Security can be a huge sales and business enabler, as I’ve mentioned before. If your company and its prospective customers are in a regulated industry — and even if they’re not — you can bet they’re going to ask about your security posture during the sales process. For a number of reasons (including the many high-profile security breaches over the last few years), sales prospects are more aware of risks to their data than ever before. Naturally, they are upping the security requirements for doing business with vendors and partners alike.
This means it’s more important than ever that your sales team understands how to talk to prospects about security. In this post, we’ll outline a number of ways that businesses can do this and do it well. Read more “How to Talk to Your Prospects About Cloud Security”
Secrets — passwords, API keys, secure tokens, private keys, and so on — protect access to sensitive resources in your environment. If not properly managed, they can end up in the wrong hands.
In Part 1 of this post, we will show you how to find secrets using truffleHog and git-secrets. In Part 2, we will explain how to manage them using appropriate software tools in order to quickly and cost-effectively achieve a higher level of security. Read more “Cloud Security Best Practices: Finding, Securing, & Managing Secrets, Part 1 — truffleHog & git-secrets”
Jump Starting Cloud Security Playbook
Learn how to establish a cloud security baseline and rapidly strengthen your security.
With the launch of the new Threat Stack free cloud security Audit trial, we wanted to provide some tips on how to easily assess how well your AWS environment is configured. So, let’s get started…
What is a Cloud Security Baseline?
The phrase is bandied about a lot, so let’s get to it: What is a security baseline?
One of the problems that many organizations run into, especially when they are starting out in cloud security, is not knowing where to start and not having specific data to help them define and improve the status of their cloud security.
That’s where a baseline proves critical. CERN Computer Security defines a security baseline as “a set of basic security objectives which must be met by any given service or system.”
If you put this in the context of cloud security, a baseline will show you how closely a snapshot of your current cloud environment conforms to industry best practices and benchmarks.
This sounds a bit academic, so let’s get down to specifics by taking a look at the new product and free trial we are offering to help you establish and maintain a baseline — Threat Stack Audit. Read more “How Securely Configured is Your AWS Environment?”
As we stated in the introduction to this blog post series, our purpose is to give you insight into the issues you should address when you are at the early stages of establishing a cloud security program.
If your organization is just starting out on its cloud security journey — whether it’s a rapidly growing startup or a more established company — it’s important to develop a strategic security roadmap that’s suited to its early-stage maturity level. You should not reasonably expect to go from no security or rudimentary security to a full-blown, encompassing program in one step. It’s far better to take a graduated approach by defining objectives that will give you reasonable protection now, that won’t drain your budget and resources (and possibly divert critical resources and attention away from your company’s primary business goals) — and that will also serve as a rock solid platform to build on when you want to move up to the next level of maturity on the cloud security ladder.
What you need is an end-to-end roadmap that will get you started in cloud security monitoring, address your first round of security concerns, and noticeably and measurably improve your security stance, all in a reasonable amount of time and for a reasonable expenditure of money and resources.
And that’s exactly what we’ll do in this post: walk through five steps that will help you develop a strategic action plan that includes defined goals and is targeted at your organization’s specific maturity level, needs, and resources. Read more “Planning Your Cloud Security Program”
It’s easy to get distracted by splashy headlines about breaches at corporations with household names. And of course state-sponsored, targeted cyberattacks are sexier than your average phishing scam. But just because a particular threat is newsworthy doesn’t mean it’s the right thing to spend your organization’s valuable resources protecting against.
The reasons for this may not be completely obvious, so let’s take a moment to understand why looking outward at newsworthy security attacks can actually hurt your company’s security posture. Then we’ll explain why an inward-facing approach is more effective. Read more “Ignore the Splashy Headlines: Why Security Should Look Inward, Not Out”
More and more companies are migrating to the cloud — and for good reason considering the many benefits such as speed, flexibility, and reduced costs.
One of the key questions that always comes up in this transition centers on cloud security. Not so much in the form of “Is the cloud secure?” but more in terms of “What is your company doing to make sure its infrastructure is secure?”
In the best scenario, companies include a cloud security service in their business plan on day one. In the worst case, they limp along for years without a strategically planned, comprehensive security roadmap that will provide real protection for their IP, data, systems, customers, and reputation.
In both cases, these organizations have one thing in common: Regardless of how long they’ve been in business, they are at an early stage of cloud security maturity. They are just starting out on their cloud security journey.
And that’s where we can help. Read more “Threat Stack Blog Series: Starting Your Cloud Security Journey”
Your incident management process is greatly impacted by the tools you have available to carry it out. Technology should be your friend when it comes to gaining visibility and obtaining contextual data. You need tools to send alerts when issues arise, as well as track activity for compliance reporting purposes.
So, how do you choose the right incident management tools for your organization’s use cases? Read more “How to Choose the Right Tools for Incident Management and Reporting”
Cloud Infrastructure Security Buyer's Guide
Navigate the cloud security market space and choose a vendor for your organization.
Automating security processes and workflows can help teams lower Mean Time To Resolution (MTTR), maintain or strengthen an organization’s security posture, and drive operational efficiency. Sounds pretty good, right?
In our recent Cloud Security Use Cases Playbook, we took a look at the key operational processes that all teams should have in place and some of the ways they can continually optimize those processes over time. Today, let’s take a look at how automation can provide ongoing, deep visibility and supercharge your security operations, all while saving you time and resources. Read more “How to Use Automation to Improve Your Cloud Security Posture”
In Part 1 of this two-part series, we put a magnifying glass on some of the top cloud security trends and lessons learned in 2016. In Part 2, we’re going to look at where we believe cloud security is headed over the next year.
Read more “How to Secure Your Cloud Environment for What’s Next”
What’s your priority: to become a Security Company or be a Secure Company?
If you’re truly in the security business, then of course you’ll be building your own security platform. For all the rest, please keep reading . . .
In this post I will cover some of the challenges involved in building a cloud security platform like Threat Stack. My goal is to give you a clear idea of what is involved and the complexity, so you can make a decision about building or buying that is meaningful from both an engineering and a business perspective.
Spoiler alert: In my view, the right choice for most companies is not to build their own security. Most should strive to become Secure Companies so they can get on with their core business. Read more “To Build or Buy Your Own Security Platform: That is the Question”