Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

How to Leverage Automation to Make Your Organization Secure by Design

by Michal Ferguson , posted in Cloud Security, AWS Security Best Practices, Automating AWS Security, Security by Design

Secure by Design Webinar Recap Blog Banner.png

Yesterday, we co-hosted a webinar with Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, to discuss how companies can become secure by design using automation.

With cloud providers like AWS making it easier than ever to get up and running in the cloud, the next item on the agenda for many is how to get security up to speed as well. In yesterday’s webinar, Tim, Jason, and our own senior security engineer, Patrick Cable, offered practical and strategic ways for companies to do just this.

Read More [fa icon=long-arrow-right"]

May 24, 2017 2:27:26 PM

[fa icon="comment"] 0 Comments

5 Key Takeaways From DevOpsDays Austin 2017

by Travis Wilkins , posted in Cloud Security, DevOpsDays Austin 2017

DevOpsDays Austin Recap 2017 Blog Banner.png

Once again Threat Stack was pleased to be a sponsor and a participant at DevOpsDays Austin 2017 on May 4 & 5. Right off the bat it’s clear that this vibrant conference is continuing to expand, with its year over year increase in the number of attendees (650) and sponsors (40). Of particular note: The importance that people in the DevOps space are placing on security is definitely continuing to grow — and I put together five key observations about security, compliance, and the way DevOps teams operate. So without further commentary, here’s what I learned at DevOps Days Austin.

Read More [fa icon=long-arrow-right"]

May 15, 2017 11:11:29 AM

[fa icon="comment"] 0 Comments

Why You Don't Need to Code to Run Secure on AWS

by Megan Rees Ahigian , posted in Cloud Security, AWS Security, AWS Configuration Auditing, AWS Security Best Practices

Code Secure AWS Blog Banner.png

Amazon Web Services, the ubiquitous cloud infrastructure provider, has made it increasingly easy for businesses to move to the cloud and take advantage of the scalability, flexibility, and cost savings this approach offers. For some businesses that are contemplating the move to AWS, you may be wondering whether it’s necessary to have a team of developers who can help to ensure that you are capable of running securely on AWS.

The short answer is: You don’t need to start from scratch when it comes to security, and you don’t need  to have extensive coding resources in-house to run securely on AWS. With the right tools at your disposal, you can quickly measure compliance with  your unique security policy and adapt to changes in your environment as needed.

Here’s what you need to know to run securely on AWS, with or without a legion of development resources at your disposal.

Read More [fa icon=long-arrow-right"]

May 9, 2017 10:05:45 AM

[fa icon="comment"] 0 Comments

The Real Implications of The Shared Security Model

by Pete Cheslock , posted in Cloud Security, Shared Responsibility Model

Shared Responsibility Blog Banner.png

Gone are the days when the majority of businesses could point to the cloud warily and say, “I think my data’s safer on-prem.” Organizations today are far less worried about how secure the cloud is in general, and this change in attitude has sped up cloud adoption to a great degree.

What has led to this more relaxed embrace of the cloud? In part, providers like AWS have gone to great lengths to codify and transparently communicate a Shared Responsibility Model that has expressly defined the scope and boundaries of responsibility. Increasingly, customers recognize that Amazon and its brethren have all-star teams that have a security focus ingrained in them. There’s a certain level of comfort that comes with knowing you are in good, experienced hands.

But, even as the cloud is proven to be quite secure and as confidence in it increases, Security and DevOps teams still have to be vigilant about their own workloads. Organizations have to pick up their end of the shared responsibility bargain — and in some cases, even take it a step further than what is required.

With that in mind, here’s what today’s organizations need to know in order to do that successfully and continue to benefit from all that the cloud has to offer without major security concerns stymying progress.

Read More [fa icon=long-arrow-right"]

May 8, 2017 1:13:52 PM

[fa icon="comment"] 0 Comments

Compliance in the Cloud: Q&A Webinar Recap

by Chris Gervais , posted in Cloud Security, Compliance in the Cloud, Regulatory Compliance Strategy, Compliance Audit

Compliance Webinar Recap Blog Banner.png

On April 25th, I had the pleasure of speaking with Ryan Buckner, Principal at Schellman & Company and Kevin Eberman, Director of Ops at MineralTree during a webinar on compliance in the cloud.

Using the cloud as our lens, we discussed the ways in which companies can better understand and navigate compliance. You can view the entire webinar or read our recap below.

Read More [fa icon=long-arrow-right"]

Apr 26, 2017 3:34:37 PM

[fa icon="comment"] 0 Comments

Why Automated Security Threats are Proliferating and How to Fight Back

by Anthony Alves , posted in Cloud Security, Automated Security Threats

Automated Security Threats Blog Banner.png

We’ve written before about the importance of looking inward, rather than out, when it comes to evaluating what types of cyberattacks are the biggest threat to your unique organization. A large part of the attack landscape today includes automated threats. Rarely do we come across handcrafted attacks targeting specific organizations. A far cry from bespoke and laser-targeted, the vast majority of today’s cyberattacks are built for volume and trolling for the weakest point of entry.

So, what exactly are automated security threats and how can you best protect your organization from them?

Read More [fa icon=long-arrow-right"]

Apr 25, 2017 9:53:33 AM

[fa icon="comment"] 0 Comments

73% of Companies Have Critical AWS Security Misconfigurations

by Michal Ferguson , posted in Cloud Security, AWS Security, AWS Configuration Auditing, Threat Stack Cloud Security Study

AWS Security Misconfigurations Blog Banner.png

Threat Stack Delivers Wake Up Call

Wide open SSH and infrequent software updates among top risks identified in the majority of cloud-based environments

How effective are your AWS security configurations? And how do you know for sure?

In a recent eye-opening study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet. By “critical”, we mean configuration lapses that enable an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies. That is some critical stuff!

If we caught your attention with that opening statistic, please read on.

Read More [fa icon=long-arrow-right"]

Apr 18, 2017 12:44:25 PM

[fa icon="comment"] 0 Comments

5 Things All Security Teams Should Be Doing (But Many Aren't)

by Anthony Alves , posted in Cloud Security, Cloud Security Best Practices, Continuous Security Improvement

5 Things Security Teams Blog Banner.png

Security teams are expected to do a lot these days. From properly configuring the cloud environment, to protecting the organization from today’s latest threats, to answering tough questions from the board and customers, there’s more than enough to be done, but how do you know you’re doing the right things?

In this post, we’ll dive into the five biggest areas of security that all teams should be paying attention to. Addressing these will protect you from a large majority of security threats today, and will also create a solid security foundation that you can incrementally build on as your organization grows and your needs become more complex.

Read More [fa icon=long-arrow-right"]

Apr 13, 2017 5:38:20 PM

[fa icon="comment"] 0 Comments

Why You Should Think of Security as a Skill, Not Just a Role

by Palen Schwab , posted in Cloud Security, Cloud Security Best Practices, Cloud Security Awareness Program

Security as a Skill Blog Banner.png

A common mistake that we see organizations make is putting off security until they hire someone who specializes in it. Depending on the size of your company and the nature of your business, this could mean waiting several years to start taking security seriously. In today’s threat environment, that’s not realistic or practical. And, even when you decide you’re ready to bring someone in-house to focus on security — given the current security talent shortage — odds are it could take a while to find the right hire.

This is why we believe that organizations should start thinking about security as a competency, rather than simply a job description. You don’t need to have a CISO or a SOC or even a security analyst on your team before you can start taking steps to improve your security posture. The potential consequences of a breach (financial loss, reputation damage, downtime, or IP loss, to name a few) are too serious to ignore.

With that in mind, here’s how to start viewing security as a skill and how to boost that skill across your organization.

Read More [fa icon=long-arrow-right"]

Apr 12, 2017 1:43:05 PM

[fa icon="comment"] 0 Comments

The 5 Questions Your Security Team Should Be Able to Answer

by Anthony Alves , posted in Cloud Security, Cloud Security Best Practices

5 Questions Security Team Blog Banner.png

In a time when security consciousness is high and stories about security breaches are all too frequently in the headlines, your security team needs to be ready for questions it’s bound to receive from customers, auditors, employees, board members, and other affected parties.

We’ve covered a lot of topics in this blog, including cloud security strategies, basic security hygiene, best practices, and how to mature your security posture. But to make it easy for your security team, we’re going to use this post to address five fundamental questions that any security team must be able to answer and give tips on how you can prepare to answer them.

Read More [fa icon=long-arrow-right"]

Apr 10, 2017 11:39:01 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all
REGISTER NOW

-->