Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

The Three Pillars of Continuous Security Improvement

by Tom McLaughlin , posted in Cloud Security, Cloud Security Strategy, Continuous Security Improvement

Starting Your Cloud Security Journey Part 7 Blog Banner.png

Security should never be a one-and-done proposition: It requires a continuous improvement mindset to keep you on top of security initiatives and to accommodate new issues as you detect them. Once your security program is up and running, you need to measure, evaluate, and modify it on an ongoing basis to maintain or improve your results. This doesn’t necessarily require a ton of time and effort; it simply requires a strategy.

So today, we want to take a look at what it takes to build an effective security program with continuous improvement at its core. In our view, there are three key pillars to continuous security improvement, and if you have been following along with our Starting Your Cloud Security Journey blog post series, then you’ll be well-acquainted with these concepts.

Read More [fa icon=long-arrow-right"]

Mar 24, 2017 11:22:04 AM

[fa icon="comment"] 0 Comments

How to Implement a Security Awareness Program at Your Organization

by Tom McLaughlin , posted in Cloud Security, Security Best Practices, Cloud Security Awareness and Training, Cloud Security Awareness Program

Starting Your Cloud Security Journey Part 6 Blog Banner.png

Security isn’t just a technical problem. It’s also a people problem, and keeping the people side of the security equation strong requires that all people in your organization have an awareness of security. This is why security awareness programs are so important.

The goal of a security awareness program — as you may have guessed — is to increase organizational understanding and practical implementation of security best practices. A program like this should apply to all hires — new and old, across every department — and it should be reinforced on a regular basis.

Here’s what you need to know to create a first-class security awareness program at your organization.

Read More [fa icon=long-arrow-right"]

Mar 21, 2017 4:38:52 PM

[fa icon="comment"] 0 Comments

Incorporating AWS Security Best Practices Into Terraform Design

by Tom McLaughlin , posted in Cloud Security, Terraform, AWS Security Best Practices

Starting Your Cloud Security Journey Part 5.png

Implementing AWS security best practices into your Terraform design is an excellent way of ensuring that you have a streamlined way to achieve your security goals and manage your infrastructure.

In this post, we will talk about the following three areas of AWS security best practices and how to implement them with Terraform:

  • Environment segregation by AWS account
  • CloudTrail logging
  • Traffic and system access controls

Just to be clear, this post is not an introduction to Terraform: It’s an introduction to incorporating AWS security best practices into Terraform code.

Read More [fa icon=long-arrow-right"]

Mar 20, 2017 10:37:32 AM

[fa icon="comment"] 0 Comments

How to Prepare Your Company Culture for Its First Security Hire

by Chris Gervais , posted in Cloud Security, Cloud Security Awareness and Training, Cloud Security Culture

First Security Hire Blog Banner.png

We often think of security as a technology problem. But at its core, security is and always has been a people problem. You can have the fanciest security tools up and running, but if your organization is full of happy clickers, you still have a problem on your hands.

For this reason, the more that security is a part of your company culture, the better off you will be when it comes to standing up to today’s threats.

Read More [fa icon=long-arrow-right"]

Mar 17, 2017 1:50:49 PM

[fa icon="comment"] 0 Comments

Write Your Own AWS Configuration Auditing Rules With Threat Stack’s Guided Rules Editor

by Megan Rees Ahigian , posted in Cloud Security, AWS Configuration Auditing, Guided Rules Editor, AWS Configuration Auditing Rulesets

Config Audit Rules Editor Blog Banner.png

Today Threat Stack is excited to announce a powerful and easy-to-use new feature of the  AWS Configuration Auditing capabilities — the Guided Rules Editor for AWS Configuration Auditing. With the Guided Rules Editor, available immediately in the Threat Stack Audit Plan,  users can quickly tailor AWS Configuration Auditing rulesets to their organization’s specific security policies and adapt to changes in their environment.

Read More [fa icon=long-arrow-right"]

Mar 16, 2017 9:21:36 AM

[fa icon="comment"] 0 Comments

Ask Us Anything: Recap on How to Get Started With DevOpsSec

by The Threat Stack Team , posted in Cloud Security, Webinar, DevOps, DevOpsSec

AMA Recap Blog Banner.png

You’re probably familiar with DevOps by now. It’s the collaboration between Development and Operations teams by leveraging the same tools and processes to get things done more efficiently. Now, Security is being brought into the fold, and this is called DevOpsSec.

Since DevOpsSec is a much newer term and development practice, we wanted to take the opportunity to discuss how companies can get started with many of its foundational elements. There are no two people better equipped to talk about it than Threat Stack’s own Head of Operations, Pete Cheslock, and CTO, Sam Bisbee.

Rather than walking you through a polished slide deck, Pete and Sam wanted to open up the discussion in an AMA (Ask Me Anything) format. We fielded questions from Twitter, LinkedIn, Facebook, as well as email and received hundreds of submissions. On Tuesday, March 14, in the middle of a blizzard here in Boston, they sat down for an hour to answer many of these questions live.

Read More [fa icon=long-arrow-right"]

Mar 15, 2017 4:28:17 PM

[fa icon="comment"] 0 Comments

DevOpsing at Home

by Vitaliy Zakharov , posted in Cloud Security, Security, DevOps, DevOps Tools, DevOps at Home

Devopsing at Home Blog Banner.png

I remember the days when SysAdmins bragged about server uptimes that were sometimes measured in years. I have been out of the SysAdmin world for quite a while, focusing on software development, and somewhere along the way, a small revolution happened. Here at Threat Stack, our DevOps team embraces immutable infrastructure, which allows us to spin down problematic servers and spin up brand new clean instances in a matter of minutes. Impressed with this approach, I started to look for a way to bring some of these concepts home.

Read More [fa icon=long-arrow-right"]

Mar 13, 2017 2:34:08 PM

[fa icon="comment"] 0 Comments

Steps for Establishing Your AWS Security Roadmap

by The Threat Stack Team , posted in Cloud Security, Webinar, Compliance, AWS Security, AWS Security Roadmap

AWS Roadmap Webinar Recap Blog Banner.png

Yesterday, we hosted one of our most popular webinars to date: Steps for Establishing Your AWS Security Roadmap. Threat Stack’s VP of Engineering, Chris Gervais, was joined by AWS Solution Architect, Scott Ward, along with Zuora’s Head of Infrastructure Security, Bibek Galera for a practical discussion on how companies can build an effective cloud security roadmap from day one.

Read More [fa icon=long-arrow-right"]

Mar 10, 2017 10:39:26 AM

[fa icon="comment"] 0 Comments

Boston-Based Venture Capitalists Weigh in on the Importance of Cybersecurity

by Greg DraconGaurav Tuli , posted in Cloud Security, cybersecurity, Venture Capital

Boston VCs Blog Banner.png

At Threat Stack we have developed best practices around cloud security — when it should be introduced, what it should cover at each stage of the security maturity lifecycle, whether a company should build or buy — and so on.

But we always want to hear what other experts have to say. So we recently asked two leaders in Boston’s VC community — Greg Dracon of Boston’s .406 Ventures and Gaurav Tuli, of F-Prime Capital Partners — to share some of the security-related insights they’ve gained from their extensive experience guiding start-up and early-stage companies to success over the years.

Without further commentary, here’s what Greg and Gaurav had to say . . .

Read More [fa icon=long-arrow-right"]

Mar 8, 2017 2:07:32 PM

[fa icon="comment"] 0 Comments

How to Answer Your Board's Tough Security Questions

by Kevin Durkin , posted in Cloud Security, Cloud Security Strategy

Board Security Questions Blog Banner.png

Picture the scene: You’re at the monthly board of directors meeting when someone asks, “So, what are you guys doing about security?”

Even two years ago, a CSA survey found that security was a board-level concern at 61% of companies.  Why?

High-profile breaches have certainly made everyone conscious of cyber security issues, and as awareness and knowledge have grown, boards have begun to take a direct interest in the security of the companies they have invested in. Given that there are very real monetary and reputational consequences to a security breach,  board members want to know what steps you are taking to prevent one.

Read More [fa icon=long-arrow-right"]

Mar 7, 2017 11:23:02 AM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all