Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

73% of Companies Have Critical AWS Security Misconfigurations

by Michal Ferguson , posted in Cloud Security, AWS Security, AWS Configuration Auditing, Threat Stack Cloud Security Study

AWS Security Misconfigurations Blog Banner.png

Threat Stack Delivers Wake Up Call

Wide open SSH and infrequent software updates among top risks identified in the majority of cloud-based environments

How effective are your AWS security configurations? And how do you know for sure?

In a recent eye-opening study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet. By “critical”, we mean configuration lapses that enable an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies. That is some critical stuff!

If we caught your attention with that opening statistic, please read on.

Read More [fa icon=long-arrow-right"]

Apr 18, 2017 12:44:25 PM

[fa icon="comment"] 0 Comments

Steps for Establishing Your AWS Security Roadmap

by The Threat Stack Team , posted in Cloud Security, Webinar, Compliance, AWS Security, AWS Security Roadmap

AWS Roadmap Webinar Recap Blog Banner.png

Yesterday, we hosted one of our most popular webinars to date: Steps for Establishing Your AWS Security Roadmap. Threat Stack’s VP of Engineering, Chris Gervais, was joined by AWS Solution Architect, Scott Ward, along with Zuora’s Head of Infrastructure Security, Bibek Galera for a practical discussion on how companies can build an effective cloud security roadmap from day one.

Read More [fa icon=long-arrow-right"]

Mar 10, 2017 10:39:26 AM

[fa icon="comment"] 0 Comments

According to Our Readers: Threat Stack’s Top 10 Blog Posts for 2016 (and More)

by Tim Armstrong , posted in Cloud Security, Compliance, AWS Security, SOC 2, Cassandra, Top Blog Posts, Whitelisting, System Upgrades, webpack, Scala, Post-Mortems, Rogue One

Top 10 Blog Banner.jpg

One of our goals at Threat Stack is sharing information that will help you learn about the current cloud security threat landscape in order to effectively and more easily manage your organization’s security issues — and confidently get on with running your business.

To this end, the Threat Stack blog is a terrific repository of articles that cover a range of security topics. If you’re not a regular reader, we encourage you to start exploring — and in the meantime, have a look at the ten most-read posts of 2016.

Read More [fa icon=long-arrow-right"]

Dec 28, 2016 9:42:20 AM

[fa icon="comment"] 0 Comments

Threat Stack Broadens Cloud Security Platform With New Configuration Auditing

by Megan Rees Ahigian , posted in Cloud Security, AWS Security, Cloud Security Platform, AWS Configuration Auditing

Config Audit Blog Banner.jpg

How securely configured is my AWS environment? Have I checked all the right boxes? Have I locked all my doors and windows?

With the release of AWS Configuration Auditing — a major new feature of the Threat Stack Cloud Security Platform® (CSP) — Threat Stack is the only cloud security monitoring platform that enables customers to assure that their AWS environment is configured to policy and from there, implement continuous security monitoring, alerting, and investigation at any stage in their company’s cloud maturity lifecycle.

Configuration Auditing enables Threat Stack customers operating in AWS to implement AWS security best practices by automatically auditing current environments and providing an immediate, concise report of configurations that are non-compliant with best practices. Threat Stack then offers steps to remediate the issues and make the AWS environment more secure.

Read More [fa icon=long-arrow-right"]

Dec 1, 2016 10:37:16 AM

[fa icon="comment"] 0 Comments

Considerations For Creating Secure User Groups on AWS Using IAM

by Anthony Alves , posted in AWS Security, IAM, Identity Access and Management, IAM Users and Groups

AWS IAM Blog Banner.jpg

A big difference in the way on-premise infrastructures and cloud infrastructures are implemented centers on the way that user permissions are assigned. As you move towards software-defined everything, where data and systems are far more connected (generally a good thing), you need to pay special attention to the roles and permissions you grant to ensure that users are only given as much access as they absolutely need. No more, no less.

Read More [fa icon=long-arrow-right"]

Nov 29, 2016 10:11:08 AM

[fa icon="comment"] 0 Comments

Best Practices for Implementing & Scaling Security in AWS

by Tim Armstrong , posted in Cloud Security, Webinar, AWS, AWS Security, Cloud Security Best Practices

Nov Webinar Recap Blog Banner.jpg

Security is a shared responsibility when you run your business on Amazon Web Services (AWS). To hold up your end of the bargain, there are many best practices at companies should be employing early on (but often don’t) to ensure that they’re maintaining security and that it can scale as the company grows.

Read More [fa icon=long-arrow-right"]

Nov 18, 2016 1:28:44 PM

[fa icon="comment"] 0 Comments

The Top 7 AWS Security Issues: What You Need to Know

by Leigh Moore , posted in Cloud Security, AWS Security, Amazon Web Services (AWS)

TS16031_ThreatStack_AWSSecurityIssues_BlogImg.jpg

Despite the rapidly growing need for cloud-native visibility into behavior and activity across AWS environments, companies are still learning about best practices for AWS security.

Read More [fa icon=long-arrow-right"]

Jun 15, 2016 1:12:32 PM

[fa icon="comment"] 0 Comments

Nov 11, 2015 9:00:13 AM

[fa icon="comment"] 0 Comments

Oct 23, 2015 12:13:38 PM

[fa icon="comment"] 0 Comments

Reinforcing Your Hardened Server's Soft Spots

by Sam Bisbee , posted in AWS Security

 

If you have either deployed or are planning to deploy a workload to the Cloud, perhaps using AWS, you are looking to run your operations efficiently without compromising security. In a recent post we discussed the AWS Shared Responsibility Model in which you are responsible for the security of your own data, platform, applications, and networks in the Cloud, while AWS is responsible for the security of the Cloud itself. Being security conscious, you understand this model and may have followed the AWS Security Best Practices in an effort to harden your EC2 instances.

Read More [fa icon=long-arrow-right"]

Jun 30, 2015 12:54:01 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all