8 Best Practices for Strengthening Security in Cloud-Native Environments

Cloud-native companies and larger companies migrating to cloud environments continue to see the cloud as a way to gain speed, reliability, and other well-known benefits. But there are still plenty of pitfalls that can undermine security and negatively impact operations. To help remedy this situation, this post outlines some of the mistakes that operators make most frequently, along with best practices and recommendations they can follow to proactively reduce risk, achieve their security goals, and continue along the path to stronger cloud security maturity.  Read more “8 Best Practices for Strengthening Security in Cloud-Native Environments”

AWS re:Inforce 2019 Recap: A Look Back at the First AWS Security Show

The last day of the first AWS re:Inforce conference has wrapped up and it’s time to take the lessons we learned back to the office and put them into practice. In this post, we’ve compiled a few of the key takeaways from our team on the ground at re:Inforce broken into Day 1 and Day 2. We did a deep dive into Day 1 already, so check out the full post if you want to dig into the details. Read more “AWS re:Inforce 2019 Recap: A Look Back at the First AWS Security Show”

AWS re:Inforce 2019 — Day 1 Recap

Note: For a recap of Day 2,  please take a look at AWS re:Inforce Recap: A Look Back at the First AWS Security Show.

Day 1 of AWS re:Inforce 2019 — the first-ever AWS conference dedicated entirely to security — has wound down, and Day 2 is already underway, but we wanted to provide a quick recap for those of you who couldn’t make it to the show or were too busy to get the big picture. Here are a few of the high-level takeaways from the Threat Stack Team on the ground at re:Inforce 2019. Read more “AWS re:Inforce 2019 — Day 1 Recap”

Your Guide to AWS re:Inforce 2019

AWS re:Inforce 2019 | June 25–26, 2019 | Boston, MA

Attending cloud security conferences is critical for cloud security professionals, and AWS is stepping up to the plate with AWS re:Inforce — its first-ever conference focused exclusively on cloud security.

This event will benefit security professionals who need the latest technical know-how and is a must for anyone who works with security in the cloud, especially those who work with AWS. It’s going to be a worthwhile event for security professionals, developers, systems architects, engineers, decision-makers, and more.

(For more helpful resources to help you stay at the top of your profession, visit our guide to the best cloud security training resources and our favorite cloud security podcasts.) Read more “Your Guide to AWS re:Inforce 2019”

7 Cloud Service Evaluation Criteria to Help You Choose the Right Cloud Service Provider

The lack of a common framework for assessing Cloud Service Providers (CSPs) combined with the fact that no two CSPs are the same can complicate the process of selecting one that’s right for your organization. Selecting CSPs becomes even more complex when you consider the fact that more and more companies are adopting a multi-cloud approach for a variety of reasons, including cost savings, reduced risk of vendor lock-in, and data portability. (Gartner estimates that 75% of organizations will be using a multi-cloud strategy by 2022.) Add in the adoption of abstraction technologies such as containers, and workloads become for more portable between CSPs. To help you work through this, we’re using this post to discuss seven basic criteria you can use to identify providers that best match your business, technical, and operational needs.

How do you choose a public cloud provider — or if you’re planning to go multi-cloud — cloud providers? Let’s start with the major players. Read more “7 Cloud Service Evaluation Criteria to Help You Choose the Right Cloud Service Provider”

How to Track Agent-Based User Activity

More often than not we’ll need to go beyond a Severity 1 alert to figure out what a user (including a potentially malicious attacker) was doing on a system. Host events in particular only show a small part of the picture, and a single alert can’t always give you the context necessary to make an escalation decision. This blog post explains how to pivot from a Host event to a user’s session and how to move from a single user-related alert to the user’s session using the data provided by your intrusion detection system. Read more “How to Track Agent-Based User Activity”

Transforming Alert Fatigue Into Proactive Security Management

In a recent study, 72% of CISOs stated that their teams are facing alert fatigue, while 82% of respondents to a Threat Stack survey indicated that alert fatigue is having a negative impact on their organization’s well-being and productivity.

Traditional approaches to managing security alerts have often driven teams into a reactive mode where they’re overwhelmed by huge volumes of noisy alerts or spend far too much time gathering information and digging around in log files. If this proliferation of data is transformed into relevant and actionable intelligence, however, teams can overcome alert fatigue, identify and respond to critical issues in real time, and reduce risk continuously over time.

In this post, we’ll take a look at some best practices on how you can move away from reactive, ad hoc tactics and adopt a structured, proactive approach by making alerts a key element of your overall information security strategy. Read more “Transforming Alert Fatigue Into Proactive Security Management”

Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts

Increasingly, AWS users are leveraging multiple accounts to manage their infrastructure. While doing so is a recommended best practice that enables users to achieve the highest levels of resource and security isolation and to optimize operational costs, it can also increase the amount of time and effort required for effective administration and remediation.

As a remedy to this problem (and “account sprawl” in general), and as a means of providing more granular alerting and actionable data, Threat Stack has built two key functionalities into its Cloud Security Platform®:

  • The ability to view multiple AWS accounts from one central location: Our unified view reduces admin time and provides significant convenience because end users no longer need to gather information and alerts from multiple accounts. This means you can focus on business issues and not administration!
  • Rulesets that are focused on giving more granular alerting and context to your interactions with the AWS control plane: Our extensive out-of-the-box rulesets give customers increased control plane visibility and more granular tracking of AWS API actions within their accounts, and you still have the flexibility of creating new rules and modifying existing rules (as we have previously documented.)

Read on for more details. Read more “Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts”