Blog – Threat Stack

22 Most Under-Used AWS Security Metrics

22 AWS Security Pros Reveal the Most Underused/Under-Appreciated AWS Security Metrics

AWS offers a variety of built-in security features that users can take advantage of, but it’s easy for users of all experience levels to get lost in the sea of options and metrics. In fact, in a November 2017 survey, we found that 73% of companies have critical AWS cloud security misconfigurations, and more than one-fourth (27%) were not taking advantage of AWS-native security services like CloudTrail. (Misconfigurations are considered critical if they reduce or eliminate visibility for security or compliance, if they can be leveraged in a direct or complex attack, or if they enable trivial attacks on an AWS console.)

As an AWS Advanced Security Competency Partner, Threat Stack integrates deeply into AWS to provide its customers with unprecedented visibility, more advanced security capabilities, and a cloud-native user experience. Threat Stack’s CloudTrail integration, for instance, bridges the visibility gap between your AWS services and the core systems running in your cloud, giving you automatic alerts about changes to your instances, security groups, S3 buckets, and access keys.

Visibility is essential for sound AWS security, and continuously monitoring your security metrics is a must. Still, while many users understand the importance of ongoing monitoring, many AWS security metrics go underutilized (or ignored). To gain more insight into these important, yet often overlooked security metrics, we reached out to a panel of AWS security experts and asked them to answer this question:

“What’s the most under-used / under-appreciated metric when it comes to AWS security?”

Creating Custom CloudTrail Rules in Threat Stack

AWS Security, Security Research & Strategy, Threat Stack Use Cases
9 Min Read • Paul Ivanivsky

The Threat Stack CloudTrail Base Ruleset has several out-of-the-box rules that alert users on activity within some of AWS’s most popular services (also the ones most prone to attack), including S3, IAM, Glacier, and Lambda. We do this to supplement our Configuration Auditing functionality, and given that AWS has over 100 services, we want to arm you with the ability to create custom CloudTrail rules in the Threat Stack Cloud Security Platform^® based on the specific AWS services you leverage.

In this post, we cover three examples of one of Threat Stack’s most powerful capabilities — the ability to create, clone, and edit CloudTrail-specific rules. We briefly discuss the scenario that explains why we’re crafting the rule and why it’s important to our organization; we also look at the methodology for creating the rule; and finally we test the rule to make sure it works.

In the three examples that follow, we explain how to create custom rules for Route53, DynamoDB, and EBS Volumes. Read more “Creating Custom CloudTrail Rules in Threat Stack”

50 Best Cloud Security Podcasts

AWS Security, Security Research & Strategy
20 Min Read • Mark Moore

Some of the earliest podcasters were influencers in the technology and online space. For well over a decade, programs that specifically discuss security news and topics have been keeping people up to date on data and systems safety. For many, it’s the ideal medium to learn about the latest happenings in the industry via a convenient and enjoyable format.

With that in mind, we have put together a listing of 50 of the best cloud security podcasts we know about. The hosts and programs on the list are experts from many different technical backgrounds. Their content can benefit professionals in security, programming, or almost any technical role. So whether you’re in a security role or just find yourself interested in some of the big data news that seems to be looming ever larger, you’ll find them useful and, oftentimes, entertaining.

Note: Our list of podcasts is not ranked in terms of perceived value or quality of content. What we have provided is a brief description of each of the podcasts as well as three pertinent episodes for each that you may want to download.

Before we dive into our podcast list, we want to call out two podcasts:

First, we want to draw your attention to the Security Weekly podcast which has a great discussion of Threat Stack and its 14 Questions to Ask Yourself Before Committing to a Cybersecurity Vendor blog post. Check it out in this episode: Malware: Endpoint Defense – Enterprise Weekly #49 (starting at 8:10 minutes).
And second, GDPR is still a major topic of discussion for many, so if you’re continuing to deal with GDPR issues, take a look at The GDPR Guy podcast, which is devoted to GDPR information and opinions. It’s a great example of how podcasts can zero in on a particular topic, and how — across the podcasting spectrum — there seems to something to meet everyone’s needs.

Join Threat Stack at “Builders of Tomorrow”

Containers, Orchestration & Security
1 Min Read • Hannah Klemme

Making a Secure Transition to Containers

September 27 | LEGOLAND | Somerville, MA

We’re super excited to announce our upcoming event — Builders of Tomorrow — a container security meetup at LEGOLAND in Somerville, MA.

Come hear from a rockstar team of container security leaders including:

Todd Morneau, Director of Product at Threat Stack
Jay Vyas, core contributor to Kubernetes and technologist at Black Duck
Hemant Kapoor, Global Head of SRE at Wayfair
Kevin Landt, Director of Product Management, OpsGenie
Ryan Wallner, Technical Manager Portworx

We also have a surprise guest speaker you won’t want to miss!

This will be our first security-driven container event. Builders of Tomorrow is the only event that brings engineers, IT managers, SREs, and thought leaders together in a single forum to explore how teams can scale and secure modern applications in a transitioning world.

Builders of Tomorrow

Where: LEGOLAND Discovery Center Boston: 598 Assembly Row, 2nd Floor, Somerville, MA

When: Thurs, September 27, 2018, 5:00 – 9:00 p.m. EDT

Registration: If you haven’t registered already, reserve your tickets now.

What to Expect

The event will feature a mix of thought provoking sessions, expert panels, and hands-on build workshops with industry leaders and hands-on practitioners alike.

Between sessions, attendees will have the opportunity to exchange ideas with their peers and network at one of the most exciting venues in the Boston area.

Did we mention we have access to all LEGOLAND exhibits/attractions including?

Build Center
Lego Themed Escape Room
Roller Coaster
Star Wars Episode 2 Exhibit
Full Catered Beer, Wine, and Food

Security by Design or by Accident

AWS Security, Security Research & Strategy
2 Min Read • Matt Getty

Security has such a large number of subtopics that it’s sometimes difficult to define what the field looks like as a whole. It means something vastly different to a Security Engineer, a CISO, and a Developer. Realistically, at most companies, Security is the prevention of leaking customer data or exposing secrets. Usually this manifests as “let’s make sure only the logged-in user can view this information” or “make sure the password is stored securely.” These are important, but they don’t cover enough. Read more “Security by Design or by Accident”

Create a Security Risk Assessment for Containers in 5 Steps

Containers, Orchestration & Security, Security Research & Strategy
4 Min Read • Christian Lappin

When adopting containers, organizations need to create a risk profile for the types of threats and vulnerabilities they expect to experience. This type of analysis is especially important with containers, since the attack surface increases significantly, while the level of security visibility across hosts, containers, and the infrastructure control plane decreases.

For example, one of the most prominent attack scenarios in containers is the idea of blast radius. After the initial point of compromise, an attacker can escalate privileges quickly to gain control of other containers in the cluster. Since attackers are looking for the greatest returns for the least amount of effort, a vulnerable Kubernetes or Docker cluster may be a great place to strike quickly and do a lot of damage across a wide attack surface.

New, sophisticated attacks to cloud infrastructure emerge every day. But, if you follow the five steps outlined below to create a cybersecurity risk assessment, you can anticipate where your organization may be most vulnerable and strengthen your system’s security accordingly before an attacker gets the chance to strike. Read more “Create a Security Risk Assessment for Containers in 5 Steps”

45 Useful and Informative GDPR Presentations & Resources

All Things Compliance
14 Min Read • Hank Schless

The months leading up to May 25, 2018 produced a steady barrage of articles urging organizations to get ready for the GDPR and warning about the consequences of failing to comply.

After May 25? . . . To be honest, not much. There are still lots of articles — “Tips For What Comes After,” “What to Watch For” — but no big stories. And therefore, it has been tempting to take a bit of a snooze.

But not so fast. Just because the headlines haven’t been filled with stories about violations and massive fines, that doesn’t mean you can sit back and do nothing if you’re operating within reach of the GDPR. The GDPR became fully enforceable on May 25, 2018, and fines for non-compliance can reach up to 20 million Euros or 4 percent of an organization’s annual global turnover for the preceding financial year, whichever is higher.

While it’s too early for these fines to have been imposed, it’s not too early to take another look at the GDPR and then strategically determine what you still need to do to ensure that your systems and processes are protecting your organization and your customers’ data.

Our advice? If you come under the GDPR — which is binding and applicable without the need for national governments to pass any enabling legislation — do your homework, shore up any deficiencies, and take whatever measures you need to become compliant or to maintain compliance.

And remember: While there are challenges to the GDPR, there are also opportunities, including the opportunity to create visibility and control over the data in your systems as well as the opportunity to build greater trust with your customers.

To help you out, we’ve put together this catalogue of 45 useful and informative resources that provide guidance on an extensive array of GDPR-related issues and topics. Read more “45 Useful and Informative GDPR Presentations & Resources”

Top Compliance Pain Points by Industry

All Things Compliance, Security Research & Strategy
4 Min Read • Lindsey Ullian

Whether you are adhering to mandatory regulations or voluntary cybersecurity frameworks, taking compliance seriously can be a huge boon to your organization. It can help you avoid costly penalties, signal to your customers that you’re serious about security, and improve your organization’s overall security maturity. Meeting compliance requirements can also help open your business up to new markets, whether you’re targeting specific industry verticals or going after international customers, and finally, it can speed up your sales process along the way.

But let’s be honest: Compliance can seem like a necessary evil. It’s time consuming and complex, and it can be a huge pain in the you-know-what. Just because the benefits outweigh the costs doesn’t make the process any less painful.

Certain frameworks make their pain felt across industries. GDPR, for example, applies to any organization doing business even nominally in Europe and requires notification of a breach within 72 hours. SOC 2 is a rigorous standard that applies to any company operating in the cloud, and one of the main challenges for Threat Stack in achieving SOC 2 compliance was eliminating the disconnect between our engineering team’s tickets and the code associated with those tickets.

Other compliance frameworks reserve their pain for specific industries, and those can feel especially burdensome. What are the main pain points by industry, and, more importantly, how can you mitigate them? We dig into the specifics below. Read more “Top Compliance Pain Points by Industry”

How a DevOps Recruiter Hires for Containers and Serverless

Containers, Orchestration & Security, Dev & DevOps Knowledge, Security Research & Strategy
5 Min Read • Shaun Kelly

A Q&A With Michael Race, Head of DevOps, Salt Digital Recruitment

When it comes to hiring for DevOps, there’s much to consider, especially if you’re looking for someone to manage containers and serverless infrastructure. There’s no doubt that it’s a talent-driven market — DevOps professionals are in demand.

In this competitive environment, how do you make the right choice about who to hire? According to Michael Race, Head of DevOps at Salt Digital Recruitment, patience is a must. But even if you’ve got time on your side, you still want to make hires that prioritize security, can advocate for tools and methodology, and have experience creating DevOps environments.

We sat down with Michael recently to get his perspective on hiring for containers and serverless. Michael — who’s helped dozens of companies fill DevOps roles — shared his thoughts on where security fits in, what he likes to see in a candidate, as well as red flags that may crop up. Read more “How a DevOps Recruiter Hires for Containers and Serverless”

Threat Stack Blog