Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Threat Stack's Snorby Cloud Firewall Management Teaser

by Dustin Webber , posted in Hackathon, Firewall, Snorby

Sorry for the late post everyone! The team has been hard at work deploying Snorby’s new firewall management to our alpha test team. It has been an incredible weekend + Monday and we’re all very proud of the outcome.

We will have a full-write up on our hackathon and a walkthrough of this amazing new Snorby Cloud functionality very soon!

Read More [fa icon=long-arrow-right"]

Mar 4, 2013 5:01:00 PM

[fa icon="comment"] 0 Comments

Threat Stack's Snorby Cloud Rules Management Rules!

by Dustin Webber , posted in Rules, Supression, IDS, Snorby, Threshold

Tuning your IDS ruleset to limit false positive alerts and silence non-applicable rules is a critical part of running any competent IDS security strategy. Despite that fact, we’ve always been surprised at how difficult distributing, maintaining, synchronizing, and tuning an efficient set of rules can be. 

More mature security shops have had to solve this problem, so they’ve turned to many of the great community and paid tools that are out there. We have seen sophisticated teams leverage everything from popular configuration management tools such as Puppet or Chef, to relying on bash scripts that utilize rsync or SCP to synchronize rules files and configurations across sensors. At the end of the day, none of these solutions are ideal as they still require manual effort and create a system operations expertise barrier to rules tuning.

Read More [fa icon=long-arrow-right"]

Feb 25, 2013 5:02:00 PM

[fa icon="comment"] 0 Comments

Snorby Cloud Intel Update - Rails Vulnerability Detection

by Dustin Webber , posted in Snorby, Rails, Vulnerability Detection

These last few weeks have been rough on Rails developers. Over the past few weeks there have been several vulnerabilities involving the parsing of Rails parameters, with one leading to arbitrary code execution (CVE-2013-0155, and CVE-2013-0156). Our friend Postmodern, the creator of Ronin (an excellent ruby platform for vulnerability and exploit development), wrote a great blog post explaining vulnerabilities with working PoC code.

Read More [fa icon=long-arrow-right"]

Jan 11, 2013 5:04:00 PM

[fa icon="comment"] 0 Comments

Snorby Cloud is Now Available

by Dustin Webber , posted in Security, Network security monitoring, Snorby

Packet Stash, Inc is proud to announce that Snorby Cloud is now available to the public. For those of you just joining us, Snorby Cloud is an instantly deployable, analyst-friendly, and hassle free Network and Host Security monitoring solution by the creators of Snorby.

Read More [fa icon=long-arrow-right"]

Jan 7, 2013 5:06:00 PM

[fa icon="comment"] 0 Comments

Our new Snorby Cloud sensor setup is amazing

by Jen Andre , posted in Security Monitoring, Linux Security, Network security monitoring, Snorby

When Dustin developed and launched Snorby in 2009, he had a vision of creating an application that made the process of analyzing and classifying events accessible as simple as possible for analysts. While this helped make NSM accessible to more people, the process of actually deploying the sensor infrastructure remains cumbersome.

Read More [fa icon=long-arrow-right"]

Nov 7, 2012 5:07:00 PM

[fa icon="comment"] 0 Comments

Oct 24, 2012 5:08:00 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all