Threat Stack Announces New and Enhanced CloudTrail Rules

As AWS continues to expand its services landscape, Threat Stack has made a commitment to keeping in step by crafting additional coverage that keeps your cloud environment secure. The latest additions we’ve made to Threat Stack’s CloudTrail rules are focused on giving more granular alerting and context to your interactions with the AWS control plane.

Threat Stack has significantly expanded the CloudTrail Base Ruleset in its Cloud Security Platform®. Not only have we increased the number of rules from 26 to 87 — we have also provided rules for five AWS Services that were not covered previously (DynamoDB, Elastic Container Service, Elastic Kubernetes Service, Security Token Service, and AWS Support). And don’t forget — the Cloud Security Platform still gives you the flexibility to create custom rules based on CloudTrail event data.

While we’re not going to comment on all 87 rules in this post, we are going to focus on important highlights, including:

  • New rules to cover five additional AWS Services
  • Expanded rules for Identity and Access Management (IAM)
  • Expanded rules for Virtual Public Cloud (VPC)

The new rules for five additional AWS Services are discussed in Part 1 below, while Part 2 gives an overview of the expanded rules for AWS Services that we already support. Read more “Threat Stack Announces New and Enhanced CloudTrail Rules”

50 Useful Kubernetes Tutorials for IT Professionals

Technologies like Docker have made it easier to continuously deploy applications across any number of host servers. They eliminate the need for having your own virtual machine because all the code and configuration settings you need to run your app is packaged into one container.

Google created Kubernetes to automate a number of tasks and processes involved in managing containerized apps. You can use Kubernetes to automatically deploy, scale, and decommission containerized applications. Of course, Kubernetes is not a silver bullet, and Kubernetes deployments have opened up a new set of infrastructure security concerns for DevOps teams. That’s why it’s important to be well versed in how to work with Kubernetes, as well as the tactics and solutions you can employ to create a more secure environment. For instance, Threat Stack now provides security and IT leaders transitioning to container-based infrastructure with the expertise and enhanced security visibility necessary to effectively manage the addition of container-based cloud environments through our Threat Stack Cloud Security Platform® and Threat Stack Cloud SecOps Program℠.

If you are planning to take a systematic approach to learning Kubernetes, then you should be on the lookout for quality tutorials. The good news is that a lot of resources are available online. There are also more structured courses that sometimes offer certification — if you’re willing to pay, that is. Read more “50 Useful Kubernetes Tutorials for IT Professionals”

AWS EC2 Tagging — An Overview

Just this morning I received my weekly AWS announcements email, and as I usually do, took a peek to see if there was anything useful or interesting. There were yet more features on their intimidating laundry list of 109 offerings, some outdated and maintained for legacy reasons like Simple Workflow, and some hot off the press like MariaDB RDS support. It’s easy to get lost in the sea of AWS services and be tricked into thinking there’s a feature that will solve your problem. But one feature, in particular, that should be a staple for organizations in their efforts to organize and manage their infrastructure, is tags, which we will discuss in this post.
Read more “AWS EC2 Tagging — An Overview”

3 SecOps Culture Hacks You Should Embrace Today

All types of organizations are embracing DevOps as a way to deliver work quickly and reliably. However, security sometimes falls by the wayside in favor of the desire to move fast. In fact, a recent Threat Stack survey shows that 52% of companies admit to sacrificing security for speed.

As a result, Security, Development, and Operations teams often remain deeply siloed, causing security to be treated as an afterthought and placing teams in constant “reactive mode” — which exposes the organization to unnecessary risk. Our recent survey of Development, Operations, and Security professionals spells out a few of the key issues:

  • Security is siloed. At 38% of organizations, security is a completely separate team that is only brought in when needed.
  • Developers can’t code securely. 44% of developers aren’t trained to code securely. Without this basic ability, code is often written without security in mind, and this causes security to become a disruptive bottleneck when it must inevitably step in and intervene.
  • Operations doesn’t have security training. 42% of operations staff admit that they are not trained in basic security practices — meaning they can’t configure servers securely, and they do not see deploying securely as part of the configuration management process.

Ultimately, people and processes make up the foundation of every business transformation. SecOps is no different. Change can be difficult, but operationalizing cloud infrastructure security can help you reduce security incidents, ensure compliance, and innovate without sacrificing security or speed.

Below, we’ll walk through three of the cultural changes that need to take place at your organization to encourage people to embrace SecOps as they pursue innovation, speed, and scale. Read more “3 SecOps Culture Hacks You Should Embrace Today”

A Deep Dive Into Secrets Management

There’s a lot to think about when it comes to working with containers, Kubernetes, and secrets. You have to employ and communicate best practices around identity and access management in addition to choosing and implementing various tools. Whether you’re a SecOps professional at a startup, small business, or large enterprise, you need to make sure you have the right tools to keep your environments secure.

Recently, we sat down with Stenio Ferreira, Senior Solutions Engineer at HashiCorp. Armed with a degree in computer science and experience as a Java developer at a variety of companies, including IBM, Stenio migrated into a consulting role where he advised clients who wanted to start continuous integration / continuous delivery (CI/CD) pipelines and improve their automation workflow. That’s where he was exposed to HashiCorp, his current company.

According to Stenio, a secrets management solution is a must — and there are various reasons to use one (such as centralized authentication). Stenio explained the services offered at HashiCorp, and shared his perspective on containers, Kubernetes, open source solutions, and Vault. Read more “A Deep Dive Into Secrets Management”

How a DevOps Recruiter Hires for Containers and Serverless

A Q&A With Michael Race, Head of DevOps, Salt Digital Recruitment

When it comes to hiring for DevOps, there’s much to consider, especially if you’re looking for someone to manage containers and serverless infrastructure. There’s no doubt that it’s a talent-driven market — DevOps professionals are in demand.

In this competitive environment, how do you make the right choice about who to hire? According to Michael Race, Head of DevOps at Salt Digital Recruitment, patience is a must. But even if you’ve got time on your side, you still want to make hires that prioritize security, can advocate for tools and methodology, and have experience creating DevOps environments.

We sat down with Michael recently to get his perspective on hiring for containers and serverless. Michael — who’s helped dozens of companies fill DevOps roles — shared his thoughts on where security fits in, what he likes to see in a candidate, as well as red flags that may crop up. Read more “How a DevOps Recruiter Hires for Containers and Serverless”

Magic for DevOps Teams — Threat Stack Announces Containerized Agent

Every day, malicious actors are taking more complex routes into cloud infrastructure and leveraging increasingly covert traits to persist for longer periods of time. As Dark Reading put it in a recent article, “Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.” With the rapid adoption of containers and orchestration tools as part of that infrastructure, organizations are presented with yet another layer to protect from these complex attacks.

Containers bring many advantages to DevOps such as easier write-test-deploy cycles, flexibility to explore new frameworks, and a simpler way to make updates to individual resources or a range of components in your applications. As more teams move towards containerized workloads, DevOps teams expect the security tools they leverage to keep pace without slowing them down.

To ensure alignment with those expectations, Threat Stack is excited to announce a containerized agent that will be available to customers next month. The containerized agent will provide the deployment and velocity benefits of containerization while concurrently monitoring and alerting on container activity across the entire infrastructure, no matter where customers fall on the container adoption spectrum. Read more “Magic for DevOps Teams — Threat Stack Announces Containerized Agent”

Lessons in Resilience: A Conversation on Security at REdeploy 2018

I spent last week out in San Francisco at REdeploy to learn about Resilience Engineering and what it means to build solid, sustainable infrastructures, organizations, and teams. This was the first conference of its type, and it did not disappoint.

While there was an incredible lineup of speakers, the real value, in my opinion, came from the engagement and discussions that took place after the on-stage talks. Not only did the speakers and attendees mingle at every break, but the conference organizers also hosted a speaker panel at the end of each day where attendees could ask questions, and the speakers themselves could discuss some of the themes presented throughout the day. I eagerly took advantage and sat down with a few people to find out what Security means for Resilience Engineering. Read more “Lessons in Resilience: A Conversation on Security at REdeploy 2018”

Security Observability: Operationalizing Data in Complex, Distributed Systems

It’s 2018 — companies are using multiple cloud providers, shifting to microservices, moving monoliths into containers, or maybe even moving to a serverless-style architecture. And while these are the trendy things to do right now, are they right for the business today? Will they be right or wrong for the business tomorrow? Is what we’re doing too complex if the Next Big Thing comes along and you want to leverage it without having to complete a major lift-and-shift?

Regardless of the direction your company is moving in, change is a great opportunity to evaluate your security practices and consider how you can add observability to your operations. Read more “Security Observability: Operationalizing Data in Complex, Distributed Systems”

Why DevOps Needs Security During an Infrastructure Transition

The rising popularity of DevOps practices in cloud infrastructure environments has allowed software teams to release work more quickly and efficiently than ever before, but is security top of mind? Data included in a new Pathfinder Report from 451 Research would suggest not.

According to data included in “Refocusing Security Operations in the Cloud Era,” 36% of businesses said their top IT goal over the next year is to respond to business needs faster, while 24% said it is to cut costs. In comparison, only 10.5% prioritized improving security as their top goal, coming in dead last among the options listed.

The problem seems to stem from the misconception that speed and security are mutually exclusive, where DevOps views security as a business decelerator rather than the stabilizing force it is. Baking security into DevOps processes early on through SecOps best practices, which we’ll review below, is the only way to build long-term sustainable infrastructure that will support your products and team as they move into the future. Read more “Why DevOps Needs Security During an Infrastructure Transition”