What is Cloud Workload Security?

A cloud workload is a distinct capacity or work function that we put on a cloud instance. It can be a Hadoop node, a Web server, a database, or a container, among other things.

Broadly speaking, therefore, cloud workload security is any means of protecting these workloads.

There is a common misconception that securing your workloads is the responsibility of the cloud service provider. But that’s not true if you work with an “infrastructure as a service” (IaaS) model such as Amazon Web Services. With IaaS, you share some of that responsibility. In some instances, you would need to extend the security policies, tools, and controls you have for your onsite systems to the cloud in order to secure these workloads. A widespread failure to fully understand and act on the shared responsibility model is demonstrated in a November 2017 survey, where we found that 73% of companies have at least one critical AWS security misconfiguration.

With Threat Stack, a leader in cloud-native security and compliance management, you can better secure your cloud environment and cloud workloads. Our Cloud Security Platform® is designed to meet the unique challenges facing Security and Operations teams working in the cloud. Let’s take a look at the common threats facing cloud workloads along with best practices for enhancing cloud workload security. Read more “What is Cloud Workload Security?”

Threat Stack Introduces Bulk Data Export Feature

One of the biggest benefits of the Threat Stack Cloud Security Platform® is the deep level of visibility we bring to observing operator behaviors in customers’ cloud runtime environments. We frame this discussion in terms of “security observability,” and it can be distilled into a single question: “If suspicious or risky behaviors occur on one of your servers, what can you see and how quickly can you see it?” Read more “Threat Stack Introduces Bulk Data Export Feature”

9 Core & Specialty AWS Security Certifications

Cloud computing has become a necessity for almost all businesses. Given this reality, there is a significant need to design, develop, deploy, manage, and secure workloads in the cloud.

AWS offers a multitude of certifications, and having relevant certifications is an important way you can demonstrate cloud credibility and competence as an individual and how your organization can demonstrate value to its customers.

With that in mind, here’s a list of nine key AWS Security Certifications to consider. Whether you’re just starting to build your cloud credentials, looking to expand your skills and expertise in a particular area, or want to deepen your expertise, there should be something to match your needs among these industry-recognized certifications. Read more “9 Core & Specialty AWS Security Certifications”

Threat Stack Announces New and Enhanced CloudTrail Rules

As AWS continues to expand its services landscape, Threat Stack has made a commitment to keeping in step by crafting additional coverage that keeps your cloud environment secure. The latest additions we’ve made to Threat Stack’s CloudTrail rules are focused on giving more granular alerting and context to your interactions with the AWS control plane.

Threat Stack has significantly expanded the CloudTrail Base Ruleset in its Cloud Security Platform®. Not only have we increased the number of rules from 26 to 87 — we have also provided rules for five AWS Services that were not covered previously (DynamoDB, Elastic Container Service, Elastic Kubernetes Service, Security Token Service, and AWS Support). And don’t forget — the Cloud Security Platform still gives you the flexibility to create custom rules based on CloudTrail event data.

While we’re not going to comment on all 87 rules in this post, we are going to focus on important highlights, including:

  • New rules to cover five additional AWS Services
  • Expanded rules for Identity and Access Management (IAM)
  • Expanded rules for Virtual Public Cloud (VPC)

The new rules for five additional AWS Services are discussed in Part 1 below, while Part 2 gives an overview of the expanded rules for AWS Services that we already support. Read more “Threat Stack Announces New and Enhanced CloudTrail Rules”

Detecting Unsafe Data Deserialization With Threat Stack

Insecure data deserialization first made its way into OWASP’s 2017 Top 10 list by way of community feedback. In the history of application security, that makes it a relatively new vulnerability that can be harder to detect due to the way it uses popular code libraries that are commonly used in web development.

The Threat Stack Cloud SecOps Program℠ exists not only to monitor customer environments and investigate alerts, but also to work with customers to help them improve their security postures. Occasionally, here in the SecOps Program’s security operations center (SOC), we get questions about the detection capability of the Threat Stack Cloud Security Platform®, and whether it is capable of detecting new and advanced attack vectors. (Our system uses behavioral detection, which is an extremely robust methodology for detecting new and old attack techniques.)

In this post, I’ll walk through how my colleagues and I in the SOC addressed an inquiry regarding a specific insecure deserialization exploit seen in the wild. Read more “Detecting Unsafe Data Deserialization With Threat Stack”

Aligning SecOps Teams With Compliance Roadmaps

Compliance is essential, and organizations need to get it right. Despite the importance of compliance, organizations often treat it as an afterthought, rather than a business driver. Some see it as a hurdle or uninvited challenge, even though it can have a significant positive impact on the business.

With the rise of new compliance frameworks like GDPR, the stakes are even higher. If you aren’t compliant, there are heavy fines. Now, more than ever, it’s time to ensure that your organization is adhering to the applicable compliance guidelines.

In this post, we show how SecOps teams can align with compliance roadmaps to drive a more continuous, proactive approach to meeting compliance objectives. Read more “Aligning SecOps Teams With Compliance Roadmaps”

AWS re:Invent 2018 Recap: Security, DevOps, ML, & Hybrid Cloud Take Center Stage

Another year at AWS re:Invent has come and gone. As usual it was a jam packed show full of exciting announcements, great keynotes, sessions, and interesting conversations. In case you couldn’t make it to Vegas this year or could use a summary of what you missed while you were running between sessions, here are some of the highlights from our week in the desert. Read more “AWS re:Invent 2018 Recap: Security, DevOps, ML, & Hybrid Cloud Take Center Stage”

Inside a Docker Cryptojacking Exploit: Webinar Preview

Inside a Docker Cryptojacking Exploit Webinar
Dec 13, 2018 | 1:00 P.M. ET

Container usage is on the rise, and tools like Docker are a key element in successful container deployments. Almost every organization operating in a DevOps environment sees the benefits of containers, but it’s important to remember that services like Docker are not security tools.

Coming up on December 13, Ethan Hansen a security analyst for the Threat Stack Cloud SecOps Program℠ will discuss an active cryptojacking exploit attempt he observed within a Docker container environment and how it was identified and mitigated. Read more “Inside a Docker Cryptojacking Exploit: Webinar Preview”

Three Old-School Network Security Tips That (Still!) Work for Modern Infrastructure

The adage “Everything old is new again,” rings true in the cybersecurity industry as much as anywhere else. Some of the best practices from old-school network security still apply to modern virtual server or containerized environments.

Even though hackers are becoming increasingly sophisticated with their attacks, applying some of these oldies but goodies to your arsenal could help reduce the risk of a security incident or breach.

Here are a few security best practices that stand the test of time. Read more “Three Old-School Network Security Tips That (Still!) Work for Modern Infrastructure”

50 Useful Kubernetes Tutorials for IT Professionals

Technologies like Docker have made it easier to continuously deploy applications across any number of host servers. They eliminate the need for having your own virtual machine because all the code and configuration settings you need to run your app is packaged into one container.

Google created Kubernetes to automate a number of tasks and processes involved in managing containerized apps. You can use Kubernetes to automatically deploy, scale, and decommission containerized applications. Of course, Kubernetes is not a silver bullet, and Kubernetes deployments have opened up a new set of infrastructure security concerns for DevOps teams. That’s why it’s important to be well versed in how to work with Kubernetes, as well as the tactics and solutions you can employ to create a more secure environment. For instance, Threat Stack now provides security and IT leaders transitioning to container-based infrastructure with the expertise and enhanced security visibility necessary to effectively manage the addition of container-based cloud environments through our Threat Stack Cloud Security Platform® and Threat Stack Cloud SecOps Program℠.

If you are planning to take a systematic approach to learning Kubernetes, then you should be on the lookout for quality tutorials. The good news is that a lot of resources are available online. There are also more structured courses that sometimes offer certification — if you’re willing to pay, that is. Read more “50 Useful Kubernetes Tutorials for IT Professionals”