How to Develop An Incident Response Checklist for Your SaaS Business

Earlier this week, we published a post that explains how to develop an Incident Response Plan (IRP) to prepare for when an incident inevitably impacts your SaaS business. In addition to having an Incident Response Plan that identifies your critical systems, data, risk profile, stakeholders, and so on, it’s vital to have an Incident Checklist that lays out the main action steps to take when an incident actually occurs — thereby ensuring that you’re able to respond, stay on track, and address priorities in a thorough and logical fashion.

With that in mind, this post tells you what to include in an Incident Response Checklist by outlining the main steps and action items you should take from the time you first become aware that an incident might be occurring, through the subsequent investigation and remediation stages, and on to the post-incident phase where you focus on making improvements that will help you handle future incidents more effectively. Read more “How to Develop An Incident Response Checklist for Your SaaS Business”

How to Develop an Incident Response Plan for Your SaaS Business

According to a 2018 IBM study on cybersecurity resilience, 77 percent of firms surveyed lack proper incident response plans, while 69 percent report insufficient funding for cyber resiliency. Where does your organization stand on this critical issue?

It’s best to accept that it’s not a matter of if your SaaS organization will encounter a security incident at some point in its lifetime but rather when. Operating within today’s security landscape, the time to “when” is shrinking daily. Therefore, it’s critical to develop a strong Incident Response Plan (IRP) before a threat hits, so you’re in a position to respond quickly and effectively.

In this post, we’ll walk you through the basic steps of putting an IRP in place so you can stay in control when an incident inevitably occurs and thereby reduce disruption, damage, recovery time, and costs. Read more “How to Develop an Incident Response Plan for Your SaaS Business”

How to Use Alerts to Become More Proactive About Security

We all understand the importance of being proactive about our health. Rather than waiting for symptoms of disease to land us in the ER, we eat healthy, exercise, and see our doctors annually (or at least we know we should!). So why do so many organizations fail to understand the importance of taking a proactive approach to security?

While many companies today are stuck in a mode where they’re continually reacting to alerts, true security maturity means using actionable alerts to proactively become more effective and to reduce risk over time. In this post, we’ll discuss how you can take a more proactive approach to alerting in order to strengthen your overall cloud security posture.

Read more “How to Use Alerts to Become More Proactive About Security”

Understanding Cryptojacking — Why It Matters to You and How to Defend Against It

Security researchers have recently uncovered several high profile cases of cryptojacking involving companies like Tesla and the LA Times. In these incidents, cryptocurrency “miners” illegally gained access to an organization’s public cloud services and exploited their computing power to generate more digital coins.

In this blog post, we’ll give you a basic primer on what cryptomining is, how it’s typically done, and how to avoid unintentionally exposing your company to cryptojackers. Read more “Understanding Cryptojacking — Why It Matters to You and How to Defend Against It”

Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)

With the challenges presented by today’s cloud security landscape, organizations with limited time and resources are taking a variety of approaches in their attempts to incorporate security into their operations practices. Some approaches work better than others, but none provide the silver-bullet solution that some organizations seek. Below, we’ll explore three popular strategies that sound promising but prove to be problematic — and we’ll propose a better way going forward. Read more “Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)”

Best SecOps Tools: 50 Must-Have Tools For Your SecOps Arsenal

SecOps is a multi-faceted function tasked with a variety of responsibilities, not the least of which is coming up with secure software and applications while maintaining the development and release cadence users demand. It’s no longer enough to just concern yourself with writing code and developing software. Today, adding security into the mix is considered a best practice — and it’s certainly one we live by at Threat Stack.

Fortunately, a number of tools can help SecOps professionals meet these demands and achieve business goals. From dashboards that let SecOps pros view all the essential metrics about their apps in one place, to hunting tools that help users detect patterns and pinpoint potential vulnerabilities, to tools that issue alerts when anomalies arise, to attack modeling tools that create a standardized taxonomy of security threats, and more, there are many types of tools that today’s SecOps pros should have in their arsenal.

In this post, we’ve rounded up 50 of the most useful tools for SecOps teams in the following categories: Read more “Best SecOps Tools: 50 Must-Have Tools For Your SecOps Arsenal”

People, Processes, & Technology: The 3 Elements of a Rockstar Security Organization

In our recent webinar, Automating Security & Compliance for Your Cloud Deployment, we explored ways that firms can scale their cloud security strategies through visibility and intrusion detection, security and compliance automation, and low-cost security practices.

Some organizations are especially successful when it comes to security preparedness. In the webinar, we discussed what makes the strongest teams stand out. It boils down to their unique approaches to people, processes, and technology and how theses elements are bound together by a common set of goals.

In this post, we’ll dig further into these three areas and define what you really need to create a rockstar security organization. Read more “People, Processes, & Technology: The 3 Elements of a Rockstar Security Organization”

Enhancing the Power of Your SIEM With Threat Stack’s Intrusion Detection Platform

Trying to manage security with only one security tool (or, for example, having to use log files alone) can be a major headache. The right combination, however — like a SIEM coupled with an intrusion detection platform — can produce great results, including better data, smaller amounts of data, shorter processing times, and lower operating costs. Read more “Enhancing the Power of Your SIEM With Threat Stack’s Intrusion Detection Platform”

The 7 Key Functions of a Modern Intrusion Detection Platform

When you’re making a mental shift away from legacy, on-prem security thinking, you may be wondering what an effective, modern security solution looks like. You may already know that you should prioritize detection and not focus solely on prevention, but what exactly goes into a best-case intrusion detection solution?

The graphic below should help you understand the five key components of intrusion detection. When considering what types of solutions to invest in, you want to make sure you have all of these bases covered from a technical point of view:

Beyond these core capabilities, we recommend that you keep the following  seven major requirements in mind in order to focus on the holistic goals of an IDP. Read more “The 7 Key Functions of a Modern Intrusion Detection Platform”

When It’s Time To Put An Engine In Your Cloud Security Lifeboat

Oftentimes companies wait until they grow to a certain size or have a full technology stack before they begin thinking seriously about security. The problem with this is that, statistically, it’s a matter of when you will have a security problem, not if.

So our observation is: If you wait until your company reaches some arbitrary milestone before implementing mature security practices, you may already be late to the game. (If you’ll pardon the obvious, it’s not a great practice to put your life jacket on after your boat gets in trouble; it’s much better to put it on at the very start — i.e., as soon as you board the boat.)

Security maturity actually has nothing to do with the size of your operations — and a great deal to do with how you manage the risk that is inherent in any environment. Even in the smallest companies, security can have a major impact. And we’re not just talking about implementing two-factor authentication or using VPNs (although these are, of course, important). We’re talking about the importance of starting to use a comprehensive approach to monitoring and protecting your infrastructure (on-prem, cloud, or hybrid) as early as possible.

The good news is, today you don’t need dozens of security tools or a major budget to start building end-to-end protection. But you do need to be smart about when and how you implement security. If you haven’t integrated security into your operations from Day 1, this post reviews four transformative events (planned or otherwise) that signal when it’s time to get serious about your organization’s cloud security maturity. Read more “When It’s Time To Put An Engine In Your Cloud Security Lifeboat”