How to Cut Through Vendor Claims & Marketing Hype When Evaluating New Security Tools

Machine Learning
3 Min Read

As we’ve pointed out in a couple of recent blog posts, Machine Learning (ML) has been billed as a savior for short-staffed security teams — a silver bullet that can single handedly identify and mitigate every security threat automatically. As we usually do with silver bullet solutions, we’ve cautioned readers to distinguish between the hype and reality. While ML has many strengths and is here to stay, it’s only a part of the solution in the world of cybersecurity — not the solution itself. Human input is still essential to draw meaningful conclusions and define appropriate action.

In today’s post, we’re continuing to advise readers that it’s essential to go below the surface, to distinguish between the hype and reality, when evaluating a cybersecurity solution. Remember: A beautiful package may open up to reveal a beautiful can of worms. Keep your eyes open, investigate below the surface, and avoid nasty surprises. Read more “How to Cut Through Vendor Claims & Marketing Hype When Evaluating New Security Tools”

How to Identify Threats Within Your Docker Containers

Containers, Orchestration & Security
5 Min Read

Now is a good time to review Threat Stack’s Docker integration in the wake of the recent runc CVE. The headline reporting gets a little hyperbolic, but I still think we should use this as an opportunity to reflect. Containers represent a powerful abstraction for a unit of software. The container abstraction provides some isolation, facilitation, and control, but also some opaqueness. Threat Stack’s solution adds security visibility to your deployment, and our Docker integration provides visibility into your Docker containers.

Threat Stack announced the release of its Docker integration during Amazon’s 2015 re:Invent Conference and has continued to maintain and expand its capabilities in subsequent releases. This feature augments detected host events with Docker information when the Threat Stack agent identifies the event as originating from a container. Augmented information consists of the Docker container ID and the image name. We collect that data with a host-based agent that does not stick some additional agent into each container. Per-container agents would cause performance issues for typically small footprint containers. Our daemon runs in user space and does not hook into the kernel, allowing us to stay lean and lightweight. Let me to explain a bit about how this all works. Read more “How to Identify Threats Within Your Docker Containers”

The Difference Between Security Trick Plays and Security Fundamentals

Machine Learning, Security Research & Strategy
3 Min Read

I like watching great football plays on YouTube, but I especially like watching trick plays where players sell some sort of deception so their opponents take their eyes off the ball. Trick plays make great video clips and can win a football game if deployed at the right moment, but there’s a reason “blocking and tackling” are the fundamental skills, tasks, and roles necessary to function. Trick plays might be able to help a team win a football game, but if you show up without “blocking and tackling,” you’re definitely going to have a bad day. I bring this up because sometimes we confuse the trick plays with the fundamentals, and we do so at our own peril. That does not mean trick plays are bad or not helpful; it just means we can’t forget about the “blocking and tackling.”

These days we hear a lot of hullabaloo about machine learning (ML), and with good reason. However, it’s quickly becoming the “trick play” of security, the flashy new toy that leads people to overlook the “blocking and tackling” fundamentals. Read more “The Difference Between Security Trick Plays and Security Fundamentals”

Three Old-School Network Security Tips That (Still!) Work for Modern Infrastructure

AWS Security, Containers, Orchestration & Security, Security Research & Strategy
2 Min Read

The adage “Everything old is new again,” rings true in the cybersecurity industry as much as anywhere else. Some of the best practices from old-school network security still apply to modern virtual server or containerized environments.

Even though hackers are becoming increasingly sophisticated with their attacks, applying some of these oldies but goodies to your arsenal could help reduce the risk of a security incident or breach.

Here are a few security best practices that stand the test of time. Read more “Three Old-School Network Security Tips That (Still!) Work for Modern Infrastructure”

SLDC, SOC 2, and Other Four Letter Words

Dev & DevOps Knowledge
6 Min Read

Developers gonna develop. That’s why we’re developers. We want to set some implementation goal and then make that a reality. We like to stay heads down and focus on the immediate task at hand. Unfortunately, this can sometimes cause collateral damage. Secondary objectives can get ignored or even trampled in the race to meet the primary target. It’s also likely that other promising developments will get missed as they fall off the main path. Dealing with these issues is one of the many functions of compliance regulations.
 Read more “SLDC, SOC 2, and Other Four Letter Words”

Eyes on the Ground: Why You Need Security Agents

AWS Security, Security Research & Strategy
6 Min Read

A post based on the talk I just gave at SOURCE Boston 2017

If you answer Yes to one or more of the following questions, you probably have agent fatigue! Do not worry, I’m here to help and we can work through this.

  • Do you often find yourself booting into safe mode?
  • Do you regularly look for programs in the taskbar to kill?
  • Do you look for reasons why your computer seems so sluggish after IT did something to it?
  • Do you wonder why you even pay for that thing on your computer?
  • Do you have employees who complain about installed software?
  • Do you look for ways to meet compliance requirements in software?
  • Do you care about security?

Read more “Eyes on the Ground: Why You Need Security Agents”

C++ in the Linux kernel

Dev & DevOps Knowledge
6 Min Read

I’ve seen some crazy things. I’ve also done some crazy things. I’m going to tell you about one of them.

conversation-1.pngA developer walks into a bar. He then gets completely and totally plastered before talking to his boss. That conversation then results in him accepting the task of writing a Linux kernel module in C++. I was that developer, minus the walking into a bar and getting plastered part. While I did put up a token effort to advocate doing the development in C, I got overruled. I then threw myself to the task with gusto.

Read more “C++ in the Linux kernel”

How to Educate Yourself About Cloud Security

Security Research & Strategy
2 Min Read

Given the constant changes affecting today’s security industry — whether it’s the explosion of big data, the global shift to cloud-based business models, or the hundreds of technical innovations that occur each day — keeping your security knowledge up-to-date has never been more important. Whether you’re a security professional, a security provider, or a security consumer, there’s a massive need for immediately available, ongoing education.

Read more “How to Educate Yourself About Cloud Security”

Boston SOURCE Conference 2016: I Got the T-Shirt and a Whole Lot More

Uncategorized
4 Min Read

The SOURCE Conference held in Boston last week was a terrific opportunity to meet a lot of fascinating industry folks while sharing great ideas about the intersection of business, technology, and security. I attended some outstanding presentations, which I’ve highlighted below, and also gave my own talk, “How Security Changes In the Cloud and Why You Care,” which I’ll summarize in a later post.
Read more “Boston SOURCE Conference 2016: I Got the T-Shirt and a Whole Lot More”