Containers bring many benefits to DevOps teams along with a number of security concerns. This post brings you details about 50 Docker training resources that are designed to train beginner, intermediate, and advanced practitioners on current knowledge about Docker. Read more “50 Useful Docker Tutorials for IT Professionals (from Beginner to Advanced)”
Last month we announced that a containerized version of the Threat Stack Agent was coming soon for customers who are using containers to deploy cloud workloads. Today, we are excited to announce that our Docker Containerized Agent is now generally available up on Docker Hub. As cloud infrastructure shifts more heavily towards containers, we are pleased to bring this option to market as a way to gain unmatched visibility into the entire infrastructure — hosts, containers, and the control plane — to ensure that our customers have the best cloud security monitoring and alerting in place across all their assets. Read more “Threat Stack Announces General Availability of Its Docker Containerized Agent”
22 AWS Security Pros Reveal the Most Underused/Under-Appreciated AWS Security Metrics
AWS offers a variety of built-in security features that users can take advantage of, but it’s easy for users of all experience levels to get lost in the sea of options and metrics. In fact, in a November 2017 survey, we found that 73% of companies have critical AWS cloud security misconfigurations, and more than one-fourth (27%) were not taking advantage of AWS-native security services like CloudTrail. (Misconfigurations are considered critical if they reduce or eliminate visibility for security or compliance, if they can be leveraged in a direct or complex attack, or if they enable trivial attacks on an AWS console.)
As an AWS Advanced Security Competency Partner, Threat Stack integrates deeply into AWS to provide its customers with unprecedented visibility, more advanced security capabilities, and a cloud-native user experience. Threat Stack’s CloudTrail integration, for instance, bridges the visibility gap between your AWS services and the core systems running in your cloud, giving you automatic alerts about changes to your instances, security groups, S3 buckets, and access keys.
Visibility is essential for sound AWS security, and continuously monitoring your security metrics is a must. Still, while many users understand the importance of ongoing monitoring, many AWS security metrics go underutilized (or ignored). To gain more insight into these important, yet often overlooked security metrics, we reached out to a panel of AWS security experts and asked them to answer this question:
“What’s the most under-used / under-appreciated metric when it comes to AWS security?”
The months leading up to May 25, 2018 produced a steady barrage of articles urging organizations to get ready for the GDPR and warning about the consequences of failing to comply.
After May 25? . . . To be honest, not much. There are still lots of articles — “Tips For What Comes After,” “What to Watch For” — but no big stories. And therefore, it has been tempting to take a bit of a snooze.
But not so fast. Just because the headlines haven’t been filled with stories about violations and massive fines, that doesn’t mean you can sit back and do nothing if you’re operating within reach of the GDPR. The GDPR became fully enforceable on May 25, 2018, and fines for non-compliance can reach up to 20 million Euros or 4 percent of an organization’s annual global turnover for the preceding financial year, whichever is higher.
While it’s too early for these fines to have been imposed, it’s not too early to take another look at the GDPR and then strategically determine what you still need to do to ensure that your systems and processes are protecting your organization and your customers’ data.
Our advice? If you come under the GDPR — which is binding and applicable without the need for national governments to pass any enabling legislation — do your homework, shore up any deficiencies, and take whatever measures you need to become compliant or to maintain compliance.
And remember: While there are challenges to the GDPR, there are also opportunities, including the opportunity to create visibility and control over the data in your systems as well as the opportunity to build greater trust with your customers.
To help you out, we’ve put together this catalogue of 45 useful and informative resources that provide guidance on an extensive array of GDPR-related issues and topics. Read more “45 Useful and Informative GDPR Presentations & Resources”
Every day, malicious actors are taking more complex routes into cloud infrastructure and leveraging increasingly covert traits to persist for longer periods of time. As Dark Reading put it in a recent article, “Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.” With the rapid adoption of containers and orchestration tools as part of that infrastructure, organizations are presented with yet another layer to protect from these complex attacks.
Containers bring many advantages to DevOps such as easier write-test-deploy cycles, flexibility to explore new frameworks, and a simpler way to make updates to individual resources or a range of components in your applications. As more teams move towards containerized workloads, DevOps teams expect the security tools they leverage to keep pace without slowing them down.
To ensure alignment with those expectations, Threat Stack is excited to announce a containerized agent that will be available to customers next month. The containerized agent will provide the deployment and velocity benefits of containerization while concurrently monitoring and alerting on container activity across the entire infrastructure, no matter where customers fall on the container adoption spectrum. Read more “Magic for DevOps Teams — Threat Stack Announces Containerized Agent”
As part of its mission, Threat Stack has always brought its readers security-related content to help them make informed decisions that will strengthen their organizations’ security.
With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s critical that organizations develop proactive, comprehensive security strategies that build security in from the very beginning and evolve as their infrastructures scale to keep systems and data secure.
So last week we kicked off a 4-part mini-series on AWS Security Tips and Quotes starting with Part 1: Essential Security Practices.
This week we’re bringing you Part 2 — Securing Your AWS Environment — and in the coming weeks we’ll wrap up with:
- Part 3: Best Practices for Using Security Groups in AWS
- Part 4: AWS Security Best Practices
While reacting to alerts and incidents after they occur will always be a reality of the security professional’s job, a purely reactive security approach is simply not effective given the way that today’s technical infrastructures and the cyber ecosystem itself have become ever more complex. With organizations adopting new technologies — spreading sensitive data across different cloud servers, service providers, containers, and even various SaaS platforms — it’s essential that they begin to take a more proactive approach to security.
This means putting in place repeatable processes and automating as much of your infrastructure as possible, leaving behind time-consuming, inefficient, and costly ad hoc tactics. It also means integrating Security with Development and Operations from the outset, and prioritizing communication between teams to attain positive business outcomes.
Failing to establish a proactive security posture runs you the risk of becoming a statistic, as you’ll see below. Here are five figures that may provide you with just the motivation you need to get started. Read more “5 Statistics That Prove Why Your Security Posture Can’t Be Purely Reactive”
Mean Time To Detect (MTTD) and Mean Time To Know (MTTK) are two of the most important metrics in security operations. Respectively, they measure the following:
- MTTD: How quickly you can identify something and generate an alert. It determines how fast you’re notified when something suspicious happens anywhere in your cloud or on-premises environment. Today, most security tools keep MTTD low, so you probably receive alerts pretty quickly.
- MTTK: How fast you can sort signal from noise when you get an alert. It measures how efficient the security team is at detecting real threats and understanding what those threats are. The shorter MTTK is, the sooner you will catch an attack in progress and be able to put a stop to it, reducing the negative consequences for your organization.
You can probably see why MTTK is a lot harder to make an impact on. It’s like seeing how fast you can find a needle in a haystack. Difficult, to say the least!
To begin, security teams are barraged with alerts on a daily basis, requiring manual work to sift through the noise to find a signal that indicates a real issue. Add on all the other tasks that need to be done aside from alert investigations, and it’s seemingly impossible to get ahead.
This is where automation comes in. Automation not only eliminates the need to manually handle tedious tasks (like alert response). It also helps you to optimize your existing resources, empowering them to actually focus on MTTK and get it under control.
In this post, therefore, we’ll take a closer look at how the Threat Stack Cloud Security Platform® can help you integrate security into your operations from the start so you can optimize alert handling and significantly reduce your MTTK. Read more “How to Use Threat Stack to Reduce Mean Time To Know”
SOC 2 compliance is one of the most common customer use cases we come across at Threat Stack. Developed by the American Institute of CPAs (AICPA), the framework is designed for service providers storing customer data in the cloud, and SaaS companies among others often turn to us as they begin to feel overwhelmed by the requirements.
Having undergone a Type 2 SOC 2 examination ourselves, Threat Stack’s Vice President of Technical Operations Pete Cheslock, and Senior Infrastructure Security Engineer Pat Cable, gathered for a webinar recently to discuss exactly what we did to achieve SOC 2 compliance with zero exceptions. Read the recap below, or listen to the full webinar here. Read more “How to Achieve Type 2 SOC 2 With Zero Exceptions — Webinar Recap”