Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

OS Updates and Package Management: Ubuntu Repo Management With Aptly and AWS S3

by Tom McLaughlin , posted in OS Updates, Aptly, Patch Management

Starting Your Cloud Security Journey Part 4.png

Note: In light of the AWS S3 outage in us-east-1 on February 28, 2017, let's discuss a few things. Amazon's S3 has exemplary availability. Compare that with the time and cost of maintaining package distribution yourself. It's easy to look at S3's outage and conclude that it is better to handle the responsibility yourself. In the same way, it's easy to see news of a plane crash and conclude that driving is more reliable. The feeling of control doesn't always lead to the most reliable outcome. Aptly does provide the ability to serve a repository on its own. See how to front Aptly with nginx in an emergency like the one on Tuesday February 28.

It is an unfortunate fact that many organizations do not routinely perform comprehensive software patching. At Threat Stack, we have confirmed this with our own analysis of how frequently systems are updated, and Verizon’s DIBR shows us that the most commonly exploited vulnerabilities are months or years old.

But patching is one area where following the status quo is a very bad idea. As a best practice, your organization needs a patching strategy to make sure it remains secure, and with that in mind, this post explains how you can adopt a patching strategy that suits your organization’s needs and values.

Read More [fa icon=long-arrow-right"]

Feb 28, 2017 8:11:14 PM

[fa icon="comment"] 0 Comments

Reliable UNIX Log Collection in the Cloud

by Pat Cable , posted in Cloud Security, Logging, Infrastructure, Log Collection

Unix Log Collection Blog Banner-02.png

One way organizations can improve their security and operational ability is to collect logs in a central location. Centralized logging allows engineers across the entire organization to have a "common view" of the system under load, and can provide vital shared context when things go wrong.

Over the last few months, we at Threat Stack have been reworking how we handle all aspects of our logging system. This project encompasses everything, from the content of our log data to the infrastructure that collects it. In this post you'll learn about how our internal applications send log data, where they send it to, and the trade offs we considered in making our collection system reliable.

Read More [fa icon=long-arrow-right"]

Feb 28, 2017 5:21:48 PM

[fa icon="comment"] 0 Comments

How to Stay Secure on Slack

by Pete Cheslock , posted in Cloud Security, Shared Responsibility Model, Slack

How to Stay Secure on Slack Blog Banner.png

If you’re already on the Slack bandwagon, then you probably have experienced first-hand how it can make communications between teams far simpler and more streamlined. With 1.7 million daily active users, it’s clear Slack has come to dominate the team chat world, especially in tech and tech-savvy industries.

From a security perspective, Slack has done a solid job of keeping its assets on lock. In 2016, they scored Geoff Belknap from Palantir to become chief security officer. And they have been pretty transparent about their approach to security. They have dedicated a whole section of their website to it and published interviews with Belknap and others that delve into Slack’s precautions and philosophy around security. Belknap says, “My job is to worry. Professionally. So that our customers don’t have to.” We love that attitude!

The company has also gone to the trouble of certifying many of its products to meet stringent compliance regulations like FINRA, HIPAA, and SOC 2 and 3, which makes it a no-brainer for small teams and enterprises alike.

So, we feel that it’s perfectly possible for companies of all shapes and sizes to lean on Slack for team chat and ops without worrying too much about security. But, we also believe in the shared responsibility model when it comes to any form of online security. No one’s perfect, and Slack’s ubiquity and popularity mean that it will always be a target for cybercriminals looking to steal information.

There’s no need to run scared, but you do need to be smart about how you use this valuable tool. Here are our tips for running Slack securely at your organization.

Read More [fa icon=long-arrow-right"]

Feb 27, 2017 2:27:41 PM

[fa icon="comment"] 0 Comments

Cloud Security Best Practices: Finding, Securing, & Managing Secrets, Part 2

by Tom McLaughlin , posted in Cloud Security Best Practices, Cloud Security Maturity, Managing Secrets

Starting Your Cloud Security Journey Part 3-2.png

In Part 1 of this post we explained how you can find all the secrets in your environment. In Part 2 we will discuss effective ways to store and manage secrets — to keep them from leaking to unauthorized people.

Read More [fa icon=long-arrow-right"]

Feb 26, 2017 10:32:57 AM

[fa icon="comment"] 0 Comments

Don’t Make Perfect Security the Enemy of Good Security

by Tim Armstrong , posted in Cloud Security, Cloud Security Strategy, Cloud Security Maturity Strategy, Cloud Security Baseline

Perfect Enemy Good Security Blog Banner.png

We’ve written before about what it means to meet compliance standards without going completely overboard. Today, we want to talk about how that applies to cloud security as well. Some teams mistakenly believe that their security posture needs to be absolutely perfect. That’s not only overwhelming — it’s impossible.

More to the point, the reality of today’s security landscape is that cybercriminals are always looking for the path of least resistance. If company A has reasonably good security safeguards in place and company B does not, criminals aren’t going to waste resources poking at company A until they find a weakness. They’ll go after company B.

This is why we tell organizations that, when it comes to security, perfect can often be the enemy of good. Rather than trying to make your organization perfectly airtight, it’s time to focus on making your company as unappealing an attack target as possible. Here’s how.

Read More [fa icon=long-arrow-right"]

Feb 24, 2017 9:22:39 AM

[fa icon="comment"] 0 Comments

How to Talk to Your Prospects About Cloud Security

by Jim McDonough, VP Inside Sales, Threat Stack , posted in Cloud Security, Compliance, High Velocity Sales

Cloud Security Prospects Blog Banner.png

Security can be a huge sales and business enabler, as I've mentioned before. If your company and its prospective customers are in a regulated industry — and even if they’re not — you can bet they’re going to ask about your security posture during the sales process. For a number of reasons (including the many high-profile security breaches over the last few years), sales prospects are more aware of risks to their data than ever before. Naturally, they are upping the security requirements for doing business with vendors and partners alike.

This means it’s more important than ever that your sales team understands how to talk to prospects about security. In this post, we’ll outline a number of ways that businesses can do this and do it well.

Read More [fa icon=long-arrow-right"]

Feb 23, 2017 1:22:53 PM

[fa icon="comment"] 0 Comments

Chef Habitat For Packaging Python Flask Web Services

by Tom McLaughlin , posted in Cloud Security, Web Services, Python, Chef, Habitat

Python Flask Habitat Blog Banner-2.png

One of the challenges of building open source tools is figuring out how to package and distribute them. This is particularly true with web services. To make building, deploying, and running web services easier, Chef created Habitat.

When building open source web services for Threat Stack, one of our concerns is how to package these Python Flask applications so they run in the widest array of environments with low adoption friction. Using Habitat, the process is quick and easy.

For this post, we’re going to focus on the specifics of packaging a Python Flask application and the particular needs of that stack.

Read More [fa icon=long-arrow-right"]

Feb 22, 2017 1:02:18 PM

[fa icon="comment"] 0 Comments

Cloud Security Best Practices: Finding, Securing, & Managing Secrets, Part 1 — truffleHog & git-secrets

by Tom McLaughlin , posted in Cloud Security Best Practices, Cloud Security Maturity, Managing Secrets

Starting Your Cloud Security Journey Part 3.png

Secrets — passwords, API keys, secure tokens, private keys, and so on — protect access to sensitive resources in your environment. If not properly managed, they can end up in the wrong hands.

In Part 1 of this post, we will show you how to find secrets using truffleHog and git-secrets. In Part 2, we will explain how to manage them using appropriate software tools in order to quickly and cost-effectively achieve a higher level of security.

Read More [fa icon=long-arrow-right"]

Feb 21, 2017 2:23:48 PM

[fa icon="comment"] 0 Comments

How to Use Ops Tools for Security and Security Tools for Ops

by Tim Armstrong , posted in Cloud Security, SecOps, DevSecOps, SecOps Playbook, SecOps Tools, Security Tools, DevOps Tools

Security Ops Tools Blog Banner.png

Investing in SecOps doesn’t just mean hiring folks who know how to blend together software development, IT operations, and security skillsets. It also doesn’t just mean telling your DevOps team to run secure or scolding your security team into moving fast enough to keep up with continuous deployment.

Truly committing to SecOps means investing in tools that can do double (or triple) duty — helping you not only release code continuously but ensure that everything from your back-end infrastructure to your customer-facing applications is 100% secure. It means investing in tools that make meeting both DevOps and security best practices simple and straightforward.

As DevOps expands to include more security functions and security evolves to be more agile, it’s never been more important (or economical) to be able to use operational tools for security and security tools for operations. DevOps teams want software that can integrate critical functions of security, like alerting, directly into their current processes. Security teams want tools that let them seamlessly interact with DevOps.

Here’s what that should look like.

Read More [fa icon=long-arrow-right"]

Feb 17, 2017 3:17:23 PM

[fa icon="comment"] 0 Comments

How Securely Configured is Your AWS Environment?

by Tim Armstrong , posted in Cloud Security, Threat Stack Audit, Cloud Security Baseline, Threat Stack Audit Trial, CloudTrail Alerting, Cloud Security Maturity, Configuration Auditing

Starting Your Cloud Security Journey Part 2.png

With the launch of the new Threat Stack free cloud security Audit trial, we wanted to provide some tips on how to easily assess how well your AWS environment is configured. So, let's get started...

What is a Cloud Security Baseline?

The phrase is bandied about a lot, so let’s get to it: What is a security baseline?

One of the problems that many organizations run into, especially when they are starting out in cloud security, is not knowing where to start and not having specific data to help them define and improve the status of their cloud security.

That’s where a baseline proves critical. CERN Computer Security defines a security baseline as “a set of basic security objectives which must be met by any given service or system.”

If you put this in the context of cloud security, a baseline will show you how closely a snapshot of your current cloud environment conforms to industry best practices and benchmarks.

This sounds a bit academic, so let’s get down to specifics by taking a look at the new product and free trial we are offering to help you establish and maintain a baseline — Threat Stack Audit.

Read More [fa icon=long-arrow-right"]

Feb 15, 2017 9:27:35 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all