Container Security Tips and Best Practices

Containers provide very important functionality: They package various software applications in “containers” to ensure that they are able to run correctly when moved from one computing environment to another.

The container model has all its dependencies packaged into virtual containers. A container not only contains an application but all supporting packages that are needed to run the application effectively. Thus, they provide flexibility, ease of use, and the ability to share resources. However, security is a primary concern when any new technology is pushed into production. Therefore, it is vital to focus on container security because poor security can put various applications and processes at risk for the entire enterprise. Threat Stack’s container security solutions monitor your containerized environments for risky and anomalous behavior and provide the visibility you need, no matter where your container strategy stands. You can deploy the Threat Stack agent on your host or even as a containerized agent to gain visibility into your containers. If you see risky behavior in a container, you’ll be able to follow the path of your attacker across your infrastructure.

Whether you’re using Docker or Docker with Kubernetes, security considerations must be paramount. Below, we discuss security tips and best practices that need to be incorporated for secure and safe utilization of containers. Read more “Container Security Tips and Best Practices”

How to Achieve Full Stack, Multi-Cloud Security Observability

You probably know AWS as the leading cloud platform provider. These days, however, many companies are using additional cloud providers as well. According to Gartner’s October 2018 report “Market Insight: Multicloud Becomes Essential for Cloud IaaS Offerings,” 49% of organizations were approaching their cloud computing IaaS strategy through multi-cloud adoption in 2017, and that is expected to increase to 75% by 2022. Most often they’re not trading one for another, but are choosing multiple providers for a variety of reasons: Different business requirements (such as managing risk and costs) may be better suited to different cloud vendors. Many vendors are likewise pricing their offerings competitively and continually adding new features.

If you’ve decided to run a multi-cloud environment as part of your organization’s security strategy, you need to make sure you’re taking appropriate security precautions. This may be a challenge, so in this post, we’ll cover five principles to follow when you make the move to multi-cloud. Read more “How to Achieve Full Stack, Multi-Cloud Security Observability”

How to Track Agent-Based User Activity

More often than not we’ll need to go beyond a Severity 1 alert to figure out what a user (including a potentially malicious attacker) was doing on a system. Host events in particular only show a small part of the picture, and a single alert can’t always give you the context necessary to make an escalation decision. This blog post explains how to pivot from a Host event to a user’s session and how to move from a single user-related alert to the user’s session using the data provided by your intrusion detection system. Read more “How to Track Agent-Based User Activity”

How to Understand Your Attacker’s Mindset

In this post we’ll try to develop an understanding of a typical attacker’s mindset and then show you how companies like yours can use this knowledge to enhance their security posture. Before we dive in, however, let’s ask a basic question: What is a cyber attacker?

A cyber attacker can be any entity — an individual, a group of individuals, a company, etc. — that tries to harm another entity via their cyber infrastructure. Attackers are often portrayed as ruthless entities that go to great lengths and use elaborate resources to attack state-of-the-art company defenses. Defending companies and individuals frequently view these entities as advanced attackers that challenge themselves by trying to break through fortified security controls by attacking them head on. That may be true in a few cases, but most attackers — especially the most seasoned (i.e., the smartest and most successful) — will try to find the path of least resistance and will also try to use the smallest number of resources when attacking. In other words, they use brains rather than brute force to achieve the biggest gain with the least effort. Let’s explore this in more detail below.
Read more “How to Understand Your Attacker’s Mindset”

The Economic Impact of Threat Stack – A Forrester Research Study

Cost Savings and Business Benefits Enabled by Threat Stack

When investing in cloud security platforms and services, businesses naturally want to measure ROI beyond number of deterred attacks. After all, effective cloud security also protects customer data, intellectual property, organizational resources, organizational efficiency, and team productivity — all of which impact your bottom line.

Recently, we asked Forrester Research group to do a total economic impact study of Threat Stack. Their findings? Businesses that use the Threat Stack platform and services are saving more than $900,000 over three years due to reduced risk, improved productivity, and lowered hiring costs. The Threat Stack Cloud Security Platform® offers complete security observability across your infrastructure. So not only can you identify intrusions or threats, but you can also identify and change risky behavior to improve your baseline security posture, which leads to a greater ROI over time. In fact, Forrester found that Threat Stack customers had an average ROI of 178% over three years. Read more “The Economic Impact of Threat Stack – A Forrester Research Study”

How to Cut Through Vendor Claims & Marketing Hype When Evaluating New Security Tools

As we’ve pointed out in a couple of recent blog posts, Machine Learning (ML) has been billed as a savior for short-staffed security teams — a silver bullet that can single handedly identify and mitigate every security threat automatically. As we usually do with silver bullet solutions, we’ve cautioned readers to distinguish between the hype and reality. While ML has many strengths and is here to stay, it’s only a part of the solution in the world of cybersecurity — not the solution itself. Human input is still essential to draw meaningful conclusions and define appropriate action.

In today’s post, we’re continuing to advise readers that it’s essential to go below the surface, to distinguish between the hype and reality, when evaluating a cybersecurity solution. Remember: A beautiful package may open up to reveal a beautiful can of worms. Keep your eyes open, investigate below the surface, and avoid nasty surprises. Read more “How to Cut Through Vendor Claims & Marketing Hype When Evaluating New Security Tools”

Scala Regex String Extraction

Introduction

— Joe Baker, Manager Software Engineering

From time to time the Engineering, Operations, and Security groups at Threat Stack contribute blog posts that share information on techniques and tools we’ve developed so we can do things faster, more accurately, and with fewer resources. These range from tips for using Scala in the real world, to improving our SOC 2 management process using a home-grown tool called sockembot, to insights into how we manage our on-call rotation using another home-built tool called Deputize (which we’ve since made available as open source).

Today’s post is by Alfredo Perez, one of our software engineers, and focuses on Scala Regex String Extraction.

If there’s anything you’d like to hear about, please Tweet us at @threatstack or contact us directly.

One of my favorite Scala patterns that I’ve learned and used here at Threat Stack is Regex String Extraction with pattern matching. It’s a simple pattern but very powerful for extracting parts of a string and very readable. The power comes from the use of regular expression groups combined with the pattern matching of Scala. Read more “Scala Regex String Extraction”

The Promise of Machine Learning vs. The Reality of Human Assisted Learning

Machine Learning (ML) has been around in one form or another for a long time. Arthur Samuel, started working in the field in 1949 and coined the term in 1959 while working at IBM. Over the years, ML applications have been developed in practically every industry sector.

Recently, we’ve been hearing a lot about “silver bullet” ML-based cybersecurity solutions that can single handedly and automatically enable short-staffed security teams to identify and mitigate every kind of security threat imaginable. Of course, silver bullet solutions are as old as security itself, and by definition, they’re almost always too good to be true. So is the current crop of ML-driven cybersecurity solutions real or hype?

Given that a lot of hype has a few grains of truth in it, let’s use this post to look at the promise, the marketing hype, and the reality — at what ML can do and cannot do in its current state (with a peek at what it might be able to do sometime down the road). (Spoiler Alert: The operative word in this blog’s title is “promise.”) Read more “The Promise of Machine Learning vs. The Reality of Human Assisted Learning”

Threat Stack Successfully Completes Type 2 SOC 2 Examination With Zero Exceptions — Again!

For the second year in a row Threat Stack has achieved Type 2 SOC 2 Compliance in Security and Availability with zero exceptions. We’re justifiably proud of this accomplishment, which underscores our ongoing commitment to rigorous security standards and our ability to maintain them in our company’s technology, processes, and personnel along with the highest level of security and privacy for our customers.

To an outsider, there’s no apparent difference between our 2017 and 2018 results. Threat Stack is Type 2 SOC 2 compliant in Security and Availability. CHECK AND CHECK. But under the hood, there’s a lot more to the story. The differences between the processes we used in 2017 and the way we optimized these in 2018 are significant, as are the differences in the personnel who took part in the two SOC 2 initiatives. So in this post, we’re going to talk about some of the lessons we learned and the changes we made in order to achieve the same results in an even more rigorous and efficient manner. Read more “Threat Stack Successfully Completes Type 2 SOC 2 Examination With Zero Exceptions — Again!”