The Difference Between Security Trick Plays and Security Fundamentals

I like watching great football plays on YouTube, but I especially like watching trick plays where players sell some sort of deception so their opponents take their eyes off the ball. Trick plays make great video clips and can win a football game if deployed at the right moment, but there’s a reason “blocking and tackling” are the fundamental skills, tasks, and roles necessary to function. Trick plays might be able to help a team win a football game, but if you show up without “blocking and tackling,” you’re definitely going to have a bad day. I bring this up because sometimes we confuse the trick plays with the fundamentals, and we do so at our own peril. That does not mean trick plays are bad or not helpful; it just means we can’t forget about the “blocking and tackling.”

These days we hear a lot of hullabaloo about machine learning (ML), and with good reason. However, it’s quickly becoming the “trick play” of security, the flashy new toy that leads people to overlook the “blocking and tackling” fundamentals. Read more “The Difference Between Security Trick Plays and Security Fundamentals”

How to Defend Against the runC Container Vulnerability

Earlier this week security researchers Adam Iwaniuk and Borys Poplawski published details on a vulnerability in runC, the underlying container runtime for Docker, Kubernetes, cri-o, containerd, and other container-dependent programs. The vulnerability, CVE-2019-5736 allows malicious containers to overwrite the host runC binary and gain root-level code execution on the host. This would give attackers the ability to run any command as a root-level user including the ability to create new containers using an attacker-controlled image or attach executables into an existing container that they have write access to.

A patch has been issued for CVE-2019-5736, and all users should update to the latest version of all their container management programs as soon as possible.
Read more “How to Defend Against the runC Container Vulnerability”

Transforming Alert Fatigue Into Proactive Security Management

In a recent study, 72% of CISOs stated that their teams are facing alert fatigue, while 82% of respondents to a Threat Stack survey indicated that alert fatigue is having a negative impact on their organization’s well-being and productivity.

Traditional approaches to managing security alerts have often driven teams into a reactive mode where they’re overwhelmed by huge volumes of noisy alerts or spend far too much time gathering information and digging around in log files. If this proliferation of data is transformed into relevant and actionable intelligence, however, teams can overcome alert fatigue, identify and respond to critical issues in real time, and reduce risk continuously over time.

In this post, we’ll take a look at some best practices on how you can move away from reactive, ad hoc tactics and adopt a structured, proactive approach by making alerts a key element of your overall information security strategy. Read more “Transforming Alert Fatigue Into Proactive Security Management”

Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions

Cloud security is one of the most rapidly changing technology landscapes out there. And naturally, the market for security tools is also constantly evolving as stakeholders continue to develop an understanding of how important a mature security posture is to the entire organization — from innovation to sales to ongoing brand and customer success.

Throughout the industry, different security solutions solve different problems for different types of businesses: There is no “one-size-fits-all-cloud-security-silver-bullet.” Being able to cut through the hype, promises, and buzz to figure out which solutions are actually suited to your specific use cases can be a challenge.

So in this post, we’re offering guidance on what some of the broader categories of cloud security solutions do and do not offer, and how they deliver security information and alerts to their end users. In turn, we’ll take a look at using Network IDS tools, using point solutions to build your own security stack, jumping into the emerging world of machine learning (ML), and deploying a comprehensive cloud security platform that not only provides a wide range of security functionality but also integrates security into your existing DevOps workflows and provides a foundation for constantly improving your security maturity. Read more “Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions”

21 Developers & Docker Experts Reveal the Biggest Mistakes People Make When Switching to Docker Containers

Containerized environments are increasingly popular, and Docker remains the most popular container solution for developers. But the process of moving from virtual machines to containers is complex. If you’re just getting started with Docker, check out our list of 50 useful Docker tutorials for IT professionals, which includes tutorials for beginners, intermediate users, and advanced Docker pros.

It’s common to make mistakes during the transition from VMs to Docker containers, and it’s important to remember that Docker won’t fix all your problems in the cloud. There are also security issues you need to weigh in order to keep your environment fully secure both during and after the transition. Threat Stack’s Docker integration offers full visibility into your container environment, alerting you to internal and external threats — along with the context needed to understand what happened during a security event so you can take appropriate action.

Aside from failing to implement robust security measures for your containerized environment, people make other common mistakes make when switching to Docker containers. To gain some insight into the most common, we reached out to a panel of Docker experts and asked them to answer this question:

“What’s the biggest mistake people make in switching to Docker containers?”

Read more “21 Developers & Docker Experts Reveal the Biggest Mistakes People Make When Switching to Docker Containers”

Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts

Increasingly, AWS users are leveraging multiple accounts to manage their infrastructure. While doing so is a recommended best practice that enables users to achieve the highest levels of resource and security isolation and to optimize operational costs, it can also increase the amount of time and effort required for effective administration and remediation.

As a remedy to this problem (and “account sprawl” in general), and as a means of providing more granular alerting and actionable data, Threat Stack has built two key functionalities into its Cloud Security Platform®:

  • The ability to view multiple AWS accounts from one central location: Our unified view reduces admin time and provides significant convenience because end users no longer need to gather information and alerts from multiple accounts. This means you can focus on business issues and not administration!
  • Rulesets that are focused on giving more granular alerting and context to your interactions with the AWS control plane: Our extensive out-of-the-box rulesets give customers increased control plane visibility and more granular tracking of AWS API actions within their accounts, and you still have the flexibility of creating new rules and modifying existing rules (as we have previously documented.)

Read on for more details. Read more “Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts”

50+ Best Cloud and Cloud Security Certifications

The growth of cloud technology has been phenomenal over the past few years, and it doesn’t show any signs of stopping. Companies of all sizes depend on cloud platforms, which is why the demand for IT professionals with cloud and cloud security certifications continues to increase.

This is excellent news for anyone working in IT or considering it as a career. This kind of demand helps with job security, something that’s pretty hard to come by these days. But don’t think that you can just walk in and grab a job in cloud computing without the right training; you need to have proven experience and expertise.

That’s where cloud certifications come in. When you receive a certification, it demonstrates to potential employers that you have the know-how they need. And it only gets better – in addition to making you a more attractive candidate and helping ensure job security, having cloud certifications can also lead to a bigger paycheck. Earning cloud certification is a definite step forward for any IT professional looking to advance their career. (And, of course, certifications are a great asset if you’re trying to strengthen your team or your company’s credibility.)

To help you take that next step forward, we’ve compiled a list of the top 50+ cloud and cloud security certifications. Read more “50+ Best Cloud and Cloud Security Certifications”

Deploying Compliant Kubernetes: Real World Edge Cases (Upcoming Webinar)

Deploying Compliant Kubernetes — Real World Edge Cases Webinar
January 24, 2019 | 1 PM ET

Are you deploying compliant Kubernetes clusters?

Our customer, Lola.com, is sharing insights on how they successfully migrated their PCI DSS-compliant environment from Amazon ECS to Kubernetes last year — and specific edge cases to help with future audits. Read more “Deploying Compliant Kubernetes: Real World Edge Cases (Upcoming Webinar)”