Create a Security Risk Assessment for Containers in 5 Steps

When adopting containers, organizations need to create a risk profile for the types of threats and vulnerabilities they expect to experience. This type of analysis is especially important with containers, since the attack surface increases significantly, while the level of security visibility across hosts, containers, and the infrastructure control plane decreases.

For example, one of the most prominent attack scenarios in containers is the idea of blast radius. After the initial point of compromise, an attacker can escalate privileges quickly to gain control of other containers in the cluster. Since attackers are looking for the greatest returns for the least amount of effort, a vulnerable Kubernetes or Docker cluster may be a great place to strike quickly and do a lot of damage across a wide attack surface.

New, sophisticated attacks to cloud infrastructure emerge every day. But, if you follow the five steps outlined below to create a cybersecurity risk assessment, you can anticipate where your organization may be most vulnerable and strengthen your system’s security accordingly before an attacker gets the chance to strike. Read more “Create a Security Risk Assessment for Containers in 5 Steps”

Best Practices for User Access Management

Many organizations have policies in place that restrict internal access to information, but are they truly optimized for security and efficiency? In an age of sophisticated, ever-evolving infrastructure and equally sophisticated attacks, it’s time to get serious about user access management. In order to do so, you’ll need to take a SecOps approach, automating processes wherever possible and prioritizing strong security that is built in from the start. In this way, you can reduce the risk of human oversight and monitor to ensure that the correct policies are being followed consistently.

With the right user access management system in place, you can decrease costs and increase efficiency when it comes to hiring, onboarding, and ongoing security. Read on for best practices to help get you there. Read more “Best Practices for User Access Management”

How to Use Threat Stack to Enable Proactive Security

We recently discussed some pretty sobering statistics in the world of cybersecurity, ranging from astronomical misconfiguration rates to the depressing lack of speed with which breaches are detected. Not only are attacks more sophisticated than ever before, but infrastructure is too, with sensitive data spread across various servers, service providers, containers, and even SaaS platforms. No matter how worrisome these statistics, however, each and every one can be mitigated, for the most part, when an organization takes a proactive approach to security.

So what does a proactive security approach look like, exactly? It involves SecOps best practices, where Security is integrated with Development and Operations from the outset and where communication between teams takes priority. It also means putting in place repeatable processes and replacing costly, time-consuming, ad hoc procedures with automation wherever possible.

Transforming your culture to support a proactive security culture can be a daunting prospect to be sure. While 85% of respondents to our recent survey said that employing SecOps best practices is an important goal for their organizations, only 35% reported that SecOps is currently an established practice. Held back by overworked and under-resourced security professionals thanks to an industry-wide skills gap, many organizations simply don’t know where to begin when it comes to establishing a more proactive security posture.

Here’s the good news. The Threat Stack Cloud Security Platform® enables your Security and Operations teams to build security into their workflows from the start to make your organization’s approach to security more proactive. Here’s how. Read more “How to Use Threat Stack to Enable Proactive Security”

How to Develop An Incident Response Checklist for Your SaaS Business

Earlier this week, we published a post that explains how to develop an Incident Response Plan (IRP) to prepare for when an incident inevitably impacts your SaaS business. In addition to having an Incident Response Plan that identifies your critical systems, data, risk profile, stakeholders, and so on, it’s vital to have an Incident Checklist that lays out the main action steps to take when an incident actually occurs — thereby ensuring that you’re able to respond, stay on track, and address priorities in a thorough and logical fashion.

With that in mind, this post tells you what to include in an Incident Response Checklist by outlining the main steps and action items you should take from the time you first become aware that an incident might be occurring, through the subsequent investigation and remediation stages, and on to the post-incident phase where you focus on making improvements that will help you handle future incidents more effectively. Read more “How to Develop An Incident Response Checklist for Your SaaS Business”

How to Develop an Incident Response Plan for Your SaaS Business

According to a 2018 IBM study on cybersecurity resilience, 77 percent of firms surveyed lack proper incident response plans, while 69 percent report insufficient funding for cyber resiliency. Where does your organization stand on this critical issue?

It’s best to accept that it’s not a matter of if your SaaS organization will encounter a security incident at some point in its lifetime but rather when. Operating within today’s security landscape, the time to “when” is shrinking daily. Therefore, it’s critical to develop a strong Incident Response Plan (IRP) before a threat hits, so you’re in a position to respond quickly and effectively.

In this post, we’ll walk you through the basic steps of putting an IRP in place so you can stay in control when an incident inevitably occurs and thereby reduce disruption, damage, recovery time, and costs. Read more “How to Develop an Incident Response Plan for Your SaaS Business”

How to Use Alerts to Become More Proactive About Security

We all understand the importance of being proactive about our health. Rather than waiting for symptoms of disease to land us in the ER, we eat healthy, exercise, and see our doctors annually (or at least we know we should!). So why do so many organizations fail to understand the importance of taking a proactive approach to security?

While many companies today are stuck in a mode where they’re continually reacting to alerts, true security maturity means using actionable alerts to proactively become more effective and to reduce risk over time. In this post, we’ll discuss how you can take a more proactive approach to alerting in order to strengthen your overall cloud security posture.

Read more “How to Use Alerts to Become More Proactive About Security”

Understanding Cryptojacking — Why It Matters to You and How to Defend Against It

Security researchers have recently uncovered several high profile cases of cryptojacking involving companies like Tesla and the LA Times. In these incidents, cryptocurrency “miners” illegally gained access to an organization’s public cloud services and exploited their computing power to generate more digital coins.

In this blog post, we’ll give you a basic primer on what cryptomining is, how it’s typically done, and how to avoid unintentionally exposing your company to cryptojackers. Read more “Understanding Cryptojacking — Why It Matters to You and How to Defend Against It”

Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)

With the challenges presented by today’s cloud security landscape, organizations with limited time and resources are taking a variety of approaches in their attempts to incorporate security into their operations practices. Some approaches work better than others, but none provide the silver-bullet solution that some organizations seek. Below, we’ll explore three popular strategies that sound promising but prove to be problematic — and we’ll propose a better way going forward. Read more “Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)”

Best SecOps Tools: 50 Must-Have Tools For Your SecOps Arsenal

SecOps is a multi-faceted function tasked with a variety of responsibilities, not the least of which is coming up with secure software and applications while maintaining the development and release cadence users demand. It’s no longer enough to just concern yourself with writing code and developing software. Today, adding security into the mix is considered a best practice — and it’s certainly one we live by at Threat Stack.

Fortunately, a number of tools can help SecOps professionals meet these demands and achieve business goals. From dashboards that let SecOps pros view all the essential metrics about their apps in one place, to hunting tools that help users detect patterns and pinpoint potential vulnerabilities, to tools that issue alerts when anomalies arise, to attack modeling tools that create a standardized taxonomy of security threats, and more, there are many types of tools that today’s SecOps pros should have in their arsenal.

In this post, we’ve rounded up 50 of the most useful tools for SecOps teams in the following categories: Read more “Best SecOps Tools: 50 Must-Have Tools For Your SecOps Arsenal”

People, Processes, & Technology: The 3 Elements of a Rockstar Security Organization

In our recent webinar, Automating Security & Compliance for Your Cloud Deployment, we explored ways that firms can scale their cloud security strategies through visibility and intrusion detection, security and compliance automation, and low-cost security practices.

Some organizations are especially successful when it comes to security preparedness. In the webinar, we discussed what makes the strongest teams stand out. It boils down to their unique approaches to people, processes, and technology and how these elements are bound together by a common set of goals.

In this post, we’ll dig further into these three areas and define what you really need to create a rockstar security organization.
Read more “People, Processes, & Technology: The 3 Elements of a Rockstar Security Organization”