Cloud security insights, thoughts, and ideas
Read more “Threat Stack Launches New Unified Application Security Monitoring Solution”
Hiring and retaining talent in continually changing areas such as Cloud Security and DevSecOps has never been a straightforward, black and white process. Given the way these disciplines are evolving as well as the unique needs that individual organizations have in these areas, finding, recruiting, and retaining the best talent can be a complex and challenging proposition.
To sort out some of the key issues, I recently sat down with Michael Race, Senior Consultant in Cloud/Infrastructure Security and DevSecOps at Stott and May. In the resulting Q&A, he shares some of his insights on the current state of the DevOps and Cloud Security markets as well as guidance on how to grow successful DevOps, Cloud Security, and DevSecOps team. Read more “Tips on Recruiting Top Talent in the Current DevOps and Cloud Security Markets”
In May 2018, the General Data Protection Regulation became enforceable. While it is largely a European Union regulation, you are still covered by it if you store or process personal information of EU citizens.
If you use Amazon Web Services, you already know about many of the common security issues that can arise if you’re not on top of your game. But GDPR opens the door to a whole new set of security concerns and potential pitfalls, even for companies that aren’t based in the EU. Fortunately, AWS has taken steps to achieve GDPR compliance, but since it operates using a shared responsibility model, that means you’re on the hook for compliance, as well. With Threat Stack, you can secure your AWS infrastructure and uphold your end of the shared responsibility arrangement without slowing down DevOps. In addition, our intrusion detection platform helps you meet GDPR compliance obligations by helping you achieve observability throughout your infrastructure.
In this post, we discuss the steps AWS has taken to ensure GDPR compliance and what you can do to guarantee that your own infrastructure or system is likewise compliant. Read more “AWS GDPR: What You Need to Know”
Whether you’re just getting started in security or you’re an experienced DevOps professional, testing is a mainstay of your profession. Here at Threat Stack, we have a dedicated Test Engineering Team that guides quality and allows our team to stay on top of the latest trends in automation and testing so the team can implement rigorous testing of our product. In the testing world, automation is one of the hottest trends, driven by advances in AI, machine learning, and other tools that streamline tasks that used to be manual, tedious, time consuming, and prone to error.
Leveraging automation also helps to strengthen cloud security, and prioritizing automation is a best practice for IaaS providers, helping companies achieve full-stack, multi-cloud security observability. Threat Stack’s Cloud Security Platform®, for instance, helps you proactively reduce risk, detect security incidents, and achieve continuous cloud compliance without disrupting your DevOps workflow.
So what are the most interesting trends in automated testing right now? What trends could be reshaping the way you approach testing at your organization? To find out, we reached out to a panel of testing professionals and asked them to respond to this question:
Here at Threat Stack, we’ve been talking a lot about security observability recently (check out this article and whitepaper). When you design and monitor your systems for security observability, you reduce risk and minimize the likelihood and potential impact of a security breach.
But in the same way that you’d never invest in locks and alarms for the windows of your house while leaving the doors wide open, you can’t protect your business by focusing security observability on a single perimeter only. Security observability delivers value when it’s applied throughout the entire system. We call this Full Stack Security Observability. But what, exactly, is the “full stack?” Read more “Defining the “Full Stack” in Full Stack Security Observability”
Continuous integration (CI) tools are the engine that drives today’s SaaS software development strategy across all business, corporate, consumer, and industrial boundaries. CI is crucial to streamlining development processes and providing engineering teams with real-time insights on software deployment.
Continuous delivery (CD) is the next level of continuous integration and is vital to delivering stable software to a test environment so developers can determine whether the software is releasable.
A CI/CD pipeline helps automate steps in the software delivery process, such as initiating code builds, running automated tests, and deploying to a staging or production environment. Automated pipelines remove manual errors, provide standardized development feedback loops, and enable fast product iterations. An effective CI/CD strategy can automate the process all the way to deployment in production environments so customers can see changes sooner.
CI/CD workflows aren’t immune to security concerns. To address these, we recommend integrating security into your DevOps model (something commonly known as DevSecOps). By pairing leading continuous integration tools with a comprehensive security solution like Threat Stack’s Cloud Security Platform®, organizations can develop more reliable and secure applications, without compromising their team’s efficiency. Including Threat Stack in your model would enable you to achieve full stack security observability.
While countless CI/CD tools are available to fit a variety of needs, this post compiles 20 of the most widely used as well as a cross section that are suited to specific different development needs and teams. (For more top tools used by today’s leading development teams, check out our list of the best DevOps tools.) Read more “20 Best Continuous Integration Tools: A Guide to Optimizing Your CI/CD Processes”
— by Lindsey Ullian, Threat Stack Compliance Manager
Colorado has rightfully gained a reputation as one of the most socially progressive states as it was one of the first to adapt a regulated adult use marijuana marketplace. Now, Colorado is making news headlines again as it has adopted one of the nation’s strictest consumer privacy laws. The Colorado Consumer Protection Act (CCPA) is the result of a continued effort to protect residents’ personal data. Colorado’s law follows in theme with at least thirty-one other states that have heightened security surrounding consumers’ personal data and stands out as one of only twelve states that have imposed broader data security requirements.
Any company or public agency storing a Colorado resident’s personal data will now need a data-protection policy, an efficient breach notification system, and the capability to destroy the data when it is no longer needed. Whether you are a small company of one person or a Fortune 500 company, as long as you have customers in Colorado, you must comply with this new law. And whether or not your business is located in Colorado is irrelevant — what is key is whether you have customers located within the state.
For more details, take a look at the following article written by Kevin Kish, Privacy Technical Lead at Schellman & Company. In this article, Kevin highlights key takeaways from this law, as well as areas in which this law differentiates itself as one of the nation’s strictest data protection laws.
Earlier this week a group of security researchers from Graz University of Technology, imec-DistriNet, KU Leuven, Worcester Polytechnic Institute, and Cyberus Technology identified and analyzed a vulnerability in Intel chips being called ZombieLoad (CVE-2018-12130) that allows sensitive data to be stolen from the processor. You can get all the details on ZombieLoad directly from the researchers here. Thankfully, researchers do not believe this exploit has been used in a real-life attack. Read more “How to Defend Against ZombieLoad”
Live Online, May 16, 2019, 1:00 p.m. ET (or on demand after 45 minutes)
Recently, Threat Stack’s Security Operations Center (SOC) uncovered a variation of the Shellbot malware in a public cloud environment. In this active cryptojacking campaign, the sophisticated malware features several layers of obfuscation and continues to be updated with new functionality after it has gained a foothold in an infected environment.
In this briefing, Threat Stack SOC Analyst Ethan Hansen will walk through the details of the newly discovered cryptojacking campaign, including the malware components, actual observed attack path, and the future investigations.
Download Threat Stack’s Inside a Docker Cryptojacking Exploit
Threat Stack’s Security Operations Center (SOC) recently discovered an ongoing and evolving malware campaign that leverages a new variant of the Shellbot malware discovered by JASK in November 2018 and published in February 2019. (You can read their full report here.)
In this new variant of the campaign, Threat Stack has identified the addition of a new SSH brute force tool, a secondary command and control method, and the added ability to stop other cryptominers on infected servers. Read more “A Threat Stack SOC Analysis: The Continuing Evolution of the Shellbot Cryptomining Malware”
Security Observability has become an important concept recently as companies have started building software with a cloud-native mindset, embracing distributed, immutable, and ephemeral systems. As infrastructure has shifted from traditional deployment methods, older monitoring systems are no longer effective, and a new set of practices — called “observability” — has emerged.
In this post, we explain what observability is, why security observability important, and outline six principles that will help you design and monitor your systems for security observability. (For an in-depth discussion, download our new whitepaper: Cloud Security Observability: A Guide to Reducing Your Cloud Native Infrastructure Risk.) Read more “Cloud Security Observability: How to Reduce Risk in Your Cloud-Native Infrastructure”