How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action

Want to take a peek at the World’s Worst Data Breaches? Here you go:

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/


Now that we’ve got that out of the way, let’s start this blog post over again. Our goal isn’t to frighten you or deepen the numbness you might already be feeling from the drip, drip, drip of bad cyber news.

It’s National Cybersecurity Awareness Month (NCSAM), which was launched in October 2004 as a collaboration between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security with the goal of raising awareness and providing education on cybersecurity issues.

The name is something of a misnomer, however. NCSAM is really designed to do more than make you aware of cyber risks. It’s bigger goal is to arm you with information and tools you can use to strengthen yourself, your social groups, and your businesses against the cyber criminals who prey on us.

In the spirit of NCSAM, we at Threat Stack want to do our part by sharing some of the advice our bloggers have offered on how to take action to protect yourself and your company from cyberattacks. With that in mind, here are summaries of four recent blogs. Read more “How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action”

11 Questions to Ask Before Investing in a Cloud Security Solution

Whether you’re in security, operations, or another related discipline, choosing the right cloud security products can be a complex process. With thousands of options, each with their own nuances, how do you know which tool, or mix of tools, is going to be right for your organization? The following questions are designed to help you identify the solutions that will fit your specific needs and requirements. Use them as you make your decision, and the entire process will be much more seamless. Read more “11 Questions to Ask Before Investing in a Cloud Security Solution”

7 Ways Business Processes Have Changed the Need for Security

Considering how fast every facet of business is changing today, the job for Security teams has become much more complex — and critical. Not only are there more data and endpoints to protect, but there are also new threats and adversaries to detect.

Since speed and continuous release cycles can be a major competitive advantage for businesses, Security professionals need to identify ways of keeping up. In this post, we’ll cover seven important ways business processes are changing and how security can adapt to support the speed of business. Read more “7 Ways Business Processes Have Changed the Need for Security”

What is Continuous Cloud Compliance & How Can I Achieve It?

Continuous Compliance

Cloud compliance, like cloud security, is never a one-and-done activity. To be compliant, you need to demonstrate it continuously. Systems must be locked down properly, users must follow specific access policies, alerts must be working properly, and so on. If a server is spun up and unprotected, if a user gets too much privileged access, or if alerts are ignored, you can quickly become noncompliant.

So how do you maintain cloud compliance day-in and day-out amongst all your other priorities? In this post, we’ll outline several ways that you can ensure compliance organization-wide, even after the big audit is complete. Read more “What is Continuous Cloud Compliance & How Can I Achieve It?”

5 Cloud Security Tips for Emerging Tech Companies

True or false: Companies born in the cloud naturally understand security.

Young and tech-savvy companies running in the cloud often deal with the same cloud security issues as larger organizations that are moving to the cloud from legacy or on-prem solutions. In fact, the unique requirements of tech companies — like continuous development cycles and cutting-edge, rapidly evolving processes — can sometimes add even more complexity to security. If you fall into this camp, you may find this blog useful. In it, we’ve rounded up some of our best advice so you can learn how to strengthen your cloud security posture and start building out a cloud security strategy starting now, without a big drain on your budget and resources. Read more “5 Cloud Security Tips for Emerging Tech Companies”

Prevention Isn’t Enough. Why All Companies Need Detection Too

How would you know if your prevention methods failed to catch a critical threat? One of two ways: Either a customer, an auditor, or another third party would find out about it (an embarrassing situation for you) or  you could get lucky and find it yourself — which is rare without detection.

Prevention techniques and technologies (e.g., security controls, firewalls, encryption, antivirus), are designed to block an attacker from getting in, and can be critical to your security strategy. However, they can’t be the only defense you have in place. If history is any indicator (and we believe it is), attackers will find a way in. So, as a defender, you also need the ability to detect threats once they are inside your modern cloud infrastructure. That’s why companies are shifting their focus to detection techniques and technologies (e.g., monitoring, alerting).

In this post, we’ll explain what detection does that prevention cannot, what to watch out for if you’re relying on prevention alone, and how you can use them in parallel. Read more “Prevention Isn’t Enough. Why All Companies Need Detection Too”

9 Common Questions About SOC 2 Compliance

SOC 2 compliance is a crucial framework for technology and cloud computing companies today. As with many other compliance mandates, it is not a simple connect-the-dots proposition, but rather a complex set of requirements that must be reviewed and carefully addressed. But it doesn’t have to be overwhelming. Below, we’ll break down nine of the most common basic questions that we hear about SOC 2. Think of it as a 101 on SOC 2.

Read more “9 Common Questions About SOC 2 Compliance”

Not Ready for Cloud Security? Here Are 5 Things You Can Do in the Meantime

If you are currently running an on-premise or hybrid environment with an eye to eventually making a complete transition to the cloud, you may be feeling a bit overwhelmed by everything that needs to change in order for your security posture to be appropriate for this new environment. In this post, we’re going to explain how you can start where you are, take small but meaningful steps, and still make important progress toward where you want to be — operating securely in the cloud.

Without trying to boil the ocean, here are five key steps you can take to gently kickstart your transition toward a fully secure, all-cloud environment, no matter where you are today. Read more “Not Ready for Cloud Security? Here Are 5 Things You Can Do in the Meantime”