Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Why Automated Security Threats are Proliferating and How to Fight Back

by Anthony Alves , posted in Cloud Security, Automated Security Threats

Automated Security Threats Blog Banner.png

We’ve written before about the importance of looking inward, rather than out, when it comes to evaluating what types of cyberattacks are the biggest threat to your unique organization. A large part of the attack landscape today includes automated threats. Rarely do we come across handcrafted attacks targeting specific organizations. A far cry from bespoke and laser-targeted, the vast majority of today’s cyberattacks are built for volume and trolling for the weakest point of entry.

So, what exactly are automated security threats and how can you best protect your organization from them?

Read More [fa icon=long-arrow-right"]

Apr 25, 2017 9:53:33 AM

[fa icon="comment"] 0 Comments

73% of Companies Have Critical AWS Security Misconfigurations

by Michal Ferguson , posted in Cloud Security, AWS Security, AWS Configuration Auditing, Threat Stack Cloud Security Study

AWS Security Misconfigurations Blog Banner.png

Threat Stack Delivers Wake Up Call

Wide open SSH and infrequent software updates among top risks identified in the majority of cloud-based environments

How effective are your AWS security configurations? And how do you know for sure?

In a recent eye-opening study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet. By “critical”, we mean configuration lapses that enable an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies. That is some critical stuff!

If we caught your attention with that opening statistic, please read on.

Read More [fa icon=long-arrow-right"]

Apr 18, 2017 12:44:25 PM

[fa icon="comment"] 0 Comments

5 Things All Security Teams Should Be Doing (But Many Aren't)

by Anthony Alves , posted in Cloud Security, Cloud Security Best Practices, Continuous Security Improvement

5 Things Security Teams Blog Banner.png

Security teams are expected to do a lot these days. From properly configuring the cloud environment, to protecting the organization from today’s latest threats, to answering tough questions from the board and customers, there’s more than enough to be done, but how do you know you’re doing the right things?

In this post, we’ll dive into the five biggest areas of security that all teams should be paying attention to. Addressing these will protect you from a large majority of security threats today, and will also create a solid security foundation that you can incrementally build on as your organization grows and your needs become more complex.

Read More [fa icon=long-arrow-right"]

Apr 13, 2017 5:38:20 PM

[fa icon="comment"] 0 Comments

Why You Should Think of Security as a Skill, Not Just a Role

by Palen Schwab , posted in Cloud Security, Cloud Security Best Practices, Cloud Security Awareness Program

Security as a Skill Blog Banner.png

A common mistake that we see organizations make is putting off security until they hire someone who specializes in it. Depending on the size of your company and the nature of your business, this could mean waiting several years to start taking security seriously. In today’s threat environment, that’s not realistic or practical. And, even when you decide you’re ready to bring someone in-house to focus on security — given the current security talent shortage — odds are it could take a while to find the right hire.

This is why we believe that organizations should start thinking about security as a competency, rather than simply a job description. You don’t need to have a CISO or a SOC or even a security analyst on your team before you can start taking steps to improve your security posture. The potential consequences of a breach (financial loss, reputation damage, downtime, or IP loss, to name a few) are too serious to ignore.

With that in mind, here’s how to start viewing security as a skill and how to boost that skill across your organization.

Read More [fa icon=long-arrow-right"]

Apr 12, 2017 1:43:05 PM

[fa icon="comment"] 0 Comments

The 5 Questions Your Security Team Should Be Able to Answer

by Anthony Alves , posted in Cloud Security, Cloud Security Best Practices

5 Questions Security Team Blog Banner.png

In a time when security consciousness is high and stories about security breaches are all too frequently in the headlines, your security team needs to be ready for questions it’s bound to receive from customers, auditors, employees, board members, and other affected parties.

We’ve covered a lot of topics in this blog, including cloud security strategies, basic security hygiene, best practices, and how to mature your security posture. But to make it easy for your security team, we’re going to use this post to address five fundamental questions that any security team must be able to answer and give tips on how you can prepare to answer them.

Read More [fa icon=long-arrow-right"]

Apr 10, 2017 11:39:01 AM

[fa icon="comment"] 0 Comments

Resources for DevOps Pros to Learn About Security

by Tom McLaughlin , posted in Cloud Security, DevOps, Professional Development, Security Education

DevOps Pros Security Resources Blog Banner.png

These days, security should be part of everyone’s job. This is especially true for DevOps teams, which are responsible for developing, delivering, and maintaining critical applications for many organizations, and must therefore prioritize security as part of their role. But the world of security can seem like a bit of a mystery until you’ve been exposed to it.

If you or someone on your team is looking to learn more about what it takes to run a secure organization today, we have provided a list of resources below, from conferences to reference books to Twitter handles, that are worth checking out.

Read More [fa icon=long-arrow-right"]

Apr 6, 2017 1:50:14 PM

[fa icon="comment"] 0 Comments

Calculating TCO: The Real Cost of Cloud Security

by Chris Gervais & Kevin Durkin , posted in Cloud Security, TCO, Total Cost of Ownership, Cloud Security Solution

TCO Blog Banner.png

This post examines the total cost of ownership (TCO) of a cloud security system, not in terms of the actual dollars and cents cost of a system, but in terms that will help you identify and understand the many hidden costs associated with accurately calculating the TCO for cloud security.

In essence, we want to show you some of the areas that would require a significant investment if you were to build, operate, and maintain a system with capabilities similar to Threat Stack’s Cloud Security Platform®. This, in turn, should help you make an informed decision as you go about selecting a cloud security solution that is appropriate for your organization.

Note: We use “build” in a broad sense in this post, from building a system from scratch, to leveraging open source tools, to creating integrations among multiple point solutions.

Read More [fa icon=long-arrow-right"]

Apr 5, 2017 10:34:21 AM

[fa icon="comment"] 0 Comments

New Playbook: Jump Starting Your Cloud Security Journey

by Tom McLaughlin , posted in Cloud Security, Cloud Security Maturity, Jump Starting Cloud Security Playbook, Implementing Cloud Security

Jump Starting Cloud Security Blog Banner-01.png

Cloud security is a complex subject, and customers sometimes tell us that one of their biggest challenges is simply knowing where to start.

In our latest playbook, Jump Starting Cloud Security: A Guide to Starting Your Cloud Security Journey, we have addressed this problem head on. If your organization is just starting out in cloud security — whether it’s a rapidly growing startup or a more established company — this Playbook is intended for you.

It’s a roadmap full of industry-proven practices that will put you on the fast track to cloud security monitoring, addressing your first round of security concerns, and measurably improving your security stance, all in a reasonable amount of time for a reasonable outlay of money and resources.

The hand-on approach will help you implement important security practices without diverting resources and attention away from your company’s main business goals, and you’ll also end up with a solid platform to build on when you want to move up to the next level of maturity on the cloud security ladder.

Read More [fa icon=long-arrow-right"]

Apr 4, 2017 5:20:49 PM

[fa icon="comment"] 0 Comments

Springbuk Case Study: How to Get Ahead of Compliance and Security Requirements on AWS

by Steve Caldwell , posted in Cloud Security, Compliance, Threat Stack Cloud Security Platform, Security and Compliance Requirements

Springbuk Customer Blog Banner.png

This is a guest blog post by Steve Caldwell, Director of Engineering at Springbuk, a health analytics software company that unifies pharmacy, biometric, and activity data, as well as medical claims to help employers make better decisions about employee health benefit programs.

As a health analytics company, Springbuk helps companies make better decisions around disease prevention and management through data. As such, meeting HIPAA requirements and following security best practices are very important to us; to ensure that we’re always compliant and as secure as possible, we needed to get a better handle on how security was managed across the organization.

Read More [fa icon=long-arrow-right"]

Mar 28, 2017 12:57:51 PM

[fa icon="comment"] 0 Comments

The Three Pillars of Continuous Security Improvement

by Tom McLaughlin , posted in Cloud Security, Cloud Security Strategy, Continuous Security Improvement

Starting Your Cloud Security Journey Part 7 Blog Banner.png

Security should never be a one-and-done proposition: It requires a continuous improvement mindset to keep you on top of security initiatives and to accommodate new issues as you detect them. Once your security program is up and running, you need to measure, evaluate, and modify it on an ongoing basis to maintain or improve your results. This doesn’t necessarily require a ton of time and effort; it simply requires a strategy.

So today, we want to take a look at what it takes to build an effective security program with continuous improvement at its core. In our view, there are three key pillars to continuous security improvement, and if you have been following along with our Starting Your Cloud Security Journey blog post series, then you’ll be well-acquainted with these concepts.

Read More [fa icon=long-arrow-right"]

Mar 24, 2017 11:22:04 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all