Meet the TUGG’s Guppy Tank: HiTech, the Next Generation

Every year around this time, Threat Stack looks forward to taking part in TUGG’s (Technology Underwriting Greater Good) ‘Tech Gives Back’ day.

Each TUGG event finds us doing something fun, different, and valuable for the community. This year we had the honor of hosting a class of grade 6 students for a fun Guppy Tank event. Yes, it’s what it sounds like… shark tank, for the littles, but with a serious business attitude. Read more “Meet the TUGG’s Guppy Tank: HiTech, the Next Generation”

A Straightforward Workflow to Define Your Cloud Security Strategy

Security is a big concern for organizations of pretty much every size and shape. Once you have organization-wide agreement that security is a priority (for most companies today, this is a no-brainer), it’s time to get to work.

So where do you start? Of course, you’ll need an individual or an interdisciplinary group to lead your security initiatives, but beyond that, it’s a matter of focusing on the right things at the right time to get your security program up and running as quickly and as smoothly as possible. Getting it done right should always be an objective, and getting it done quickly is also highly desirable — especially if you have a legal or customer requirement to become more secure.

In our latest webinar, “Automating Security and Compliance for Your Cloud Deployment,” Chris Gervais, Threat Stack’s VP of Engineering, and Katie Paugh, G2 Technology Group’s Security Architect discussed a simple workflow that every company can follow to successfully implement an effective security plan. Watch the full recording or read the main points below. Read more “A Straightforward Workflow to Define Your Cloud Security Strategy”

5 Years in Review: 5 Can’t-Miss Posts From Our Archive of 450+

Five years is a blink of the eye in time, but in technology, a lot can happen. This year, we’re celebrating the fifth year of the Threat Stack blog. We’ve been digging around our archives and analyzing the metrics to see what’s changed in the market since our inception, how our own product has evolved, and what topics are still tried and true.

Some things changed, and some stayed the same. Most interesting, we saw five of our personal favorite topics rise to the top in terms of article popularity. Some written several years ago, some written this year, they’re indicative of how the market is shifting and what companies are focused on today.

Without further ado, here are the five most-read articles of all time on our blog, and if you haven’t read them, data says you should. Read more “5 Years in Review: 5 Can’t-Miss Posts From Our Archive of 450+”

How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action

Want to take a peek at the World’s Worst Data Breaches? Here you go:

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/


Now that we’ve got that out of the way, let’s start this blog post over again. Our goal isn’t to frighten you or deepen the numbness you might already be feeling from the drip, drip, drip of bad cyber news.

It’s National Cybersecurity Awareness Month (NCSAM), which was launched in October 2004 as a collaboration between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security with the goal of raising awareness and providing education on cybersecurity issues.

The name is something of a misnomer, however. NCSAM is really designed to do more than make you aware of cyber risks. It’s bigger goal is to arm you with information and tools you can use to strengthen yourself, your social groups, and your businesses against the cyber criminals who prey on us.

In the spirit of NCSAM, we at Threat Stack want to do our part by sharing some of the advice our bloggers have offered on how to take action to protect yourself and your company from cyberattacks. With that in mind, here are summaries of four recent blogs. Read more “How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action”

11 Questions to Ask Before Investing in a Cloud Security Solution

Whether you’re in security, operations, or another related discipline, choosing the right cloud security products can be a complex process. With thousands of options, each with their own nuances, how do you know which tool, or mix of tools, is going to be right for your organization? The following questions are designed to help you identify the solutions that will fit your specific needs and requirements. Use them as you make your decision, and the entire process will be much more seamless. Read more “11 Questions to Ask Before Investing in a Cloud Security Solution”

6 Ways to Adopt a Cloud-Specific Security Paradigm

Cloud technologies and traditional security processes are as bad a match as stripes and polka dots. They simply aren’t built to mix well together. As companies adopt cloud technologies, security teams are scrambling to apply what they know to this new way of doing business. But they’re quickly realizing how different an on-prem mindset is from one that’s geared to the cloud. Namely because, in an on-premise environment, security is based on the perimeter. In the cloud, however, there is no defined perimeter, and a seemingly endless number of endpoints. In the face of this, security needs to shift in a major way.

In this post, we will define six ways you can effectively shift your security paradigm so it’s suited to a cloud-defined world. Read more “6 Ways to Adopt a Cloud-Specific Security Paradigm”

7 Ways Business Processes Have Changed the Need for Security

Considering how fast every facet of business is changing today, the job for Security teams has become much more complex — and critical. Not only are there more data and endpoints to protect, but there are also new threats and adversaries to detect.

Since speed and continuous release cycles can be a major competitive advantage for businesses, Security professionals need to identify ways of keeping up. In this post, we’ll cover seven important ways business processes are changing and how security can adapt to support the speed of business. Read more “7 Ways Business Processes Have Changed the Need for Security”

5 Security Blogs Your CFO Needs to Read

5 Security Blogs Your CFO Needs to Read

Before I started working at Threat Stack, security was not always at the top of my priority list. Now, as the CFO of a leading cloud security company, I’ve learned to take a more holistic view of security: I still view it as a necessity that ensures the safety of an organization’s data and systems, of course, but I also understand that it can be a powerful business enabler and business driver.

Put another way, I no longer view security as just an expense (a “necessary evil”?), and see it as an investment that adds ongoing value throughout the organization and beyond as it not only provides foundational security, but also bolsters corporate reputation, adds confidence to customer relations, streamlines sales cycles, reassures board members and investors, helps with achieving compliance, and so on.

In spite of the huge value it adds, security can still be something of a hard sell — especially in companies where resources, including budget, are limited. With that in mind, I want to use this post to share some of the things I’ve learned as CFO at Threat Stack. Read more “5 Security Blogs Your CFO Needs to Read”

What You Need to Know About the Apache Struts Vulnerability – Updated

Post updated by:
Christian Lappin,
Threat Stack Senior Security Engineer & David WeinsteinThreat Stack Senior Security Engineer

Four months ago we wrote the following:

The Apache Struts “vulnerability is . . . extra-concerning because exploiting it is trivial. Hackers can easily spot vulnerable systems, the Struts exploits are publicly available, and the attack is easy to carry out and repeat. Attackers need to modify just one line of code to trick servers into downloading malicious binary from the internet.”

We warned about the Apache Struts vulnerability before the massive cyber attack that Equifax Inc. experienced — or at least before Equifax announced the breach to the public. Read more “What You Need to Know About the Apache Struts Vulnerability – Updated”

See Threat Stack in Action

Get in touch for a demo of Threat Stack's comprehensive instrusion detection platform.

Request a Demo