Another year at AWS re:Invent has come and gone. As usual it was a jam packed show full of exciting announcements, great keynotes, sessions, and interesting conversations. In case you couldn’t make it to Vegas this year or could use a summary of what you missed while you were running between sessions, here are some of the highlights from our week in the desert. Read more “AWS re:Invent 2018 Recap: Security, DevOps, ML, & Hybrid Cloud Take Center Stage”
The adage “Everything old is new again,” rings true in the cybersecurity industry as much as anywhere else. Some of the best practices from old-school network security still apply to modern virtual server or containerized environments.
Even though hackers are becoming increasingly sophisticated with their attacks, applying some of these oldies but goodies to your arsenal could help reduce the risk of a security incident or breach.
Here are a few security best practices that stand the test of time. Read more “Three Old-School Network Security Tips That (Still!) Work for Modern Infrastructure”
That’s right. The tl;dr is that Threat Stack is launching a podcast series called Your System Called — and I’ll be hosting it. You can access the podcast on iTunes, subscribe via RSS, or preview the first two episodes below. Read more “Introducing Threat Stack’s New Podcast: “Your System Called””
In just a few weeks, 40,000 cloud developers, engineers, architects, and security practitioners will descend on Las Vegas. AWS re:Invent officially kicks off on Monday, November 26, and anybody who has attended previous shows will tell you it takes a lot of planning to get everything you can out of the event. That’s why we wanted to lend a hand with a quick primer, a note on some of the sessions we’re most excited about, and a summary of what Threat Stack will be up to at the show.
Let’s get started Read more “A Guide to AWS re:Invent 2018”
Security budgets are growing and are being directed toward cloud infrastructure security, but organizations aren’t confident in their SecOps practices. This post shares three insights from our recent security budgeting survey, The State of Security Budgeting in 2018. Read more “3 Security Budgeting Insights for SecOps”
Just this morning I received my weekly AWS announcements email, and as I usually do, took a peek to see if there was anything useful or interesting. There were yet more features on their intimidating laundry list of 109 offerings, some outdated and maintained for legacy reasons like Simple Workflow, and some hot off the press like MariaDB RDS support. It’s easy to get lost in the sea of AWS services and be tricked into thinking there’s a feature that will solve your problem. But one feature, in particular, that should be a staple for organizations in their efforts to organize and manage their infrastructure, is tags, which we will discuss in this post.
Read more “AWS EC2 Tagging — An Overview”
Our Motto is: Threat Modeling: The sooner the better, but never too late. — OWASP
The practice of creating a threat model can help teams proactively understand and develop a strategy for managing the possible vulnerabilities their organization faces, instead of waiting until after an incident occurs. OWASP defines threat modeling as “a procedure for optimizing security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system.”
SecOps teams can benefit from creating a threat model for cloud infrastructure, and defining an approach to operationalizing, hardening, and automating security throughout the software development lifecycle. While it’s best to build security into the design of your systems at the outset, remember the motto: “Threat Modeling: The sooner the better, but never too late.”
Let’s walk through how to get started. Read more “How to Create a Threat Model for Cloud Infrastructure Security”
New global data from Checkmarx reveals that 92 percent of organizations struggle to implement security into DevOps — even though they say they want to. The heart of this issue is the common misconception that security slows things down, which leads to the common practice of skipping security measures in an effort to get things done.
While this approach may seem to create a payoff in terms of productivity, any gains are short term at best and are always offset by the fact that the company is at greater risk for a breach.
But the truth is, speed and security are not mutually exclusive, and you can effectively integrate security into operations throughout your organization if you follow SecOps best practices.
With that in mind, we’ll use this post to walk through the three major questions your organization must ask as it moves toward operationalized security.
Before diving into the post, however, take a look at details on our upcoming webinar — “How to Spend Your Security Budget in a DevOps World.” Read more “3 Questions to Ask When You’re Ready to Operationalize Your Security”
When it comes to managing SecOps, you must consider all the risks at hand, as well as how you can address them. Many of today’s SecOps teams are using containers for development, but this also opens organizations up to a variety of new risk factors.
To mitigate these risk factors, organizations need to ramp up their security budgets. After all, it’s expensive to hire the best SecOps professionals and purchase best-in-class tools to manage cybersecurity.
We recently published The State of Security Budgeting in 2018, which details the results from a survey of 300 technical, operations, compliance, and security professionals in North America, across a variety of industries. Of the organizations that responded, 37% had cloud infrastructure workloads that were container-based. The survey results point to many important budgetary considerations, particularly when it comes to containers. Here’s what you need to know. Read more “Security Budgeting Considerations for Containers”
Security budgets are rising, but are they helping with challenges caused by the security talent shortage? This post offers insights from our recent security budgeting survey and shares ideas on how to deal with the security talent shortage in SecOps.
Before diving into the post, however, take a look at the following details on our upcoming webinar — How to Spend Your Security Budget in a DevOps World.
Read more “How to Cope With the Security Talent Shortage in SecOps”