How to compress Mean Time To Resolution (MTTR) and drive operational efficiency
Slashing MTTR is one way of shifting into a high-velocity security mode so your team can operate faster to drive innovation, scale, and create a strong competitive advantage.
Read more “Shifting to High-Velocity Cloud Security Operations”
Threat Stack customers receive a great deal of value from our Linux File Integrity Monitoring (FIM), and we have now extended that capability to S3.
Many of our AWS customers are storing their critical files on S3, and for various security and compliance reasons, those files need to be monitored to see if any are being accessed, altered, or deleted.
To help ensure the integrity of the files in S3 buckets, Threat Stack now supports alerting on access and changes to files in specific buckets. AWS now has capabilities for putting object level access into CloudTrail events, and we have added rules to our base rule set to support that feature. Read more “New Threat Stack Feature: S3 File Integrity Monitoring”
Bad guys know the faster they move, the more they’ll be able to accomplish: the more data they’ll be able to steal, the more money they’ll be able to extort, the more damage they can do to your reputation. So it’s a race to see whether the bad guys can move faster than the good guys. You don’t want to be on the wrong side of that equation.
One way to move fast is to optimize your alerting and incident response processes (which are, of course, tightly connected). What does this mean in practice? It means your security tools need to be integrated into the operations team’s workflows so the moment a security issue is detected, an alert is sent to those who can fix it, enabling them to take rapid action based on solid information. Doing this will optimize security workflows and improve operational support.
Here’s an effective way to optimize alerting and incident response. Read more “How to Optimize Your Incident Response Process in the Cloud”
When it comes to staying secure in the cloud, an important practice is to monitor both incoming and outgoing connections from your network. Why? Monitoring and alerting on “interesting” (i.e., anomalous) network connections going in and out of cloud environments can provide early breach detection to cloud security operations teams.
Here’s how to put this type of security monitoring into practice in your organization. Read more “How to Monitor Outbound and Inbound Connections to Maintain Cloud Security”
Over the last year, we have published a number of playbooks that, together, deliver strategic and tactical information to guide you from high-level planning down to effective implementation, day-to-day operations, and ongoing improvement of security across your cloud infrastructure.
One of our earlier publications, The Cloud Security Playbook, focused on the need for companies to develop a comprehensive cloud security strategy if they are operating in or migrating to the cloud.
We’re excited to be launching the next Playbook in this series that is shifting from strategy to tactics.
Given Cloud Security’s relatively short history and interdisciplinary nature, it’s important for us to share practical, real-world information that will guide organizations as they start to implement security measures across their modern infrastructure — or if already established — improve their operations and strengthen their security. Read more “The Cloud Security Use Cases Playbook”
Cloud security operations teams, especially ones that are looking at security technologies for the first time, are often faced with a daunting list of vendors who offer technologies with wide-ranging capabilities. Understanding the pros and cons of each might seem difficult or impossible at first, especially because the enterprise security sector is inundated with technologies that address security from a defense in depth perspective, offering different technologies at each layer. These include Firewalls, VPNs, IDS, IPS, log collection tools, SIEM tools, routers and switches with security capabilities, endpoint security tools, vulnerability management tools, threat management tools, etc.
Read more “A Blueprint for Selecting Security Technologies Inside the Cloud”
Since first releasing Threat Stack Cloud Security Platform®, we continue to make enhancements that provide better data, increase automation, streamline workflows, and decrease response times.
Read more “Using AWS Tags With Threat Stack Security Alerts”
The first component of any security program should be an alert system. Alerts are typically the fastest and most effective way to be notified when something goes wrong so you can jump into action. But alerts also have the stigma of being too noisy, throwing out false positives, or requiring a lot of fine tuning to get right. After all, a minor bug in the code that doesn’t affect end users isn’t the type of thing you should be woken up in the middle of the night for.
Read more “How to Create an Effective Cloud Security Alerting Process”
We’re willing to assume that cloud security is important to your company, but proactively building and implementing a strategy to make it happen is often bypassed in favor of a more reactive and tactical approach to cloud security.
Read more “Your Cloud Security Goals: Where to Start?”
Identity management is a difficult problem in the cloud, especially when it comes to sharing user accounts — an all too familiar (and problematic) practice today. Sharing accounts is very common on EC2, in particular, because EC2 instances come with a standard set of user accounts that a team can begin using immediately. Although it’s possible to create more user accounts, doing so is a resource-intensive task that is not a top priority for most operations personnel — and as a result, teams often end up sharing the default accounts.
Read more “Who is That EC2 User?”