Who is That EC2 User?

Identity management is a difficult problem in the cloud, especially when it comes to sharing user accounts — an all too familiar (and problematic) practice today. Sharing accounts is very common on EC2, in particular, because EC2 instances come with a standard set of user accounts that a team can begin using immediately. Although it’s possible to create more user accounts, doing so is a resource-intensive task that is not a top priority for most operations personnel — and as a result, teams often end up sharing the default accounts.

Read more “Who is That EC2 User?”

How to Get Buy-In for Your Cloud Security Strategy

“All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved.” – Sun Tzu

Ah, team buy-in. It’s often one of the toughest processes to go through! Getting the green light on a new cloud security strategy (including the workflows, tools, and processes that go along with it) can require several layers of definition and validation, and often times, security teams are just too busy to fight the battle and see it through to the end. When it comes to implementing better cloud security practices, however, there is a real risk to delaying — or worse — giving up on your strategy because of a difficult approval process.

Read more “How to Get Buy-In for Your Cloud Security Strategy”

How to Use SOSTAC to Build Your Security Strategy

Some people go to great lengths to find things to disagree about, but I think there’s one thing all of us can agree on: cloud security keeps us on our toes. That’s because the cloud requires a fundamental change in the way we approach security challenges. As the scale and complexity of cloud environments increase, traditional tools and tactics become less and less effective, and security gaps widen. That is, if you don’t have a sound security strategy in place. 

Read more “How to Use SOSTAC to Build Your Security Strategy”

New Webhook API — Unleashing the Power of Real-Time Security Alerts

With today’s announcement, Threat Stack continues its commitment to driving increasingly efficient security workflows. The addition of a new webhook API builds on the integrations that Threat Stack has already created with PagerDuty, Slack, Docker, AWS, and others — giving our customers almost endless possibilities for developing custom, automated workflows based on alerts.

Read more “New Webhook API — Unleashing the Power of Real-Time Security Alerts”

Contextual Data: Answering Who, What, Where, When?

What if one day you came home and a bunch of your valuables had been stolen: computers, jewelry, that big screen TV… When you call the police to report the burglary, the first thing they will ask for to begin the investigation is context:

What time did it happen?

Was there a break-in? If not, who had keys to your house?

Where were your valuables being stored?

The more information they have, the better the chances they they will track down the culprit and get your stuff back. Now, if you have a home surveillance system set up—say, a Dropcam or Canary —they’re going to have even more information to work with: timestamps, video footage, audio, etc.

All in all – the more context you have, the better. The same applies to cloud security. When something goes awry, context is what guides you about what to do, where to start investigate, who’s at fault?

Read more “Contextual Data: Answering Who, What, Where, When?”

Threat Stack Alerts Now Available in Slack

When it comes to leveraging modern infrastructure to run fast in the cloud, there simply isn’t room for inefficient processes and siloed workflows. That’s why many of today’s fast growing businesses leverage alerting for intelligent and valuable insights into security issues. But the very best way to leverage the deep insights alerts give to security and ops teams is by integrating them into existing workflows to increase efficiencies and visibility into the issues that matter most.

Read more “Threat Stack Alerts Now Available in Slack”

Threat Stack February Recap

February is the month of love, and we may be biased, but we’re head over heels for the new and improved Threat Stack! If you’ve been keeping up with us on our blog or over on Twitter recently, you’ve noticed that we started 2016 off with a pretty big bang. From a completely new platform to several key new features, we wanted to share it all with you today.

Read more “Threat Stack February Recap”

Introducing Vulnerability Management at the Workload Layer

You know that feeling you sometimes get after you’ve left the house for the day and suddenly fear you didn’t lock the door? You have two options: Turn back around to check, ensuring your home will be safe and secure while you’re gone, or leave it to chance, hoping you locked the door, but worrying all day that you didn’t…

The same situation presents itself when it comes to vulnerabilities within software-defined environments. The options? Embrace a “trust but verify” mindset by proactively monitoring for vulnerabilities, or do nothing, leaving to chance the security of company data, customer data and, as a result, the very existence of your business. Read more “Introducing Vulnerability Management at the Workload Layer”