Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

How to Use Automation to Decrease Mean Time To Know

by Anthony Alves , posted in Automation, Mean Time To Know, Process Automation

Automation MTTK Blog Banner.png

Mean Time To Know (or MTTK for short) is one of the most important metrics in security operations. It measures how efficient the security team is at detecting real threats. The shorter it is, the sooner you will catch an attack in progress and be able to put a stop to it, reducing the negative consequences for your organization. 

But the reality is, it’s not so easy to reduce MTTK. For starters, security teams are barraged with alerts on a daily basis, requiring manual work to sift through the noise to find a signal that indicates a real issue. Add on all the other tasks that need to be done aside from alert investigations, and it’s seemingly impossible to get ahead.

This is where automation comes in. Automation not only eliminates the need to manually handle tedious tasks (like alert response). It also helps you to optimize your existing resources, empowering them to actually focus on MTTK and get it under control.

In this post, we’ll take a closer look at what MTTK is (and isn’t) and how you can leverage automation to effectively decrease it.

Read More [fa icon=long-arrow-right"]

Jul 13, 2017 9:15:51 AM

[fa icon="comment"] 0 Comments

How to Prioritize Security Tasks When You Have Limited Resources

by Travis Wilkins , posted in Continuous Security Monitoring, Automation, Cloud Security Maturity Model, AWS Configuration Auditing, Visibility

Security Tasks Blog Banner.png

Many organizations have limited resources (time, personnel, and money) for IT, and oftentimes only a small portion of that is devoted to security. Given the limited resources available to create and execute a best practice security plan, you will need to face up to these constraints and prioritize security tasks.

But how, exactly, should you go about strategically prioritizing your security needs? How can you determine which aspects need to be addressed first and which can be dealt with later? After all, aren’t they all important?

Read More [fa icon=long-arrow-right"]

Jun 7, 2017 11:08:48 AM

[fa icon="comment"] 0 Comments

How to Use Automation to Improve Your Cloud Security Posture

by Tim Armstrong , posted in Cloud Security, Automation, Cloud Security Use Cases Playbook, Cloud Security Use Cases, Process Automation, Automated Monitoring and Alerting

Cloud Security Use Cases Part 3-2 Blog Banner.jpg

Automating security processes and workflows can help teams lower Mean Time To Resolution (MTTR), maintain or strengthen an organization’s security posture, and drive operational efficiency. Sounds pretty good, right?

In our recent Cloud Security Use Cases Playbook, we took a look at the key operational processes that all teams should have in place and some of the ways they can continually optimize those processes over time. Today, let’s take a look at how automation can provide ongoing, deep visibility and supercharge your security operations, all while saving you time and resources.

Read More [fa icon=long-arrow-right"]

Jan 27, 2017 10:34:23 AM

[fa icon="comment"] 0 Comments

Jun 10, 2016 1:47:14 PM

[fa icon="comment"] 0 Comments

The Weekly Security and DevOps News Brief

by The Threat Stack Team , posted in Security, DevOps, SecDevOps, Automation, SecOps


A lot happened in the world of security and DevOps this week. Here are the top posts we saw:

Read More [fa icon=long-arrow-right"]

Mar 11, 2016 2:41:49 PM

[fa icon="comment"] 0 Comments

Behavioral Threat Monitoring Without Models

by Aaron Botsis , posted in Announcements, Agent, Policy, Behavior, Automation

One of the great things about the cloud is the ability for companies to grow and shrink their infrastructure elastically to meet varying levels of demand. What many people don’t think about is how to secure this sprawl of cloud compute instances. As new systems are deployed, how do you enforce a policy on them? How do you look for anomalous behavior when an instance hasn’t been up long enough to determine a baseline?

Cloud Sight has solved this problem from day 1 with our policy framework. Our policies encompass all attributes of an instance’s security posture: alert rules, file integrity rules, firewall rules, so many rules! But also, each policy has a unique, learned behavioral model associated with it. For example, an Apache web server process doesn't usually fork /bin/sh. When our agent is activated, the instance’s baseline is already established from its peers which enables us to immediately start monitoring for anomalies.

Read More [fa icon=long-arrow-right"]

Jun 10, 2014 5:01:00 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all