New Threat Stack Feature: S3 File Integrity Monitoring

Threat Stack customers receive a great deal of value from our Linux File Integrity Monitoring (FIM), and we have now extended that capability to S3.

Many of our AWS customers are storing their critical files on S3, and for various security and compliance reasons, those files need to be monitored to see if any are being accessed, altered, or deleted.

To help ensure the integrity of the files in S3 buckets, Threat Stack now supports alerting on access and changes to files in specific buckets. AWS now has capabilities for putting object level access into CloudTrail events, and we have added rules to our base rule set to support that feature. Read more “New Threat Stack Feature: S3 File Integrity Monitoring”

How to Optimize Your Incident Response Process in the Cloud

Bad guys know the faster they move, the more they’ll be able to accomplish: the more data they’ll be able to steal, the more money they’ll be able to extort, the more damage they can do to your reputation. So it’s a race to see whether the bad guys can move faster than the good guys. You don’t want to be on the wrong side of that equation.

One way to move fast is to optimize your alerting and incident response processes (which are, of course, tightly connected). What does this mean in practice? It means your security tools need to be integrated into the operations team’s workflows so the moment a security issue is detected, an alert is sent to those who can fix it, enabling them to take rapid action based on solid information. Doing this will optimize security workflows and improve operational support.

Here’s an effective way to optimize alerting and incident response. Read more “How to Optimize Your Incident Response Process in the Cloud”

How to Monitor Outbound and Inbound Connections to Maintain Cloud Security

When it comes to staying secure in the cloud, an important practice is to monitor both incoming and outgoing connections from your network. Why? Monitoring and alerting on “interesting” (i.e., anomalous) network connections going in and out of cloud environments can provide early breach detection to cloud security operations teams.

Here’s how to put this type of security monitoring into practice in your organization. Read more “How to Monitor Outbound and Inbound Connections to Maintain Cloud Security”

The Cloud Security Use Cases Playbook

Over the last year, we have published a number of playbooks that, together, deliver strategic and tactical information to guide you from high-level planning down to effective implementation, day-to-day operations, and ongoing improvement of security across your cloud infrastructure.

One of our earlier publications, The Cloud Security Playbook, focused on the need for companies to develop a comprehensive cloud security strategy if they are operating in or migrating to the cloud.

We’re excited to be launching the next Playbook in this series that is shifting from strategy to tactics.

Given Cloud Security’s relatively short history and interdisciplinary nature, it’s important for us to share practical, real-world information that will guide organizations as they start to implement security measures across their modern infrastructure — or if already established — improve their operations and strengthen their security. Read more “The Cloud Security Use Cases Playbook”

Threat Stack Cloud Security Platform® Support for Windows & Hybrid Environments

As part of its ongoing mission to bring customers the most comprehensive and powerful cloud security solutions, Threat Stack has extended the capabilities of its Threat Stack Cloud Security Platform® to enable continuous security monitoring of Microsoft Windows and hybrid environments.

The new Windows agent adds to Threat Stack’s existing support for Linux environments, and enables companies to collect important information about users, processes, network connections, and files, as well as security events from Windows environments. The range and depth of detail provides a deep level of visibility and information that growing companies need in order to remain secure and compliant as they grow.

Read more “Threat Stack Cloud Security Platform® Support for Windows & Hybrid Environments”

A Blueprint for Selecting Security Technologies Inside the Cloud

Cloud security operations teams, especially ones that are looking at security technologies for the first time, are often faced with a daunting list of vendors who offer technologies with wide-ranging capabilities. Understanding the pros and cons of each might seem difficult or impossible at first, especially because the enterprise security sector is inundated with technologies that address security from a defense in depth perspective, offering different technologies at each layer. These include Firewalls, VPNs, IDS, IPS, log collection tools, SIEM tools, routers and switches with security capabilities, endpoint security tools, vulnerability management tools, threat management tools, etc.

Read more “A Blueprint for Selecting Security Technologies Inside the Cloud”

How to Create an Effective Cloud Security Alerting Process

The first component of any security program should be an alert system. Alerts are typically the fastest and most effective way to be notified when something goes wrong so you can jump into action. But alerts also have the stigma of being too noisy, throwing out false positives, or requiring a lot of fine tuning to get right. After all, a minor bug in the code that doesn’t affect end users isn’t the type of thing you should be woken up in the middle of the night for.

Read more “How to Create an Effective Cloud Security Alerting Process”