On April 24, I had a great conversation with Sam Smith, the Chief Architect for Sigstr, a fast-growing SaaS platform for email signature marketing. Sigstr’s infrastructure is hosted and managed on AWS and secured by Threat Stack. Every day, Sigstr consumes and processes employee contact information from HRIS systems, customer information from marketing automation platforms, and email behavior data — which makes cloud security and data privacy key concerns for both Sigstr and its customers.
Sam’s team is a great model of how to make security a top business differentiator and sales driver. Since many of Sigstr’s customers are enterprise companies with significant risk concerns, the team has consistently been responsive to questions such as:
- How does Sigstr access, store, and protect data?
- How is the application’s infrastructure monitored and secured?
- Had Sigstr undergone SOC 2 compliance or ISO 27001 compliance audits?
- How could Sigstr help them meet GDPR requirements?
During the webinar, he shared information on how the startup managed to be so responsive to its customers’ security needs, while still maintaining a rapid pace of growth. Read more “How Sigstr Built Customer Trust with Threat Stack and AWS Security — Webinar Recap”
The other week we outlined a number of resolutions to put you on the path to a cyber-secure 2018. In this post we’re going to direct you to some of the resources we produced in 2017 that will help you carry out those resolutions.
2017 was an eventful year in the cybersecurity world — to say the least! It seems that every day a new threat or major breach was causing a stir — whether it was Equifax, the RNC voter data exposure, WannaCry, Uber, Alteryx, or — to start the new year — Spectre and Meltdown!
If you want to take a look at the World’s Worst Data Breaches, here you go. But we’re going to stick to our preferred approach: After you read the splashy headlines, look inward to make sure your own data and systems are secure. To help you secure and manage your cloud environments, we’ve put together a summary of a few of the great resources we produced in 2017. Read more “Resources to Help You Carry Out Your 2018 Security Resolutions”
On December 14, Chris Gervais, Threat Stack’s VP of Engineering, was joined by Sabino Marquez, the CISO of Allocadia for our latest webinar: Lean Security: Your Guide to SecOps Efficiency in the Cloud. We’ve written before about lean security and the importance of aligning people, processes, and technology to create a successful security organization. In this webinar, we learned first-hand how Allocadia does it with Threat Stack.
You can view the entire webinar here, or read a recap of the key points that Chris and Sabino covered. Read more “Lean Security Webinar ReCap: Achieving SecOps Efficiency in the Cloud”
In this guest blog post, Sabino Marquez, Allocadia’s CISO, outlines his company’s experience using Threat Stack. Specifically, he explains how Threat Stack’s intrusion detection platform enabled Allocadia to secure its infrastructure, integrate security into Dev and Ops workflows, and significantly accelerate the sales cycle. Read more “How Allocadia Uses Threat Stack to Secure Infrastructure & Accelerate Sales”
“We really appreciate Threat Stack’s great customer support and its Oversight team. Threat Stack takes feedback seriously and ensures that the customer’s voice is always heard. At HelloSign we are committed to making our users awesome, and we were pleased to see that Threat Stack shares the same belief.” — Raaghav Srinivasan, Security Engineer at HelloSign
HelloSign is powering the future of intelligent business. The company’s software platform — which includes eSignature, digital workflow, and electronic fax solutions — converts process to revenue for over 50,000 companies around the world with HelloSign, HelloWorks, and HelloFax. When HelloSign needed to strengthen its security posture, accelerate security responses, and simplify compliance as it continued to scale, they chose Threat Stack. Read more “Why HelloSign Chose Threat Stack to Accelerate Security Responses and Simplify Compliance”
Time-to-detection is everything these days. If you don’t find a breach yourself, chances are someone else will. A recent study points out that up to 27% of breaches are discovered by third parties. This includes vendors or partners you work with, auditors, and probably most damaging of all — your customers.
The problem most companies are grappling with today is how to cut time-to-detection to ensure that they are the first ones to know about an issue, and in a way that won’t put a resource drain on the team. Last Thursday, Chris Gervais, Threat Stack’s VP of engineering, sat down with George Vauter, a senior software security engineer for Genesys, Jarrod Sexton, the lead information security manager for Genesys, and Scott Ward, the solutions architect at Amazon Web Services (AWS), to have a frank discussion about this in a webinar format.
Genesys is a leader in omnichannel customer experience and customer engagement software, with both on-premise and cloud-based offerings. PureCloud, their cloud-native microservice platform, is run on AWS, so the team has extensive experience launching and scaling in the cloud, as well as building a “secure-by-design” platform.
In our conversation, Genesys outlined several important steps that all companies should be implementing to reduce their time-to-detection, which we wanted to further highlight in today’s post. Read more “How to Cut Time-to-Security-Incident-Detection on AWS”
OneLogin’s Journey on AWS
OneLogin, an identity and access management (IAM) company, is dedicated to superior security for their users, which starts with their own stringent security posture. Since OneLogin’s customers typically come from regulated industries such as healthcare and online retail, OneLogin needed the ability to definitively show that their security, and that of their customers, was as secure as possible at any given moment. Read more “OneLogin Gains Granular Security Control With Threat Stack on AWS”
This is a guest blog post by Steve Caldwell, Director of Engineering at Springbuk, a health analytics software company that unifies pharmacy, biometric, and activity data, as well as medical claims to help employers make better decisions about employee health benefit programs.
As a health analytics company, Springbuk helps companies make better decisions around disease prevention and management through data. As such, meeting HIPAA requirements and following security best practices are very important to us; to ensure that we’re always compliant and as secure as possible, we needed to get a better handle on how security was managed across the organization. Read more “Springbuk Case Study: How to Get Ahead of Compliance and Security Requirements on AWS”
Compliance processes have a reputation for being expensive, time-consuming, and fraught with difficulties — and sometimes certifications are looked upon with skepticism. However, most of the PCI requirements are common sense, best practices that any organization that is concerned with security should adopt. At MineralTree, we use Threat Stack to mitigate security threats. Additionally Threat Stack helps us adhere to PCI requirements and document our compliance.
Let me explain . . .
Read more “MineralTree Achieves PCI Compliance With Threat Stack”
In our last post, we took a look at traditional security incident response vs. the possibility to dramatically increase security velocity (which I affectionately nicknamed “spacefolding”).
We viewed this through the lens of a conventional response timeline that can take hours and days — versus seeing into exactly what occurred and decreasing the Mean Time-To-Know (MTTK) for a security incident — because all of the relevant information is visible and available to you.
In this post, we’ll take this premise into a real-world example that may be familiar to many organizations running instances on AWS. Read more “Measurably Decreasing Mean-Time-To-Know With Threat Stack”