Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Not Ready for Cloud Security? Here Are 5 Things You Can Do in the Meantime

by Travis Wilkins , posted in Cloud Security, Cloud Migration

Not Ready Cloud Security Blog Banner.png

If you are currently running an on-premise or hybrid environment with an eye to eventually making a complete transition to the cloud, you may be feeling a bit overwhelmed by everything that needs to change in order for your security posture to be appropriate for this new environment. In this post, we’re going to explain how you can start where you are, take small but meaningful steps, and still make important progress toward where you want to be — operating securely in the cloud.

Without trying to boil the ocean, here are five key steps you can take to gently kickstart your transition toward a fully secure, all-cloud environment, no matter where you are today.

Read More [fa icon=long-arrow-right"]

Jul 25, 2017 12:29:15 PM

[fa icon="comment"] 0 Comments

Threat Stack Introduces Alert Trends

by Threat Stack Product Team , posted in Alert Trends, Cloud Security Platform Alert Trends

Alert Trends Blog Banner.png

At Threat Stack we are continuously enhancing the Cloud Security Platform® to improve your ability to identify and respond to threats. We have just added an “Alert Trends” view that lets you quickly and easily see spikes in alerts, enabling faster detection of anomalous behaviors.

Read More [fa icon=long-arrow-right"]

Jul 19, 2017 10:18:53 AM

[fa icon="comment"] 0 Comments

5 Principles for Running Securely in a Multi-Cloud Environment

by Travis Wilkins , posted in Cloud Security, AWS, Azure, Google Cloud, Security in Multi-Cloud Environments

Multi-Cloud Blog Banner.png

AWS has long ruled the cloud platform game. But today more and more companies are branching out and using additional providers as well. Often this isn’t a matter of replacing one with another, but of different business requirements (such as managing risk and costs) being suited to different cloud vendors. Other factors for using more than one provider center on the fact that vendors work to price their offerings competitively and continually add new features. Additionally, many organizations that run Windows are offered free Azure credits. So why not take advantage and reduce your overall cloud costs?

There’s nothing wrong with running a multi-cloud environment — in fact doing so may be part of a well-crafted strategy  but when you do so, you want to make sure that you are taking appropriate security precautions. In this post, we’ll cover five principles you should strive for when you make the move to a multi-cloud environment. But first, let’s take a look at the major players.

Read More [fa icon=long-arrow-right"]

Jul 18, 2017 10:45:51 AM

[fa icon="comment"] 0 Comments

How to Use Automation to Decrease Mean Time To Know

by Anthony Alves , posted in Automation, Mean Time To Know, Process Automation

Automation MTTK Blog Banner.png

Mean Time To Know (or MTTK for short) is one of the most important metrics in security operations. It measures how efficient the security team is at detecting real threats. The shorter it is, the sooner you will catch an attack in progress and be able to put a stop to it, reducing the negative consequences for your organization. 

But the reality is, it’s not so easy to reduce MTTK. For starters, security teams are barraged with alerts on a daily basis, requiring manual work to sift through the noise to find a signal that indicates a real issue. Add on all the other tasks that need to be done aside from alert investigations, and it’s seemingly impossible to get ahead.

This is where automation comes in. Automation not only eliminates the need to manually handle tedious tasks (like alert response). It also helps you to optimize your existing resources, empowering them to actually focus on MTTK and get it under control.

In this post, we’ll take a closer look at what MTTK is (and isn’t) and how you can leverage automation to effectively decrease it.

Read More [fa icon=long-arrow-right"]

Jul 13, 2017 9:15:51 AM

[fa icon="comment"] 0 Comments

5 Considerations for Evaluating a Cloud Security Solution

by Travis Wilkins , posted in Selecting Cloud Security Solutions, Selecting Cloud Security Solution Providers

Cloud Security Solution Blog Banner.png

Many companies today are turning to cloud security solutions — from security monitoring platforms to orchestration tools to alerting systems — in order to manage both strategic and tactical security initiatives. Purpose-built technological solutions — especially if you’re a company with limited in-house expertise and resources — can help you stay on top of security without having to hire more people or add to your already long list of things to do.

Before choosing a cloud security solution, however, you need to take many considerations into account — some that focus on the solution itself, and others that focus more squarely on the provider of the solution (because, ultimately, you can’t separate the solution from the provider). In this post, we’ll cover some of the most important considerations.

Read More [fa icon=long-arrow-right"]

Jul 7, 2017 11:23:36 AM

[fa icon="comment"] 0 Comments

How to Generate Compliance Alert Reports Using the Threat Stack API

by David M. Weinstein , posted in Threat Stack API, Threat Stack Compliance Rule Sets, Threat Stack Compliance Alert Reports

Compliance Alerts Blog Banner.png

In previous posts we have described how Threat Stack can help demonstrate compliance, for example with PCI and FFIEC guidance, HIPAA, SOC 2, and other compliance frameworks. (See the Resources section below.) To assist our customers with these initiatives, we have created sample compliance rule sets that can be used to generate alerts that are mapped to specific requirements of these frameworks.

In this post we explain how to leverage the Threat Stack API to create reports of alerts from specific rule sets that can be given to auditors to help demonstrate compliance, used internally, or shared with customers. 

Read More [fa icon=long-arrow-right"]

Jul 5, 2017 9:10:47 AM

[fa icon="comment"] 0 Comments

Why Docker Can’t Solve All Your Problems in the Cloud

by Chris Gervais , posted in docker, Containers, Cloud Infrastructure

Docker Cloud Blog Banner.png

Docker and other container services are appealing for good reason. They are lightweight and flexible. For many organizations, they enable the next step of platform maturity by reducing the needs of a runtime to the bare essentials (at least, that's the intent).

When you dig into the benefits afforded by containers, it’s easy to see why so many companies have started projects to:

  • Containerize their apps and supporting services
  • Achieve isolation
  • Reduce friction between environments
  • Potentially improve deployment cycle times

The software development pattern of small things, loosely coupled, can go even further with an architecture built around containerization. We’re big fans at Threat Stack, and continue to invest in supporting our customers who rely on them. In fact, we recently announced official CoreOS support for our agent.

However, we have discovered that there is no shortage of misunderstandings about Docker (no surprise given the rapid growth and pace of change) and other container services in terms of:

  • How their benefits are realized
  • The impact on infrastructure/operations
  • The implications on overall SDLC and Ops processes

Containers certainly offer plenty of benefits, and it makes good sense to explore whether and how they could work for your organization. But it is also a good idea to take off the rose-colored glasses first and approach this technology realistically.

Read More [fa icon=long-arrow-right"]

Jun 27, 2017 4:52:32 PM

[fa icon="comment"] 0 Comments

The RNC Data Exposure: Learnings and Actions to Take

by Natalie Walsh , posted in Vulnerabilities, Cyber Threats, RNC Data Exposure, Risk Acceptance & Management

RNC Data Exposure Blog Banner.png

Recently, headlines were hyping the largest ever exposure of voter information, involving some 9.5 billion data points related to 198 million U.S. voters. 

Attention-getting stuff. And since the story involved the Republican National Committee (RNC), the hype was intensified. Somewhat imprecisely, many articles characterized the incident as a data “leak”, “breach”, or “compromise” — again, adding to the intensity, but not the accuracy of what actually happened.

I’m not trying to minimize the seriousness of the issue — the potential damage was enormous as were the implications regarding security and privacy. But now that some of the dust has settled, it’s time to back away from the headlines and explore what actually happened.

So let’s see what we can learn from the RNC data exposure — and more importantly — what we can and must do to better protect our data and systems going forward.

Read More [fa icon=long-arrow-right"]

Jun 23, 2017 3:39:23 PM

[fa icon="comment"] 0 Comments

3 Key Points on How Vulnerability Management Can Help You Become Compliant

by Travis Wilkins , posted in Vulnerability Management, Regulatory Compliance

Vuln Management Compliant Blog Banner.png

Two interesting observations:

The average number of days that attackers were present on a victim’s network before being discovered is 146 days. (FireEye)

At Threat Stack, we have observed that a majority of the market is moving toward automated security vulnerability and configuration scanning.


You would be hard pressed to come by a compliance framework that did not require you to have a system to detect and manage vulnerabilities. Vulnerabilities are as old as technology itself, so to call yourself compliant, you first need to demonstrate that you have a sound vulnerability management program in place.

Vulnerability management systems identify common vulnerabilities and exposures (also known as CVEs), alerting you when a server or package is at risk so you can patch it immediately.

Simply by having a vulnerability management program in place, you can often satisfy many other major compliance requirements. In this post, we’ll explain how vulnerability management helps you to become compliant.

Read More [fa icon=long-arrow-right"]

Jun 23, 2017 11:03:51 AM

[fa icon="comment"] 0 Comments

How Companies Can Provide Security Transparency to Customers and Prospects

by Jim McDonough, VP Inside Sales, Threat Stack , posted in Cloud Security, High Velocity Sales

Security Transparency Blog Banner.png

Leveraging Security in the Sales Process

Security is more than just a good business practice. It also serves as insurance for your customers that security is a top priority. With the right protections in place, you demonstrate that their data will be safe with you, and this can accelerate the sales cycle. But without good security, sales cycles can drag on or even grind to a halt. Of course, you need to start by having the right security technologies, processes, and personnel in place. Then, you need to be able to convey all of this to prospective and current customers.

In this post, we’ll explain what you need to do to guarantee robust security and how you can communicate this to customers and prospects, giving them visibility into your security measures.

Read More [fa icon=long-arrow-right"]

Jun 21, 2017 1:40:59 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all