Jun 12, 2017 11:59:08 AM
Many organizations have limited resources (time, personnel, and money) for IT, and oftentimes only a small portion of that is devoted to security. Given the limited resources available to create and execute a best practice security plan, you will need to face up to these constraints and prioritize security tasks.
But how, exactly, should you go about strategically prioritizing your security needs? How can you determine which aspects need to be addressed first and which can be dealt with later? After all, aren’t they all important?
Jun 7, 2017 11:08:48 AM
New vulnerabilities are discovered on a regular basis, and some receive quite a bit of publicity, while others fly under the radar. The latter situation can open up extensive opportunities for attackers to exploit these vulnerabilities.
A good example of one that has been “out” for quite a while without receiving much attention in the media (and thus from organizations that may be affected) is the Apache Struts vulnerability. Today, we’d like to take a look at what it is, why it’s worthy of attention, and what you can do to protect your organization.
Jun 5, 2017 10:01:07 AM
A Guide to Meeting Customer Requirements Now
Has the following happened to you?
A customer or key prospect is demanding that your organization become compliant so you can do business with them. You know what you need to do, but how to do it is the challenge.
Jun 2, 2017 9:09:10 AM
Once again, Monitorama 2017 — the sixth official Monitorama — was held in Portland, OR. The event began at 10 a.m. on Monday, May 22 with a talk by John Rauser of Snapchat and ran for three days packed with great presentations, demos, and conversations.
May 31, 2017 10:59:44 AM
Last week, over a thousand Chefs descended on the city of Austin for ChefConf 2017. The recipe for the week was two days of talks, numerous technical workshops, a heavy dose of innovation, and a dash of 70’s cover bands. Chef introduced their Chef Client 13 and showed off their newer technologies, like Chef Automate and Habitat, their application configuration and management software. The Threat Stack team (Tom McLaughlin and I) showed up to exhibit with donuts, socks, and plenty of cheesy puns — that’s right, we can help you be SOCK compliant.
It was great engaging with the DevOps community and learning more about the challenges everyone is facing as technology evolves faster than anyone can keep up. Throughout the conference, I learned about all of the technological advances that Chef and friends are making and noticed some trends across all the talks and conversations I had with attendees. Here are three of the high-level themes I took away.
May 30, 2017 10:39:06 AM
Achieving optimal security in a cloud environment can seem like a moving target. New security threats are constantly popping up along with security implementations meant to fight them off. To help you achieve optimal security in this environment, this post highlights the top 10 best practices for AWS security.
May 25, 2017 9:14:49 AM
Yesterday, we co-hosted a webinar with Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, to discuss how companies can become secure by design using automation.
With cloud providers like AWS making it easier than ever to get up and running in the cloud, the next item on the agenda for many is how to get security up to speed as well. In yesterday’s webinar, Tim, Jason, and our own senior security engineer, Patrick Cable, offered practical and strategic ways for companies to do just this.
May 24, 2017 2:27:26 PM
We hear (and at Threat Stack, we write) a lot about the shared security responsibility model. This is the idea that, when it comes to the cloud, businesses are responsible for the security of their data and applications in the cloud, while providers are responsible for the security of the cloud infrastructure.
But are companies prepared to take responsibility for their end of the bargain? How far do we still have to go to reach the promised land of a successfully shared responsibility model? Below, we’ll explore where we stand today and what it will take to reach that holy grail.
May 23, 2017 9:42:32 AM
OneLogin’s Journey on AWS
OneLogin, an identity and access management (IAM) company, is dedicated to superior security for their users, which starts with their own stringent security posture. Since OneLogin’s customers typically come from regulated industries such as healthcare and online retail, OneLogin needed the ability to definitively show that their security, and that of their customers, was as secure as possible at any given moment.
May 22, 2017 9:45:14 AM