Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

5 Reasons Why Host-based Intrusion Detection Systems Thrive in the Cloud

by Palen Schwab, posted in Cloud Security, IDS, Cloud IDS, Cloud, Intrusion Detection Systems

IDS_Thrives_In_Cloud

The threat landscape continues to expand as both the frequency and the financial impact of cyber security incidents increase. As a result, traditional host-based security evolves to counter new attack vectors and types of infections. On rare occasions however, two separate, independently evolving technologies can come together in a way that benefits both – and so it is, with host-based intrusion detection systems (IDS) and the cloud.

Read More [fa icon=long-arrow-right"]

Sep 29, 2015 9:39:52 AM

[fa icon="comment"] 0 Comments

The History of Intrusion Detection Systems (IDS) - Part 1

by Palen Schwab, posted in Cloud Security, Intrusion Detection, IDS, Cloud IDS, Intrusion Detection Systems

iStock_000057750168_Small


Great applied technology typically needs enabling partner technology, and it will struggle to make headway until that partner appears. For decades, Intrusion Detection System (IDS) technology struggled to deliver efficient, high quality intrusion monitoring, and is only now experiencing success with the arrival of an unintentional enabling partner technology – cloud computing.

Read More [fa icon=long-arrow-right"]

Sep 9, 2015 10:04:36 AM

[fa icon="comment"] 0 Comments

3 Reasons Why the Host Rules Cloud IDS

by Sam Bisbee, posted in Cloud Security, Intrusion Detection, IDS, Cloud IDS

 

To truly appreciate why companies like Threat Stack point to the Cloud as a watershed event in their corner of the software industry, one must push past the hype and worn platitudes about “the Cloud with a capital C.” The reality is that it is the side effects that have caused such a large impact, like cost of operation as a function of scaled purchasing power and the forcing of software-only solutions.

This has certainly been felt in intrusion detection systems (IDS). They have traditionally been deployed as network hardware devices enabled by access to the network infrastructure, but are struggling to find relevance in a world where the traditional network boundary no longer exists.

Read More [fa icon=long-arrow-right"]

Feb 5, 2015 1:44:00 PM

[fa icon="comment"] 0 Comments

Threat Stack's Snorby Cloud Rules Management Rules!

by Dustin Webber, posted in Rules, Supression, IDS, Snorby, Threshold

Tuning your IDS ruleset to limit false positive alerts and silence non-applicable rules is a critical part of running any competent IDS security strategy. Despite that fact, we’ve always been surprised at how difficult distributing, maintaining, synchronizing, and tuning an efficient set of rules can be. 

More mature security shops have had to solve this problem, so they’ve turned to many of the great community and paid tools that are out there. We have seen sophisticated teams leverage everything from popular configuration management tools such as Puppet or Chef, to relying on bash scripts that utilize rsync or SCP to synchronize rules files and configurations across sensors. At the end of the day, none of these solutions are ideal as they still require manual effort and create a system operations expertise barrier to rules tuning.

Read More [fa icon=long-arrow-right"]

Feb 25, 2013 5:02:00 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all