Join Threat Stack at re:Invent 2017

Secure the Strange Things Happening in Your Cloud

Booth #204 | November 27 – December 1 |  Las Vegas, NV

re:Invent 2017 is coming up fast! Threat Stack started attending in 2014, and the conference just keeps getting better.

We’re honored to be a sponsor again this year, and we’ve planned a lot of fun and informative activities. Here’s a brief preview: Read more “Join Threat Stack at re:Invent 2017”

How Allocadia Uses Threat Stack to Secure Infrastructure & Accelerate Sales

In this guest blog post, Sabino Marquez, Allocadia’s CISO, outlines his company’s experience using Threat Stack. Specifically, he explains how Threat Stack’s intrusion detection platform enabled Allocadia to secure its infrastructure, integrate security into Dev and Ops workflows, and significantly accelerate the sales cycle. Read more “How Allocadia Uses Threat Stack to Secure Infrastructure & Accelerate Sales”

New eBook: Myth Busting Intrusion Detection

Your Guide to Intrusion Detection for Modern Infrastructure

Many organizations that need cloud security are laboring behind a cloud of myths — unable to clearly define their requirements and match them to technology solutions and best practices that will enable them to operate securely at speed and scale in the cloud. Our new eBook — Myth Busting Intrusion Detection — is designed to clarify these issues. Read more “New eBook: Myth Busting Intrusion Detection”

Taking Care of Basics — Lessons From the Boston Cyber Security Summit

This year’s Cyber Security Summit: Boston was a tremendous success. It was rewarding to see so many business leaders, cyber experts, government officials, and thought leaders in one place, all dedicated to advancing the security of our cyber environment.

The event’s mission is to connect C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.

Parsed out, this meant that the event offered up a lot of valuable insights into the state of cyber security, an exhibit floor filled with leading solution providers demonstrating the latest products and services, and much practical advice on a multitude of security and compliance-related topics.

Threat Stack was honored to be a Gold Sponsor. We were also an exhibitor, and Sam Bisbee, our CSO, was well received for his contribution to one of the main panel discussions.

As usual with these gatherings, there was far too much going on to give a full recap here. However, I do want to focus on some of the highlights from the “Compliance Nightmare” panel, because it reminds us that we should never forget the basics. Read more “Taking Care of Basics — Lessons From the Boston Cyber Security Summit”

How to Secure a Non-Production Environment (Webinar Recap)

“This code is fine, right?”

“It should be…”

“Wait… but what about this configuration?”

“Fine, I’ll test it in dev…”

This conversation sounds all too familiar, right? Your non-production environments are the foundation for the tools, applications, and services you provide to your customers. The history of every code deployment, mistake, and refinement made to create your product can be found there.

While test and dev environments serve a different purpose from production environments, they too, can be open to the outside world and introduce risk if not secured. Chances are, the data you’re storing, analyzing, or processing in non-production environments are just as sensitive as the data you push out to production. So why skimp on security here just because it’s not a production environment?

Yesterday, we hosted a brief webinar (led by our Chris Gervais,  VP of Engineering) focusing on the importance of securing non-production environments and how to do so. In case you missed it, here’s the recording along with a written  recap. Read more “How to Secure a Non-Production Environment (Webinar Recap)”

What Makes a Misconfiguration Critical? AWS Security Tips

In the cloud, where there are no perimeters and limitless endpoints, there are many ways attackers can get direct access to your environment if you make the wrong move. Given the speed that companies are moving to and scaling in the cloud, it’s easy to miss a step along the way and leave your business wide open for an attack.

In a recent survey, we found that 73 percent of companies have critical AWS cloud security configurations. Issues like wide open SSH and infrequent software updates are among the top risks identified, and of course, some of the biggest exposures in the recent past (Verizon, Dow Jones, and the RNC) were the result of AWS S3 configuration errors. But there are many others that are more obscure, yet just as dangerous if left unaddressed.

So, how do you know whether a misconfiguration is going to put you at risk? And how do you identify where your gaps are? In this post, we’ll walk through the four signs of a critical misconfiguration, how to spot one, and how you can fix it — fast. Read more “What Makes a Misconfiguration Critical? AWS Security Tips”

This may be the scariest thing you read today . . .

A couple of weeks ago, we posted a survey so people could evaluate their cybersecurity savvy.

And the results are . . .

Well, let’s just say that most of us could brush up our security smarts.

Instead of reviewing the entire survey here, we’re going to focus on three of the questions where most of us were off the mark — and then, if you want, you can take (retake) the quiz to see how well you do. Read more “This may be the scariest thing you read today . . .”

Looking Back on Cybersecurity Awareness Month and a 365 Day Outlook

Cybersecurity Awareness Month may be coming to a close, but we have already set our eyes on the future. The question is: How can we stay “security aware” year round and, more importantly, translate this awareness into actions that will help keep our companies secure?

Cybersecurity has never been more important than in the past few years. It seems that every week, a major new breach hits the news headlines, leaving every company more and more worried about whether they’re next. This month — National Cybersecurity Awareness Month — has been a great reminder to verify whether your security protocols and practices are up-to-date and effective. But with the state of things today, you can’t afford to stop there.

We believe that done right, security is a 24/365 operation. If you’ve been following our blog, you’ve learned that there are many ways to streamline and automate security so it doesn’t require an army to maintain.

In this post, we’re wrapping up our best pieces of advice for you so that every month going forward can be cybersecurity month at your company. Read more “Looking Back on Cybersecurity Awareness Month and a 365 Day Outlook”

Hybrid Security: How to Protect a Complex Environment

It is very clear by now that the cloud has reached an inflection point. Public cloud investment continues its rapid expansion, driven in large part by business imperatives for speed and scale. Gartner projects 18% cloud growth in 2017, with an increase of 36.8% for IaaS. So, the odds are your company is running at least some of its infrastructure in the public cloud.

Of course, no matter how many benefits it offers, it is often not possible for organizations to make a clean leap to the cloud. Many find themselves with infrastructures that include cloud, multi-cloud, hybrid, on-premise, and containerized environments. So what do you need to do to protect these complex structures?

We recently conducted a survey with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) to learn more about the realities of hybrid environments today. Below are some of our findings as well as recommendations on how to secure your environment, no matter what it consists of. Read more “Hybrid Security: How to Protect a Complex Environment”