Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Working With Threat Stack Sample Compliance Rule Sets

by David M. Weinstein , posted in HIPAA, SOC 2, PCI, Regulatory Compliance, FFIEC, Compliance Rule Sets

Compliance Rule Sets Blog Banner.png

The Threat Stack Cloud Security Platform® is an important tool for companies with cloud compliance initiatives, including HIPAA, PCI, SOC 2, and FFIEC. To help our customers with these initiatives, Threat Stack has released four new example rulesets with monitoring rules that map to each of these compliance frameworks. This post is an introduction to these rule sets, and explains how to:

  • Request the rule sets
  • Use the compliance rule sets
  • Customize compliance rules
  • Create new compliance rules

(If you’re not a customer, this post will give you an excellent insight into one of Threat Stack’s powerful characteristics — the ability to create, clone, and edit rules in order to reflect the specific nature of your environment.)

Read More [fa icon=long-arrow-right"]

Apr 28, 2017 5:00:57 PM

[fa icon="comment"] 0 Comments

Eyes on the Ground: Why You Need Security Agents

by Nathan Cooprider , posted in HIDS, Agent Fatigue, Security Agents

Security Agents Blog Banner.png

A post based on the talk I just gave at SOURCE Boston 2017

If you answer Yes to one or more of the following questions, you probably have agent fatigue! Do not worry, I'm here to help and we can work through this.

  • Do you often find yourself booting into safe mode?
  • Do you regularly look for programs in the taskbar to kill?
  • Do you look for reasons why your computer seems so sluggish after IT did something to it?
  • Do you wonder why you even pay for that thing on your computer?
  • Do you have employees who complain about installed software?
  • Do you look for ways to meet compliance requirements in software?
  • Do you care about security?
Read More [fa icon=long-arrow-right"]

Apr 28, 2017 11:56:47 AM

[fa icon="comment"] 0 Comments

Apr 27, 2017 4:41:36 PM

[fa icon="comment"] 0 Comments

Considerations for Moving Services to AWS Lambda

by Tom McLaughlin , posted in Python, Flask, AWS Lambda

AWS Lambda Blog Banner.png

You’re an Ops person who’s ready to take a dip into AWS Lambda and this whole serverless thing. But where do you start? You’ve gone from deploying a monolith to deploying microservices. Now how do you go from deploying a microservice to deploying functions?

We want to take something that was originally written to run on an EC2 instance and run it on Lambda. How do we get there? In this post, we’ll explore this question by looking at the threatstack-to-s3 service that we’ve discussed in other blog posts.

Read More [fa icon=long-arrow-right"]

Apr 27, 2017 11:13:59 AM

[fa icon="comment"] 0 Comments

Compliance in the Cloud: Q&A Webinar Recap

by Chris Gervais , posted in Cloud Security, Compliance in the Cloud, Regulatory Compliance Strategy, Compliance Audit

Compliance Webinar Recap Blog Banner.png

On April 25th, I had the pleasure of speaking with Ryan Buckner, Principal at Schellman & Company and Kevin Eberman, Director of Ops at MineralTree during a webinar on compliance in the cloud.

Using the cloud as our lens, we discussed the ways in which companies can better understand and navigate compliance. You can view the entire webinar or read our recap below.

Read More [fa icon=long-arrow-right"]

Apr 26, 2017 3:34:37 PM

[fa icon="comment"] 0 Comments

Why Automated Security Threats are Proliferating and How to Fight Back

by Anthony Alves , posted in Cloud Security, Automated Security Threats

Automated Security Threats Blog Banner.png

We’ve written before about the importance of looking inward, rather than out, when it comes to evaluating what types of cyberattacks are the biggest threat to your unique organization. A large part of the attack landscape today includes automated threats. Rarely do we come across handcrafted attacks targeting specific organizations. A far cry from bespoke and laser-targeted, the vast majority of today’s cyberattacks are built for volume and trolling for the weakest point of entry.

So, what exactly are automated security threats and how can you best protect your organization from them?

Read More [fa icon=long-arrow-right"]

Apr 25, 2017 9:53:33 AM

[fa icon="comment"] 0 Comments

Five OpSec Best Practices to Live By

by Palen Schwab , posted in Security Awareness, OpSec, OpSec Best Practices

OpSec Blog Banner.png

Often when we talk about security, we focus on the mechanics of how to keep technical infrastructure safe. It can be easy to forget that operational security is just as important. When done right, strong OpSec practices will keep your business safe from leaked information, competitive disadvantage, and even public embarrassment.

Without good OpSec, your business may be vulnerable to information theft via an attack surface that has little or nothing to do with computers. With that said, here’s what you need to know about OpSec today.

What is OpSec?

OpSec stands for Operational Security. Many people think of it in a military or national security context. In those realms, OpSec means understanding what your adversaries can deduce from the communications you put out, and taking steps to limit the usefulness of any information they can easily gather. For our purposes — in the world of business — when we say OpSec, we mean: “Actions taken to ensure that information leakage doesn't haunt you.”

Similar concept, different context. OpSec in the world of business is all about making sure that information about your business that should remain private, does remain private. This article offers a helpful framework for applying OpSec principles to business. Below, we’ll explain what we’ve learned and how we share that with our own employees.

Read More [fa icon=long-arrow-right"]

Apr 24, 2017 10:56:27 AM

[fa icon="comment"] 0 Comments

Authkeys: Making Key-Based LDAP Authentication Faster

by Pat Cable , posted in Security, Authkeys, LDAP Authentication

Authkeys Blog Banner.png

Authkeys, Threat Stack’s new open source tool, performs LDAP lookups of SSH keys without the need for using scripts or other interpreted code.

You may recall from an earlier post that we’ve set up centralized authentication here at Threat Stack. Our motivation for doing so centered on the desire to achieve clearer access control for the servers that power our platform. By doing this, we no longer need to use Chef to deploy the majority of users to servers. Rather, we can use an internal application to add, lock, and update users and their associated metadata.

Read More [fa icon=long-arrow-right"]

Apr 21, 2017 11:21:08 AM

[fa icon="comment"] 0 Comments

Meeting Compliance in the Cloud ≠ A Choice

by Michal Ferguson , posted in HIPAA, SOC 2, Compliance in the Cloud, PCI Compliance

Meeting Compliance in the Cloud Blog Banner.png

In the past, we’ve talked about various ways that compliance can add value to your business. But what happens when you don’t attain or maintain compliance. (Note: In the following, we focus on PCI, but equally unpleasant consequences can result, of course, if you fail to meet other standards such as HIPAA, SOC 2, etc.).

Read More [fa icon=long-arrow-right"]

Apr 20, 2017 10:46:41 AM

[fa icon="comment"] 0 Comments

Cicadas & Security, Part 2: When a Verified PGP Key Takes You on a Trip to the Desert

by Toni Noble , posted in Cicada 3301, Encryption, Alternate Reality Games, ARG, PGP, PGP Tutorial

Cicadas Security Part 2 Blog Banner.png

Since our first installment in this series, there has been little excitement around the Cicada 3301 community, as a verified clue has yet to surface online or, as far as we know, in real life. A user going by the handle CicadaDave came forward on Reddit claiming to be part of a four-person team behind Cicada. His original post has since been deleted, but a lone comment remains on the account stating “I am Michael Cicada, aka Cicada Dave. We created Cicada 3301 as a joke between 4 bored MIT students. I am on Facebook if you have questions.”

Read More [fa icon=long-arrow-right"]

Apr 19, 2017 11:45:13 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all