Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Jun 12, 2017 11:59:08 AM

[fa icon="comment"] 0 Comments

How to Prioritize Security Tasks When You Have Limited Resources

by Travis Wilkins , posted in Continuous Security Monitoring, Automation, Cloud Security Maturity Model, AWS Configuration Auditing, Visibility

Security Tasks Blog Banner.png

Many organizations have limited resources (time, personnel, and money) for IT, and oftentimes only a small portion of that is devoted to security. Given the limited resources available to create and execute a best practice security plan, you will need to face up to these constraints and prioritize security tasks.

But how, exactly, should you go about strategically prioritizing your security needs? How can you determine which aspects need to be addressed first and which can be dealt with later? After all, aren’t they all important?

Read More [fa icon=long-arrow-right"]

Jun 7, 2017 11:08:48 AM

[fa icon="comment"] 0 Comments

What You Need to Know About the Apache Struts Vulnerability

by Anthony Alves , posted in HIDS, Apache Struts Vulnerability, Host Intrusion Detection System

Apache Struts Blog Banner.png

New vulnerabilities are discovered on a regular basis, and some receive quite a bit of publicity, while others fly under the radar. The latter situation can open up extensive opportunities for attackers to exploit these vulnerabilities.

A good example of one that has been “out” for quite a while without receiving much attention in the media (and thus from organizations that may be affected) is the Apache Struts vulnerability. Today, we’d like to take a look at what it is, why it’s worthy of attention, and what you can do to protect your organization.

Read More [fa icon=long-arrow-right"]

Jun 5, 2017 10:01:07 AM

[fa icon="comment"] 0 Comments

New eBook: Fast-Tracking Compliance in the Cloud

by Michal Ferguson , posted in Cloud Security, Compliance in the Cloud, Cloud Compliance eBook

Fast-Tracking Blog Banner.png

A Guide to Meeting Customer Requirements Now

Has the following happened to you?

A customer or key prospect is demanding that your organization become compliant so you can do business with them. You know what you need to do, but how to do it is the challenge.

Read More [fa icon=long-arrow-right"]

Jun 2, 2017 9:09:10 AM

[fa icon="comment"] 0 Comments

Monitorama 2017: The Monitoring Revolution Continues

by Pete Cheslock , posted in Security Monitoring, Monitorama 2017

Monitorama Recap 2017 Blog Banner.png

Once again, Monitorama 2017 — the sixth official Monitorama — was held in Portland, OR. The event began at 10 a.m. on Monday, May 22 with a talk by John Rauser of Snapchat and ran for three days packed with great presentations, demos, and conversations.

Read More [fa icon=long-arrow-right"]

May 31, 2017 10:59:44 AM

[fa icon="comment"] 0 Comments

A Look Back at ChefConf 2017

by Natalie Walsh , posted in DevOps, ChefConf 2017

ChefConf Recap 2017 Blog Banner.png

Last week, over a thousand Chefs descended on the city of Austin for ChefConf 2017. The recipe for the week was two days of talks, numerous technical workshops, a heavy dose of innovation, and a dash of 70’s cover bands. Chef introduced their Chef Client 13 and showed off their newer technologies, like Chef Automate and Habitat, their application configuration and management software. The Threat Stack team (Tom McLaughlin and I) showed up to exhibit with donuts, socks, and plenty of cheesy puns — that’s right, we can help you be SOCK compliant.


It was great engaging with the DevOps community and learning more about the challenges everyone is facing as technology evolves faster than anyone can keep up. Throughout the conference, I learned about all of the technological advances that Chef and friends are making and noticed some trends across all the talks and conversations I had with attendees. Here are three of the high-level themes I took away.

Read More [fa icon=long-arrow-right"]

May 30, 2017 10:39:06 AM

[fa icon="comment"] 0 Comments

10 Best Practices for Securing Your Workloads on AWS

by Michal Ferguson , posted in AWS Security, AWS Security Best Practices

AWS eBook Blog Banner.png

Achieving optimal security in a cloud environment can seem like a moving target. New security threats are constantly popping up along with security implementations meant to fight them off. To help you achieve optimal security in this environment, this post highlights the top 10 best practices for AWS security.

Read More [fa icon=long-arrow-right"]

May 25, 2017 9:14:49 AM

[fa icon="comment"] 0 Comments

How to Leverage Automation to Make Your Organization Secure by Design

by Michal Ferguson , posted in Cloud Security, AWS Security Best Practices, Automating AWS Security, Security by Design

Secure by Design Webinar Recap Blog Banner.png

Yesterday, we co-hosted a webinar with Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, to discuss how companies can become secure by design using automation.

With cloud providers like AWS making it easier than ever to get up and running in the cloud, the next item on the agenda for many is how to get security up to speed as well. In yesterday’s webinar, Tim, Jason, and our own senior security engineer, Patrick Cable, offered practical and strategic ways for companies to do just this.

Read More [fa icon=long-arrow-right"]

May 24, 2017 2:27:26 PM

[fa icon="comment"] 0 Comments

Assessing the State of the Shared Responsibility Model

by Michal Ferguson , posted in Shared Responsibility Model, AWS Shared Responsibility Model, Azure Shared Responsibility Model

Assessing Shared Responsibility Model Blog Banner.png

We hear (and at Threat Stack, we write) a lot about the shared security responsibility model. This is the idea that, when it comes to the cloud, businesses are responsible for the security of their data and applications in the cloud, while providers are responsible for the security of the cloud infrastructure.

But are companies prepared to take responsibility for their end of the bargain? How far do we still have to go to reach the promised land of a successfully shared responsibility model? Below, we’ll explore where we stand today and what it will take to reach that holy grail.

Read More [fa icon=long-arrow-right"]

May 23, 2017 9:42:32 AM

[fa icon="comment"] 0 Comments

OneLogin Gains Granular Security Control With Threat Stack on AWS

by Michal Ferguson , posted in Threat Stack Cloud Security Platform, AWS Services, OneLogin

OneLogin Case Study Blog Banner.png

OneLogin’s Journey on AWS

OneLogin, an identity and access management (IAM) company, is dedicated to superior security for their users, which starts with their own stringent security posture. Since OneLogin’s customers typically come from regulated industries such as healthcare and online retail, OneLogin needed the ability to definitively show that their security, and that of their customers, was as secure as possible at any given moment.

Read More [fa icon=long-arrow-right"]

May 22, 2017 9:45:14 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all