Cloud Security Best Practices: Finding, Securing, & Managing Secrets, Part 1 — truffleHog & git-secrets

Secrets — passwords, API keys, secure tokens, private keys, and so on — protect access to sensitive resources in your environment. If not properly managed, they can end up in the wrong hands.

In Part 1 of this post, we will show you how to find secrets using truffleHog and git-secrets. In Part 2, we will explain how to manage them using appropriate software tools in order to quickly and cost-effectively achieve a higher level of security. Read more “Cloud Security Best Practices: Finding, Securing, & Managing Secrets, Part 1 — truffleHog & git-secrets”

Jump Starting Cloud Security Playbook

Learn how to establish a cloud security baseline and rapidly strengthen your security.

Download Now

Python Flask Exception Handling In A Secure Manner

In our last Python Flask blog post, we walked through building a simple application to take in a Threat Stack webhook and archive the alert to AWS S3. In this post, we’ll dive into Python exception handling and how to do it in a secure manner.

The code in the last post was written to be as simple and readable as possible. However, what happens if something goes wrong in our application? There’s no error or exception handling. If something goes wrong — for example, we hit a bug or receive bad data — there’s nothing we can do about it in the application. Instead of returning a parseable JSON response, the app will just spit a backtrace embedded in an HTML document back. The entity sending the request to our service is then left trying to figure out what may have gone wrong. Read more “Python Flask Exception Handling In A Secure Manner”

Jump Starting Cloud Security Playbook

Learn how to establish a cloud security baseline and rapidly strengthen your security.

Download Now

Planning Your Cloud Security Program

As we stated in the introduction to this blog post series, our purpose is to give you insight into the issues you should address when you are at the early stages of establishing a cloud security program.

If your organization is just starting out on its cloud security journey — whether it’s a rapidly growing startup or a more established company — it’s important to develop a strategic security roadmap that’s suited to its early-stage maturity level. You should not reasonably expect to go from no security or rudimentary security to a full-blown, encompassing program in one step. It’s far better to take a graduated approach by defining objectives that will give you reasonable protection now, that won’t drain your budget and resources (and possibly divert critical resources and attention away from your company’s primary business goals) — and that will also serve as a rock solid platform to build on when you want to move up to the next level of maturity on the cloud security ladder.

What you need is an end-to-end roadmap that will get you started in cloud security monitoring, address your first round of security concerns, and noticeably and measurably improve your security stance, all in a reasonable amount of time and for a reasonable expenditure of money and resources.  

And that’s exactly what we’ll do in this post: walk through five steps that will help you develop a strategic action plan that includes defined goals and is targeted at your organization’s specific maturity level, needs, and resources. Read more “Planning Your Cloud Security Program”

Threat Stack Blog Series: Starting Your Cloud Security Journey

More and more companies are migrating to the cloud — and for good reason considering the many benefits such as speed, flexibility, and reduced costs.

One of the key questions that always comes up in this transition centers on cloud security. Not so much in the form of “Is the cloud secure?” but more in terms of “What is your company doing to make sure its infrastructure is secure?”

In the best scenario, companies include a cloud security service in their business plan on day one. In the worst case, they limp along for years without a strategically planned, comprehensive security roadmap that will provide real protection for their IP, data, systems, customers, and reputation.

In both cases, these organizations have one thing in common: Regardless of how long they’ve been in business, they are at an early stage of cloud security maturity. They are just starting out on their cloud security journey.

And that’s where we can help. Read more “Threat Stack Blog Series: Starting Your Cloud Security Journey”

Writing a Web Service Using Python Flask

Many of our customers are building useful services using our webhook feature — but unfortunately, others are not. Often we hear that no one on their team is proficient enough to write a service that can ingest a webhook payload and do something with the data. That leaves them either hoping to get cycles from their development team (unlikely) or continuing to do without.

But what if you could write your own web services? How many routine tasks that involve taking data from system A and inputting it into system B could you automate?

Learning to code well enough can be a major skill in your tool chest and a major asset for optimizing security processes in your organization.

So in this post, I’m going to walk you through a tutorial that will get you started on the road to writing your own web services using Python Flask. Read more “Writing a Web Service Using Python Flask”

Boston Cloud Security & Incident Management Workshop Recap

Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.

Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination! Read more “Boston Cloud Security & Incident Management Workshop Recap”

Post Mortem: Death Star Data Breach by ROGUE ONE

Recently the Galactic Empire’s Death Star plans were leaked due to a security breach on the planet Scarif. A threat actor known as ROGUE ONE carried out the breach with support from the Rebel Alliance fleet. This post mortem has been commissioned by the Imperial Security Bureau and documents what is currently known while active investigation continues.

This breach is not expected to delay construction of the Death Star. The battle station is expected to be operational by its previously announced date, if not before. Read more “Post Mortem: Death Star Data Breach by ROGUE ONE”

The USENIX LISA 2016 Conference: In Their Own Words

The USENIX LISA 2016 Conference wrapped up a week ago after a tremendous five-day program of workshops, training sessions, presentations, talks, and more. Our own Pat Cable, Threat Stack Security Engineer, lent his expertise as “Invited Talks Co-Chair,” and Threat Stack was a proud sponsor of the event.

Full length presentations and videos will soon be available on the LISA site, but we thought it would be fun and informative to follow LISA’s motto of “More Craft, Less Cruft” by bringing you short video interviews with five LISA16 attendees and presenters.

So in their own words, here’s what they had to say about their favorite projects, the importance of security, and anything else that was top of mind. Read more “The USENIX LISA 2016 Conference: In Their Own Words”

AWS re:Invent 2016 Sets Records for New Services and Attendance

AWS re:Invent 2016 has come and gone and what an event it was! This year had a record-breaking attendance of more than 30,000 people, showing the tremendous interest in all the advantages that the cloud has to offer. The expo floor (where Threat Stack was a Gold Sponsor) mirrored this growth with many new vendors to full-scale enterprise offerings with multi-floor architectures. It’s clear from this year’s re:Invent that the cloud industry has moved out of its infancy into full scale adoption across a vast number of  implementations.

So, what were our team’s key takeaways?? It’s become clear that security is no longer a tax, but rather an investment into long-term organizational growth and success. Given the cloud’s explosive growth, security must be considered early on rather than as an afterthought. In addition to a strong interest in security, AWS launched many new services that will help to accelerate cloud adoption and enable companies to move even faster.

Read more “AWS re:Invent 2016 Sets Records for New Services and Attendance”

10 Best Practices for Securing AWS Workloads

Read this eBook to develop a comprehensive security posture in the cloud in 10 steps.

Download Now

5 Things Security Can Learn From Operations’ Transition Into DevOps

Over the past couple of years, a discussion has been brewing in the Security community about the future of its work. On one hand, the need for a cloud security service is more urgent than ever as all areas of business and personal computing are being impacted by cyber threats. On the other hand, the process of delivering software has changed: We have significantly streamlined the development process by reducing organizational silos through various implementations of a DevOps culture.

So here’s the question: Faced with this changing landscape, how can Security transform the way it does business in order to contribute its full value — without negatively impacting development schedules and operational procedures? Security needs to adjust to the rapid and agile world of the cloud, but the transition doesn’t have to be difficult. The Ops community faced a similar transition when it integrated with Dev, and there’s much that Security can learn from their experience.

Read more “5 Things Security Can Learn From Operations’ Transition Into DevOps”