Often when we talk about security, we focus on the mechanics of how to keep technical infrastructure safe. It can be easy to forget that operational security is just as important. When done right, strong OpSec practices will keep your business safe from leaked information, competitive disadvantage, and even public embarrassment.
Without good OpSec, your business may be vulnerable to information theft via an attack surface that has little or nothing to do with computers. With that said, here’s what you need to know about OpSec today.
Read more “Five OpSec Best Practices to Live By”
A common mistake that we see organizations make is putting off security until they hire someone who specializes in it. Depending on the size of your company and the nature of your business, this could mean waiting several years to start taking security seriously. In today’s threat environment, that’s not realistic or practical. And, even when you decide you’re ready to bring someone in-house to focus on security — given the current security talent shortage — odds are it could take a while to find the right hire.
This is why we believe that organizations should start thinking about security as a competency, rather than simply a job description. You don’t need to have a CISO or a SOC or even a security analyst on your team before you can start taking steps to improve your security posture. The potential consequences of a breach (financial loss, reputation damage, downtime, or IP loss, to name a few) are too serious to ignore.
With that in mind, here’s how to start viewing security as a skill and how to boost that skill across your organization. Read more “Why You Should Think of Security as a Skill, Not Just a Role”
After the Threat Stack team attended last week’s PagerDuty Summit in San Francisco, it became clear why PagerDuty is the market leader in agile incident management solutions. Not only do they have a great product, they also have an active community of users who are driving the conversation around incident response in the twenty-first century.
Read more “Building Strong Partnerships: Why We’re a Proud Sponsor of the PagerDuty Summit”
“I remember when there were only about 40 of us meeting here, talking about AWS, and ending the day by descending on the hotel bar.” — Told to us by an AWS Summit Veteran
Read more “3 Lessons Learned From AWS NYC Summit”
Before you can assign responsibility for a security breach, you need to go back to the scene of the crime and understand where it originated. No easy task given the dynamic and complex nature of cloud computing environments.
Read more “Who is Responsible for a Security Breach?”
Threats to your data and security don’t always start on the outside, orchestrated by a shadowy group of foreign hackers. Many times, it’s actors within an organization who carry out sophisticated and malicious attacks designed to steal money or IP — or both. While visions of Edward Snowden and Chelsea Manning come to mind when people think of a typical internal threat, it’s actually the low-profile, everyday internal attackers that companies should be most worried about.
Read more “Insider Threats: What You Need to Know and Do”
Not even a decade ago, security was much simpler. Companies were defined by the perimeter of their corporate network and protected by a firewall and antivirus tool that could withstand just about any security attack. Then came the cloud, mobile devices, and the Internet of Things (IoT), and the attack surface overflowed far beyond the network, making security not-so-simple.
Read more “The Point Security Solution Implosion: 4 Things Companies Need to Know”
Cloud-native: It’s an adjective that gets tossed around a lot, but we don’t frequently unpack its meaning or its value for businesses.
Today we want to talk about what cloud-native means in the context of cloud security and whether it’s truly necessary. Cloud-native means that a piece of software was built in the cloud, for the cloud. When it comes to security, a cloud-native platform is a natural fit for protecting cloud-based data. But is it a must-have?
Read more “Does “Cloud-Native” Really Matter When it Comes to Cloud Security?”
Cloud security is a sprint and a marathon. A sprint in that security teams must quickly put the right defenses in place to address zero-day attacks and persistent threats in the short term, and a marathon in that an organization’s security posture needs to be regularly evaluated and improved on over the long term to address new and evolving threats and compliance regulations.
Read more “A Guide to Assess Where You Stand With Cloud Security”
AWS Summit season is upon us, and Threat Stack is proudly sponsoring and exhibiting at the AWS Summit Chicago again this year.
Read more “Join Threat Stack at AWS Summit Chicago 2016”