Security Observability: Operationalizing Data in Complex, Distributed Systems

Dev & DevOps Knowledge, Security Research & Strategy
3 min Read

It’s 2018 — companies are using multiple cloud providers, shifting to microservices, moving monoliths into containers, or maybe even moving to a serverless-style architecture. And while these are the trendy things to do right now, are they right for the business today? Will they be right or wrong for the business tomorrow? Is what we’re doing too complex if the Next Big Thing comes along and you want to leverage it without having to complete a major lift-and-shift?

Regardless of the direction your company is moving in, change is a great opportunity to evaluate your security practices and consider how you can add observability to your operations. Read more “Security Observability: Operationalizing Data in Complex, Distributed Systems”

What’s In Our SecOps Stack: 6 Top Integrations

Security Research & Strategy
3 min Read

When it comes to creating a solid SecOps program, an organization must consider people, processes, and technology. It’s not one area that makes a secure program, but a combination of all three working together.

As good as our people are, however, they would not get far without systematic processes backed by powerful tools and integrations. Here at Threat Stack, we use the following tools to ensure that our organization is safe, secure, and operating effectively. Read more “What’s In Our SecOps Stack: 6 Top Integrations”

How to Find and Remediate Open Infrastructure Ports

AWS Security, Security Research & Strategy
3 min Read

The evidence is clear — open infrastructure ports lead to security vulnerabilities. When AWS S3 buckets or SSH ports are left open, they can leave your organization at risk for security breaches.

For example, in July 2018, an open S3 bucket at a political autodial company, Robocent, exposed nearly 2,600 files relating to political campaigns. The leak included voter records containing sensitive information such as phone numbers, gender, and birth dates. The files were then indexed by GrayHatWarfare, which has a database of 48,623 open S3 buckets.

Leaks like Robocent’s highlight the need for organizations to maintain visibility into where data is located within their cloud infrastructure, as well as whether the storage system is risk-appropriate given the sensitivity of the information. It’s easy, but never acceptable, for a fast-growing or seasonal organization like this one to lose track of that risk over time.

It’s important to ensure that certain gateways into your infrastructure are password protected or are configured properly to prevent events like this from affecting your organization. That’s why, in this post, we’re highlighting how to find and remediate open infrastructure ports. Read more “How to Find and Remediate Open Infrastructure Ports”

Black Hat USA 2018: A SecOps Recap

AWS Security, Security Research & Strategy
3 min Read

Last week, I had the pleasure of joining thousands of security researchers, vendors, marketers, press, and bloggers converging on the desert and Mandalay Bay for my first-ever Black Hat USA conference. Attendees discussed the newest research, latest technologies, scariest threats, and biggest trends in this crazy world of cybersecurity. If you weren’t lucky enough to be part of the fun, here’s a quick recap of Black Hat USA 2018 (aka Security Summer Camp). Read more “Black Hat USA 2018: A SecOps Recap”

Best Practices for User Access Management

AWS Security
4 min Read

Many organizations have policies in place that restrict internal access to information, but are they truly optimized for security and efficiency? In an age of sophisticated, ever-evolving infrastructure and equally sophisticated attacks, it’s time to get serious about user access management. In order to do so, you’ll need to take a SecOps approach, automating processes wherever possible and prioritizing strong security that is built in from the start. In this way, you can reduce the risk of human oversight and monitor to ensure that the correct policies are being followed consistently.

With the right user access management system in place, you can decrease costs and increase efficiency when it comes to hiring, onboarding, and ongoing security. Read on for best practices to help get you there. Read more “Best Practices for User Access Management”

What Would You Change About AWS Security?

AWS Security, Security Research & Strategy
13 min Read

20 Security Pros Reveal the One Thing They’d Change About AWS Security

AWS is one of the most popular cloud platforms among enterprises and even SMBs, and for good reason: The service is robust, with a variety of features and functionality to make management seamless. But managing an AWS environment still requires a good deal of technical expertise. What’s more, while AWS provides a multitude of options for securing your cloud environment, it’s not perfect, nor does it (or any cloud provider) promise complete, end-to-end security for your infrastructure, applications, and data — and users are responsible for filling in the gaps.

That is, of course, where Threat Stack comes into play, enabling you to secure your cloud infrastructure, as well as your cloud workloads, both at speed and at scale. To gain some insight into where AWS falls short and what users need to know to fully secure their cloud environment, we reached out to a panel of security pros and asked them to answer this question:

“If you could wave a magic wand and change one thing about AWS security what would it be?”

Read more “What Would You Change About AWS Security?”

50 Best Cloud Security Training Resources

Security Research & Strategy
18 min Read

The bad news is there’s a global shortage of trained cybersecurity professionals: According to PWC, there will be 1.5 million cybersecurity job openings by 2019, and the talent market is not expected to catch up any time soon. The good news is that hundreds of quality resources are available to help both established and up-and-coming cloud security professionals educate themselves.

If you’re looking for networking opportunities and access to specialized training in your areas of interest, attending cloud security conferences is an excellent way to rack up your credentials, so be sure to visit our list of 50 cloud security conferences to attend in 2018 and beyond.

If conferences aren’t a good option for you, there are lots of other professional development avenues you can take.  To help you in your cloud security training search, we’ve compiled a list of 50 different resources in a variety of categories, ranging from training courses to video content, whitepapers, and more — along with a few useful career resources to help you put those newly acquired skills to work.

It can be difficult to know which training resources are best for your situation, especially when you’re just beginning your career in cybersecurity. That’s why we’ve put this blog post together, grouping resources into logical categories that are intended to help you find resources that are best-suited to your specific needs.

Note: The cloud security training resources discussed below are not ranked in any way, and Threat Stack does not directly endorse any of them. We are simply providing them here for information purposes and have grouped them into logical categories for ease of navigation. Read more “50 Best Cloud Security Training Resources”

Threat Stack Quick Guide to Black Hat USA 2018

Security Research & Strategy, Threat Stack Use Cases
4 min Read

Booth #2316 | August 8 – 9 | Las Vegas, NV

Are you attending Black Hat this August? Threat Stack is, and we’d love to see you there!

With so many fascinating events going, we thought it would be helpful to create a Quick Guide to help you get the most out of your visit to Black Hat USA 2018.

If you can’t meet us there (we’ll miss you!), you can keep up with the latest happenings inside and beyond the exhibition floor through our blog and social media (follow @threatstack on Twitter). Read more “Threat Stack Quick Guide to Black Hat USA 2018”

What is the NIST Cybersecurity Framework?

All Things Compliance, AWS Security, Security Research & Strategy
3 min Read

You’ve SOC 2-ed from here to eternity, and you’ve got GDPR in the bag, but if you’re truly focused on security maturity, you know that your work is never done. So, what’s next? Perhaps it’s time to focus on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

Unlike GDPR and SOC 2, organizations will face no penalties for noncompliance with the NIST CSF: It’s purely voluntary. Nevertheless, it serves as a singular guideline that CISOs can look to in a world of fragmented cybersecurity regulations.

The framework was first developed in 2014, after President Obama recognized the growing risk to critical infrastructure. His Cybersecurity Enhancement Act (CEA) of that year called to expand the role of NIST to create a voluntary framework in order to identify “a prioritized, flexible, repeatable, performance-based, and cost-effective approach” to manage cyber threats. A 2017 executive order by President Trump took the framework a step further by making it federal government policy.

After years of gathering feedback, version 1.1 of the framework was released in 2018 to provide “a more comprehensive treatment of identity management,” as well as additional information on managing supply chain cybersecurity. As a living document, the NIST CSF will continue to evolve as the industry provides feedback on implementation.

As the standard developed by the United States for managing cybersecurity risk, organizations would do well to take heed. As with any standard, choosing to comply with the NIST CSF demonstrates to your clients that you’re serious about security, while improving your overall security posture and lessening the risk of a data breach and the resulting financial losses, client churn, and reputational loss that go along with it.

Below we’ll help you understand some of the main points of the NIST CSF so you can begin putting it into practice. Read more “What is the NIST Cybersecurity Framework?”

Why Kubernetes is Not a Silver Bullet

Containers, Orchestration & Security, Security Research & Strategy
3 min Read

Container adoption is on a meteoric rise. Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. It’s not hard to see why — containers’ offer greater DevOps flexibility along with an optimized build/deployment pipeline.

The surge in container adoption is the driving force behind a new phenomenon in developer circles that we at Threat Stack lovingly refer to as “Kubernetes FOMO.” Eager to get on board with the most popular orchestration platform around, organizations are jumping on the Kubernetes bandwagon.

And why not? Kubernetes speeds container deployment and enables the management of multi-container clusters at scale. It allows for continuous integration and delivery; handles networking, service discovery, and storage; and has the ability to do all that in multi-cloud environments.  

Some would call Kubernetes a silver bullet in the world of container deployment and management, but that doesn’t mean it comes without security concerns. In this post, we’ll discuss a few things to watch out for if you’re considering a move to Kubernetes, as well as some tips on ensuring that your infrastructure remains secure during a transition. Read more “Why Kubernetes is Not a Silver Bullet”