:29 AM

[fa icon="comment"] 0 Comments

Threat Stack Launches Customer Advisory Board

by Threat Stack Product Team , posted in Threat Stack Customer Advisory Board

2-Customer Advisory Board Blog Banner.png

"It’s great to see that Threat Stack is putting customers at the center of its business. They’re ensuring that their customers’ feedback is taken into account, and creating a forum to explore best practices for tackling new problems in the ever-changing world of cloud security.”

Anshu Gupta, Head of Information Security, HelloSign commenting on
Threat Stack’s new Customer Advisory Board (CAB)

Today we are pleased to announce the launch of Threat Stack’s new Customer Advisory Board! Let’s take a look at how it came about and how it’s going to help us keep our customers front and center as we continue to deliver innovative cloud security solutions to the market.

Read More [fa icon=long-arrow-right"]

May 11, 2017 11:56:14 AM

[fa icon="comment"] 0 Comments

4 Things You Need to Know About SOC 2 Compliance

by Vikram Varakantam , posted in Compliance, SOC 2, Customer requirements

SOC 2 Compliance Blog Banner.jpg

Compliance isn’t as simple as a connect-the-dots exercise. When you consider how fast companies are moving to and expanding on the cloud, alongside the proliferation of cloud-based security threats, compliance can be a little dizzying. We’re here to break the complexities of compliance requirements down for you, starting with SOC 2.

SOC 2 is one of the more common compliance requirements technology companies must meet today.

So what does SOC 2 compliance mean and how can you go about achieving it? In this post, we will break down the four most important things you need to know.  

(Learn more about how Threat Stack Customer 6sense was able to achieve SOC 2 compliance and protect sensitive customer data.)

Read More [fa icon=long-arrow-right"]

May 9, 2017 12:20:00 PM

[fa icon="comment"] 0 Comments

Why You Don't Need to Code to Run Secure on AWS

by Megan Rees Ahigian , posted in Cloud Security, AWS Security, AWS Configuration Auditing, AWS Security Best Practices

Code Secure AWS Blog Banner.png

Amazon Web Services, the ubiquitous cloud infrastructure provider, has made it increasingly easy for businesses to move to the cloud and take advantage of the scalability, flexibility, and cost savings this approach offers. For some businesses that are contemplating the move to AWS, you may be wondering whether it’s necessary to have a team of developers who can help to ensure that you are capable of running securely on AWS.

The short answer is: You don’t need to start from scratch when it comes to security, and you don’t need  to have extensive coding resources in-house to run securely on AWS. With the right tools at your disposal, you can quickly measure compliance with  your unique security policy and adapt to changes in your environment as needed.

Here’s what you need to know to run securely on AWS, with or without a legion of development resources at your disposal.

Read More [fa icon=long-arrow-right"]

May 9, 2017 10:05:45 AM

[fa icon="comment"] 0 Comments

The Real Implications of The Shared Security Model

by Pete Cheslock , posted in Cloud Security, Shared Responsibility Model

Shared Responsibility Blog Banner.png

Gone are the days when the majority of businesses could point to the cloud warily and say, “I think my data’s safer on-prem.” Organizations today are far less worried about how secure the cloud is in general, and this change in attitude has sped up cloud adoption to a great degree.

What has led to this more relaxed embrace of the cloud? In part, providers like AWS have gone to great lengths to codify and transparently communicate a Shared Responsibility Model that has expressly defined the scope and boundaries of responsibility. Increasingly, customers recognize that Amazon and its brethren have all-star teams that have a security focus ingrained in them. There’s a certain level of comfort that comes with knowing you are in good, experienced hands.

But, even as the cloud is proven to be quite secure and as confidence in it increases, Security and DevOps teams still have to be vigilant about their own workloads. Organizations have to pick up their end of the shared responsibility bargain — and in some cases, even take it a step further than what is required.

With that in mind, here’s what today’s organizations need to know in order to do that successfully and continue to benefit from all that the cloud has to offer without major security concerns stymying progress.

Read More [fa icon=long-arrow-right"]

May 8, 2017 1:13:52 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all