Defining the “Full Stack” in Full Stack Security Observability

Security Research & Strategy
4 Min Read

Here at Threat Stack, we’ve been talking a lot about security observability recently (check out this article and whitepaper). When you design and monitor your systems for security observability, you reduce risk and minimize the likelihood and potential impact of a security breach.

But in the same way that you’d never invest in locks and alarms for the windows of your house while leaving the doors wide open, you can’t protect your business by focusing security observability on a single perimeter only. Security observability delivers value when it’s applied throughout the entire system. We call this Full Stack Security Observability. But what, exactly, is the “full stack?” Read more “Defining the “Full Stack” in Full Stack Security Observability”

20 Best Continuous Integration Tools: A Guide to Optimizing Your CI/CD Processes

Dev & DevOps Knowledge
8 Min Read

Continuous integration (CI) tools are the engine that drives today’s SaaS software development strategy across all business, corporate, consumer, and industrial boundaries. CI is crucial to streamlining development processes and providing engineering teams with real-time insights on software deployment.

Continuous delivery (CD) is the next level of continuous integration and is vital to delivering stable software to a test environment so developers can determine whether the software is releasable.

A CI/CD pipeline helps automate steps in the software delivery process, such as initiating code builds, running automated tests, and deploying to a staging or production environment. Automated pipelines remove manual errors, provide standardized development feedback loops, and enable fast product iterations. An effective CI/CD strategy can automate the process all the way to deployment in production environments so customers can see changes sooner.

CI/CD workflows aren’t immune to security concerns. To address these, we recommend integrating security into your DevOps model (something commonly known as DevSecOps). By pairing leading continuous integration tools with a comprehensive security solution like Threat Stack’s Cloud Security Platform®, organizations can develop more reliable and secure applications, without compromising their team’s efficiency. Including Threat Stack in your model would enable you to achieve full stack security observability.

While countless CI/CD tools are available to fit a variety of needs, this post compiles 20 of the most widely used as well as a cross section that are suited to specific different development needs and teams. (For more top tools used by today’s leading development teams, check out our list of the best DevOps tools.) Read more “20 Best Continuous Integration Tools: A Guide to Optimizing Your CI/CD Processes”

Data Privacy is in the Spotlight as Colorado Enacts Landmark Consumer Data Privacy Bill (PCDP)

All Things Compliance
6 Min Read

Introduction

— by Lindsey Ullian, Threat Stack Compliance Manager

Colorado has rightfully gained a reputation as one of the most socially progressive states as it was one of the first to adapt a regulated adult use marijuana marketplace. Now, Colorado is making news headlines again as it has adopted one of the nation’s strictest consumer privacy laws. The Colorado Consumer Protection Act (CCPA) is the result of a continued effort to protect residents’ personal data. Colorado’s law follows in theme with at least thirty-one other states that have heightened security surrounding consumers’ personal data and stands out as one of only twelve states that have imposed broader data security requirements.

Any company or public agency storing a Colorado resident’s personal data will now need a data-protection policy, an efficient breach notification system, and the capability to destroy the data when it is no longer needed. Whether you are a small company of one person or a Fortune 500 company, as long as you have customers in Colorado, you must comply with this new law. And whether or not your business is located in Colorado is irrelevant — what is key is whether you have customers located within the state.

For more details, take a look at the following article written by Kevin Kish, Privacy Technical Lead at Schellman & Company. In this article, Kevin highlights key takeaways from this law, as well as areas in which this law differentiates itself as one of the nation’s strictest data protection laws.

Read more “Data Privacy is in the Spotlight as Colorado Enacts Landmark Consumer Data Privacy Bill (PCDP)”

How to Defend Against ZombieLoad

Security Research & Strategy
3 Min Read

Earlier this week a group of security researchers from Graz University of Technology, imec-DistriNet, KU Leuven, Worcester Polytechnic Institute, and Cyberus Technology identified and analyzed a vulnerability in Intel chips being called ZombieLoad (CVE-2018-12130) that allows sensitive data to be stolen from the processor. You can get all the details on ZombieLoad directly from the researchers here. Thankfully, researchers do not believe this exploit has been used in a real-life attack. Read more “How to Defend Against ZombieLoad”

A Threat Stack SOC Analysis: The Continuing Evolution of the Shellbot Cryptomining Malware

Security Research & Strategy
2 Min Read

Update: Threat Stack to Present Live Threat Briefing
On New Cryptomining Shellbot Malware Variant

When

Live Online, May 16, 2019, 1:00 p.m. ET (or on demand after 45 minutes)

About This Threat Briefing

Recently, Threat Stack’s Security Operations Center (SOC) uncovered a variation of the Shellbot malware in a public cloud environment. In this active cryptojacking campaign, the sophisticated malware features several layers of obfuscation and continues to be updated with new functionality after it has gained a foothold in an infected environment.

In this briefing, Threat Stack SOC Analyst Ethan Hansen will walk through the details of the newly discovered cryptojacking campaign, including the malware components, actual observed attack path, and the future investigations.

Registration

Register now

Free Download

Download Threat Stack’s Inside a Docker Cryptojacking Exploit

Threat Stack’s Security Operations Center (SOC) recently discovered an ongoing and evolving malware campaign that leverages a new variant of the Shellbot malware discovered by JASK in November 2018 and published in February 2019. (You can read their full report here.)

In this new variant of the campaign, Threat Stack has identified the addition of a new SSH brute force tool, a secondary command and control method, and the added ability to stop other cryptominers on infected servers. Read more “A Threat Stack SOC Analysis: The Continuing Evolution of the Shellbot Cryptomining Malware”

Cloud Security Observability: How to Reduce Risk in Your Cloud-Native Infrastructure

Security Research & Strategy
5 Min Read

Security Observability has become an important concept recently as companies have started building software with a cloud-native mindset, embracing distributed, immutable, and ephemeral systems. As infrastructure has shifted from traditional deployment methods, older monitoring systems are no longer effective, and a new set of practices — called “observability” — has emerged.

In this post, we explain what observability is, why security observability important, and outline six principles that will help you design and monitor your systems for security observability. (For an in-depth discussion, download our new whitepaper: Cloud Security Observability: A Guide to Reducing Your Cloud Native Infrastructure Risk.) Read more “Cloud Security Observability: How to Reduce Risk in Your Cloud-Native Infrastructure”

Beyond Checkboxes: 6 Cloud Security Measures All Healthcare Organizations Should Take

All Things Compliance, Security Research & Strategy
4 Min Read

Modern healthcare is a full participant in the digital economy, and personal health information (PHI) is at its center. But today’s digital landscape is a volatile threat environment where sensitive personal data is a coveted commodity. Minimizing exposure, liability, and risk to PHI is a necessity with visibility all the way up to the board-level in every healthcare organization.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes the HIPAA Privacy Rule which establishes national standards to protect PHI. Every organization conducting health care transactions electronically is familiar with its rules, and being “HIPAA Compliant” is mandatory. But such standards can create a false sense of security; is simply checking the boxes and satisfying an annual audit really enough to keep attackers at bay? Do standards written over the course of decades adequately cover today’s rapidly evolving threat landscape? Are processes developed in the days of enterprise data-centers sufficient to protect containerized microservices running in the cloud?

The short answer is No: Merely being compliant is no longer enough. Digital leaders in proactive healthcare organizations — from providers to insurance companies — have realized that they must do much more to protect themselves from threats. Embracing DevSecOps and CI/CD gives healthcare organizations a strong foundation for security that goes beyond compliance with true full stack security observability. Read more “Beyond Checkboxes: 6 Cloud Security Measures All Healthcare Organizations Should Take”

AWS HIPAA Compliance Best Practices Checklist

All Things Compliance
4 Min Read

The Health Insurance Portability and Accountability Act, or HIPAA, is a United States law that seeks to protect the privacy of patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. It seeks to make health insurance coverage available to everyone — even those who lose their jobs. It also aims to lower the cost of healthcare by setting up standards in the electronic transmission of financial and administrative transactions. As well, HIPAA is designed to help fight abuse, waste, and fraud in insurance and healthcare delivery. The act also gave rise to the HIPAA Privacy Rule, which is the first set of American standards that protect the health information of patients. All health-related clearinghouses, providers, and insurance plans are covered by the act, as well as all companies in the country that are handling or storing healthcare data.

The good news is that you can use AWS and be HIPAA compliant. One way to strengthen HIPAA compliance is by leveraging Threat Stack’s Cloud Security Platform®, which provides healthcare companies – as well as business associates – with the most advanced solutions they need to meet a broad range of HIPAA compliance requirements. This post outlines nine essential best practices you should know about AWS HIPAA compliance. Read more “AWS HIPAA Compliance Best Practices Checklist”

50 Best Kubernetes Architecture Tutorials

Containers, Orchestration & Security
17 Min Read

Kubernetes is a multi-functional, container-centric platform for managing workloads and services. Given the fact that containers and container orchestration can dramatically improve costs, flexibility, and resilience, it’s no mystery why Kubernetes has soared in popularity since Google open-sourced it in 2014.

On one hand, it’s a powerful orchestration tool; on the other, it’s not a silver bullet that will solve all your problems. In fact, at the same time that it helps to manage dynamic infrastructure, it also introduces new vulnerabilities that pose a threat to security. To understand the value of Kubernetes, how to integrate it in a way that improves operational efficiency, and how to guard against the new vulnerabilities that container orchestration introduces, it’s critical that you have more than a passing knowledge.

So if you’re ready to start diving into Kubernetes, you’ve come to the right place. Below, we’ve curated a list of 50 top quality tutorials to help you fully understand Kubernetes architecture and best practices. Read more “50 Best Kubernetes Architecture Tutorials”

Go Behind the Scenes of a Docker Cryptojacking Attack

Containers, Orchestration & Security
2 Min Read

When Threat Stack security analyst Ethan Hansen saw an alert in a customer’s environment that read /temp [RANDOM] cnrig, he knew his afternoon was about to get interesting. As part of his role in the Threat Stack Cloud SecOps Program℠, Ethan regularly monitors customer environments and proactively investigates alerts like this on the customer’s behalf. In this case, his suspicions were warranted, and Threat Stack had identified an active Docker cryptojacking attack.

Ethan and Threat Stack Security Solutions Engineer John Shoenberger recently sat down with “Your System Called: A Threat Stack Podcast” to recount this investigation into a Docker cryptojacking attack, his process of putting together a specific list of actionable recommendations, and how he worked with the customer within an hour of the alert to mitigate the threat.

Read more “Go Behind the Scenes of a Docker Cryptojacking Attack”