Five OpSec Best Practices to Live By

Often when we talk about security, we focus on the mechanics of how to keep technical infrastructure safe. It can be easy to forget that operational security is just as important. When done right, strong OpSec practices will keep your business safe from leaked information, competitive disadvantage, and even public embarrassment.

Without good OpSec, your business may be vulnerable to information theft via an attack surface that has little or nothing to do with computers. With that said, here’s what you need to know about OpSec today.

Read more “Five OpSec Best Practices to Live By”

Why You Should Think of Security as a Skill, Not Just a Role

A common mistake that we see organizations make is putting off security until they hire someone who specializes in it. Depending on the size of your company and the nature of your business, this could mean waiting several years to start taking security seriously. In today’s threat environment, that’s not realistic or practical. And, even when you decide you’re ready to bring someone in-house to focus on security — given the current security talent shortage — odds are it could take a while to find the right hire.

This is why we believe that organizations should start thinking about security as a competency, rather than simply a job description. You don’t need to have a CISO or a SOC or even a security analyst on your team before you can start taking steps to improve your security posture. The potential consequences of a breach (financial loss, reputation damage, downtime, or IP loss, to name a few) are too serious to ignore.

With that in mind, here’s how to start viewing security as a skill and how to boost that skill across your organization. Read more “Why You Should Think of Security as a Skill, Not Just a Role”

Building Strong Partnerships: Why We’re a Proud Sponsor of the PagerDuty Summit

After the Threat Stack team attended last week’s PagerDuty Summit in San Francisco, it became clear why PagerDuty is the market leader in agile incident management solutions. Not only do they have a great product, they also have an active community of users who are driving the conversation around incident response in the twenty-first century.

Read more “Building Strong Partnerships: Why We’re a Proud Sponsor of the PagerDuty Summit”

Insider Threats: What You Need to Know and Do

Threats to your data and security don’t always start on the outside, orchestrated by a shadowy group of foreign hackers. Many times, it’s actors within an organization who carry out sophisticated and malicious attacks designed to steal money or IP — or both. While visions of Edward Snowden and Chelsea Manning come to mind when people think of a typical internal threat, it’s actually the low-profile, everyday internal attackers that companies should be most worried about.

Read more “Insider Threats: What You Need to Know and Do”

The Point Security Solution Implosion: 4 Things Companies Need to Know

Not even a decade ago, security was much simpler. Companies were defined by the perimeter of their corporate network and protected by a firewall and antivirus tool that could withstand just about any security attack. Then came the cloud, mobile devices, and the Internet of Things (IoT), and the attack surface overflowed far beyond the network, making security not-so-simple.

Read more “The Point Security Solution Implosion: 4 Things Companies Need to Know”

Does “Cloud-Native” Really Matter When it Comes to Cloud Security?

Cloud-native: It’s an adjective that gets tossed around a lot, but we don’t frequently unpack its meaning or its value for businesses.

Today we want to talk about what cloud-native means in the context of cloud security and whether it’s truly necessary. Cloud-native means that a piece of software was built in the cloud, for the cloud. When it comes to security, a cloud-native platform is a natural fit for protecting cloud-based data. But is it a must-have?

Read more “Does “Cloud-Native” Really Matter When it Comes to Cloud Security?”

A Guide to Assess Where You Stand With Cloud Security

Cloud security is a sprint and a marathon. A sprint in that security teams must quickly put the right defenses in place to address zero-day attacks and persistent threats in the short term, and a marathon in that an organization’s security posture needs to be regularly evaluated and improved on over the long term to address new and evolving threats and compliance regulations.

Read more “A Guide to Assess Where You Stand With Cloud Security”