“We really appreciate Threat Stack’s great customer support and its Oversight team. Threat Stack takes feedback seriously and ensures that the customer’s voice is always heard. At HelloSign we are committed to making our users awesome, and we were pleased to see that Threat Stack shares the same belief.” — Raaghav Srinivasan, Security Engineer at HelloSign
HelloSign is powering the future of intelligent business. The company’s software platform — which includes eSignature, digital workflow, and electronic fax solutions — converts process to revenue for over 50,000 companies around the world with HelloSign, HelloWorks, and HelloFax. When HelloSign needed to strengthen its security posture, accelerate security responses, and simplify compliance as it continued to scale, they chose Threat Stack. Read more “Why HelloSign Chose Threat Stack to Accelerate Security Responses and Simplify Compliance”
Time-to-detection is everything these days. If you don’t find a breach yourself, chances are someone else will. A recent study points out that up to 27% of breaches are discovered by third parties. This includes vendors or partners you work with, auditors, and probably most damaging of all — your customers.
The problem most companies are grappling with today is how to cut time-to-detection to ensure that they are the first ones to know about an issue, and in a way that won’t put a resource drain on the team. Last Thursday, Chris Gervais, Threat Stack’s VP of engineering, sat down with George Vauter, a senior software security engineer for Genesys, Jarrod Sexton, the lead information security manager for Genesys, and Scott Ward, the solutions architect at Amazon Web Services (AWS), to have a frank discussion about this in a webinar format.
Genesys is a leader in omnichannel customer experience and customer engagement software, with both on-premise and cloud-based offerings. PureCloud, their cloud-native microservice platform, is run on AWS, so the team has extensive experience launching and scaling in the cloud, as well as building a “secure-by-design” platform.
In our conversation, Genesys outlined several important steps that all companies should be implementing to reduce their time-to-detection, which we wanted to further highlight in today’s post. Read more “How to Cut Time-to-Security-Incident-Detection on AWS”
OneLogin’s Journey on AWS
OneLogin, an identity and access management (IAM) company, is dedicated to superior security for their users, which starts with their own stringent security posture. Since OneLogin’s customers typically come from regulated industries such as healthcare and online retail, OneLogin needed the ability to definitively show that their security, and that of their customers, was as secure as possible at any given moment. Read more “OneLogin Gains Granular Security Control With Threat Stack on AWS”
This is a guest blog post by Steve Caldwell, Director of Engineering at Springbuk, a health analytics software company that unifies pharmacy, biometric, and activity data, as well as medical claims to help employers make better decisions about employee health benefit programs.
As a health analytics company, Springbuk helps companies make better decisions around disease prevention and management through data. As such, meeting HIPAA requirements and following security best practices are very important to us; to ensure that we’re always compliant and as secure as possible, we needed to get a better handle on how security was managed across the organization. Read more “Springbuk Case Study: How to Get Ahead of Compliance and Security Requirements on AWS”
Compliance processes have a reputation for being expensive, time-consuming, and fraught with difficulties — and sometimes certifications are looked upon with skepticism. However, most of the PCI requirements are common sense, best practices that any organization that is concerned with security should adopt. At MineralTree, we use Threat Stack to mitigate security threats. Additionally Threat Stack helps us adhere to PCI requirements and document our compliance.
Let me explain . . .
Read more “MineralTree Achieves PCI Compliance With Threat Stack”
In our last post, we took a look at traditional security incident response vs. the possibility to dramatically increase security velocity (which I affectionately nicknamed “spacefolding”).
We viewed this through the lens of a conventional response timeline that can take hours and days — versus seeing into exactly what occurred and decreasing the Mean Time-To-Know (MTTK) for a security incident — because all of the relevant information is visible and available to you.
In this post, we’ll take this premise into a real-world example that may be familiar to many organizations running instances on AWS. Read more “Measurably Decreasing Mean-Time-To-Know With Threat Stack”
I recently added a Starz subscription to my Amazon Prime and found a new supply of science fiction movies. One of these, Deja Vu, is a time travel story from a decade ago; a weird mashup of the post-9/11 terror attack genre mixed with science fiction. In the film, a terror attack takes place in New Orleans and a small army of government men-in-black from various state and Federal agencies respond. Because the attack involved a ferry, the NTSB and FBI collaborate along with elements of the ATF, including a talented investigator played by Denzel Washington.
Read more “Increasing Security Response Velocity”
Software bugs, like security vulnerabilities, can crop up in unexpected places, and the only way you can really be prepared for them is by testing and monitoring in real-world scenarios. Lab testing can only go so far when it comes to software performance (and security vulnerabilities, for that matter), and that’s exactly how Applause came about. We realized there was a big opportunity to create a new way to test software, websites, mobile apps and other digital properties using a global community of professional testers that could actually test on real devices in real locations under real-world conditions.
Read more “Proactive Software Testing Meets Proactive Security Monitoring at Applause”
When Wombat Security Technologies and ThreatSim (acquired by Wombat in October 2015) decided to develop and deploy our suite of end user risk management and education solutions in Amazon Web Services (AWS), we went “into the cloud” with eyes wide open. We knew that, to realize the full potential of AWS (scale, cost, performance), we needed to “do AWS right.” This meant treating our servers like cattle, not like pets.
Read more “How Wombat Security Uses Threat Stack to Secure Its Own AWS Infrastructure”
Ayla Networks is an Internet of Things (IoT) cloud platform-as-a-service (PaaS) company that enables manufacturers to build connected products. With more than 75 customers worldwide, many of whom are Fortune 1000 companies, Ayla knows that delivering a fast and secure platform is vital to our business. As a security-conscious company running completely in the cloud, we take a cloud-native approach to security and compliance. In this post, I’ll explain why we chose this approach and how we are implementing it today. Read more “IoT Meets Continuous Security Monitoring at Ayla Networks”