Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions

Security Research & Strategy
6 Min Read

Cloud security is one of the most rapidly changing technology landscapes out there. And naturally, the market for security tools is also constantly evolving as stakeholders continue to develop an understanding of how important a mature security posture is to the entire organization — from innovation to sales to ongoing brand and customer success.

Throughout the industry, different security solutions solve different problems for different types of businesses: There is no “one-size-fits-all-cloud-security-silver-bullet.” Being able to cut through the hype, promises, and buzz to figure out which solutions are actually suited to your specific use cases can be a challenge.

So in this post, we’re offering guidance on what some of the broader categories of cloud security solutions do and do not offer, and how they deliver security information and alerts to their end users. In turn, we’ll take a look at using Network IDS tools, using point solutions to build your own security stack, jumping into the emerging world of machine learning (ML), and deploying a comprehensive cloud security platform that not only provides a wide range of security functionality but also integrates security into your existing DevOps workflows and provides a foundation for constantly improving your security maturity. Read more “Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions”

50 Great DevOps Tools You May Not Be Using

Dev & DevOps Knowledge
23 Min Read

DevOps is about seamless collaboration between Development and Operations, and you need to have the right tools in your environment to help make this possible. As everyone knows, DevOps covers a lot of functional areas, so knowing what tools to adopt can be a challenge.

Today’s market offers a huge array of both open source and proprietary tools, and together they can answer nearly every need throughout the DevOps lifecycle from Planning to Deployment to Monitoring and ongoing Improvement. When these are coupled with a comprehensive security solution like Threat Stack’s Cloud Security Platform®, they can also help to enable security and compliance: It’s a matter of understanding what each tool offers, matching the right ones to your requirements, and investing the time needed to train your team to use them to their highest potential.

To help you make your way through the almost endless list of tools out there, we’ve used this post to compile a list of 50 great DevOps tools that you might want to consider when you’re looking for a solution that will help streamline, automate, or improve specific aspects of your workflow. Read more “50 Great DevOps Tools You May Not Be Using”

3 Questions to Ask When You’re Ready to Operationalize Your Security

AWS Security, Budgeting and Buying Tips, Security Research & Strategy
3 Min Read

New global data from Checkmarx reveals that 92 percent of organizations struggle to implement security into DevOps — even though they say they want to. The heart of this issue is the common misconception that security slows things down, which leads to the common practice of skipping security measures in an effort to get things done.

While this approach may seem to create a payoff in terms of productivity, any gains are short term at best and are always offset by the fact that the company is at greater risk for a breach.

But the truth is, speed and security are not mutually exclusive, and you can effectively integrate security into operations throughout your organization if you follow SecOps best practices.

With that in mind, we’ll use this post to walk through the three major questions your organization must ask as it moves toward operationalized security.

Before diving into the post, however, take a look at details on our upcoming webinar — “How to Spend Your Security Budget in a DevOps World.” Read more “3 Questions to Ask When You’re Ready to Operationalize Your Security”

How to Cope With the Security Talent Shortage in SecOps

AWS Security, Budgeting and Buying Tips, Security Research & Strategy
3 Min Read

Security budgets are rising, but are they helping with challenges caused by the security talent shortage? This post offers insights from our recent security budgeting survey and shares ideas on how to deal with the security talent shortage in SecOps.

Before diving into the post, however, take a look at the following details on our upcoming webinar — How to Spend Your Security Budget in a DevOps World.
Read more “How to Cope With the Security Talent Shortage in SecOps”

5 SecOps Processes to Try Today

AWS Security, Security Research & Strategy
3 Min Read

DevOps has enabled businesses to bring products to market faster than ever before. But what about security?

In our recent survey, Refocusing Security Operations in the Cloud Era, 36% of businesses said their top IT goal over the next year is to respond to business needs faster. Conversely, only 10.5% prioritized improving security as their top goal.

There is a misconception that businesses can’t move both quickly and securely. But with SecOps best practices, businesses can move away from the ad hoc, reactive tactics that slow things down, and replace them with repeatable processes that effectively support teams and products. Let’s explore. Read more “5 SecOps Processes to Try Today”

50 Best Cloud Security Podcasts

AWS Security, Security Research & Strategy
21 Min Read

Some of the earliest podcasters were influencers in the technology and online space. For well over a decade, programs that specifically discuss security news and topics have been keeping people up to date on data and systems safety. For many, it’s the ideal medium to learn about the latest happenings in the industry via a convenient and enjoyable format.

With that in mind, we have put together a listing of 50 of the best cloud security podcasts we know about. The hosts and programs on the list are experts from many different technical backgrounds. Their content can benefit professionals in security, programming, or almost any technical role. So whether you’re in a security role or just find yourself interested in some of the big data news that seems to be looming ever larger, you’ll find them useful and, oftentimes, entertaining.

Note: Our list of podcasts is not ranked in terms of perceived value or quality of content. What we have provided is a brief description of each of the podcasts as well as three pertinent episodes for each that you may want to download.

Before we dive into our podcast list, we want to call out two podcasts:

Read more “50 Best Cloud Security Podcasts”

What’s In Our SecOps Stack: 6 Top Integrations

Security Research & Strategy
3 Min Read

When it comes to creating a solid SecOps program, an organization must consider people, processes, and technology. It’s not one area that makes a secure program, but a combination of all three working together.

As good as our people are, however, they would not get far without systematic processes backed by powerful tools and integrations. Here at Threat Stack, we use the following tools to ensure that our organization is safe, secure, and operating effectively. Read more “What’s In Our SecOps Stack: 6 Top Integrations”

5 Tips for Managing Security for APIs

Security Research & Strategy
4 Min Read

Creating APIs for your SaaS products provides invaluable benefits to your customers, allowing developers to plug into your resources and bring their products to market more quickly and efficiently than ever before. An API also allows you to integrate easily with other SaaS organizations, expanding your range of functionality to offer customers new features, increase your inherent value as a provider, and gain a competitive edge in the marketplace.

As with most beneficial technology, however, APIs are not without their risks. Exposing your APIs can leave you vulnerable to theft of API keys, a fairly easy way for cybercriminals to carry out denial of service attacks if you haven’t implemented the right security measures. These attacks overwhelm your server with data requests, crippling the availability of your product, and even costing you money, should the attackers demand a ransom.

At Threat Stack, we recently released Version 2 of our REST API, which serves as a way for customers to connect to our organization and extract critical information around security concerns in their environments. With Version 2, we have incorporated updates to meet industry best practices and to better protect ourselves and our customers’ data. Drawing on this experience, we have outlined below the ways in which you as a SaaS company can better manage security for your own APIs. Read more “5 Tips for Managing Security for APIs”