101 AWS Security Tips & Quotes, Part 4: Best AWS Security Practices

The fourth — and final — blog post in our series of AWS Security Tips and Quotes offers tips on AWS Security Best Practices. So far the series has covered:

Today’s post offers recommendations that include running a configuration audit, using automation to reduce errors, ensuring that you stay abreast of the latest best practices and recommendations provided by AWS and other resources — and more. Read more “101 AWS Security Tips & Quotes, Part 4: Best AWS Security Practices”

Access Management Lessons From Timehop’s Cloud Security Breach

Over the past couple of weeks, both Macy’s and Timehop experienced breaches as a result of authentication weaknesses. On July 4, social media startup Timehop experienced a data breach that affected 21 million customers and included information such as names, emails, and phone numbers. According to a preliminary investigation conducted by the Timehop team, the attacker gained unauthorized access to the company’s cloud service provider using stolen administrative credentials back in December 2017. For months, the hacker conducted reconnaissance on the system before launching an attack against the company’s production database on the July 4 holiday.

Unfortunately, credential theft attacks like these happen all too often: According to the 2018 Verizon Data Breach Investigation Report, credential theft was the top cause of data breaches. Attackers can gain privileged access to a system using administrative credentials, remaining undetected (sometimes for months as in the Timehop incident) as they move laterally across a system, conducting reconnaissance, and waiting for the right opportunity to exfiltrate data.

Timehop’s breach is an example of the security risk that employees, both current and former, can pose to any organization that practices poor cloud security hygiene. Given the sheer scope of security incidents involving some form of credential theft, it’s important for IT staff and engineers to understand not only where data is stored but also who is accessing and exporting it.

Businesses issue thousands of credentials to employees and contractors, making it more important than ever for them to improve access management. Not doing so could cause an organization’s most sensitive data to be stolen.

Here are a few tips on where to start. Read more “Access Management Lessons From Timehop’s Cloud Security Breach”

Three Homegrown SecOps Tools Used by the Threat Stack Team

As a security company, there’s a lot of pressure to keep our data secure while still moving fast and innovating on product development. I find the intersection of security and speed the most interesting challenge as an infrastructure security professional. The unique thing about Threat Stack is that our Security and Engineering teams have learned how to work together to automate security into our day-to-day processes — making them simultaneously more secure, efficient, and effective.

I’m a firm believer that an effective SecOps organization involves people, processes, and tools, in that order. The tools we’ve built in-house are meant to make people’s lives easier, and ease some of the processes that make security a natural part of the workflow if you’re trying to get a job done quickly.

We’ve open-sourced a lot of the tooling we’ve developed to make our operations more secure, and hope you’ll find this information useful when you’re thinking about automating security in your own organization.

In this post, I’ll describe three of the tools we’ve developed (and then open-sourced) at Threat Stack in order to integrate automated security processes into our workflow. (I’ve also included a description of a fourth tool that we developed — an automated SOC 2 compliance checking bot. We use it internally, but to date, it’s not available outside Threat Stack.) Read more “Three Homegrown SecOps Tools Used by the Threat Stack Team”

101 AWS Security Tips & Quotes, Part 3: Best Practices for Using Security Groups in AWS

Here’s the third blog post in our 4-part series of AWS Security Tips and Quotes, which is designed to help you evolve and strengthen your organization’s security, building on a proactive, comprehensive security strategy.

So far we’ve covered:

Today the spotlight falls on Best Practices for Using Security Groups in AWS, (and in the final installment, Part 4, we’ll deal with AWS Security Best Practices). Read more “101 AWS Security Tips & Quotes, Part 3: Best Practices for Using Security Groups in AWS”

What is SecOps? A Definition, Benefits, Best Practices, and More

While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure.

SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle.

Unfortunately, there seems to be a disconnect between what organizations want when it comes to security, and what they’re actually able to put into practice. In Threat Stack’s recent report, Bridging the Gap Between SecOps Intent and Reality, we found that 85% of organizations believe bridging the gap and employing SecOps best practices is an important goal. Yet just 35% say that SecOps is a completely or mostly established practice at their organizations, and 18% say it’s not established at all.

In this post, we’ll discuss a number of facets of SecOps — what it is, it’s goals, how it benefits organizations, best practices for implementing a SecOps program, to name a few — with the aim of giving you some helpful background and, perhaps, some of the motivation you need to get a SecOps program established in your organization. Read more “What is SecOps? A Definition, Benefits, Best Practices, and More”

101 AWS Security Tips & Quotes, Part 2: Securing Your AWS Environment

As part of its mission, Threat Stack has always brought its readers security-related content to help them make informed decisions that will strengthen their organizations’ security.

With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s critical that organizations develop proactive, comprehensive security strategies that build security in from the very beginning and evolve as their infrastructures scale to keep systems and data secure.

So last week we kicked off a 4-part mini-series on AWS Security Tips and Quotes starting with Part 1: Essential Security Practices.

This week we’re bringing you Part 2 — Securing Your AWS Environment — and in the coming weeks we’ll wrap up with:

  • Part 3: Best Practices for Using Security Groups in AWS
  • Part 4: AWS Security Best Practices

Read more “101 AWS Security Tips & Quotes, Part 2: Securing Your AWS Environment”

Visualizing Detection & Remediation in the Cloud With Graylog — Webinar Recap

If you’re on a Security team, chances are you may be able to leverage some of the Operations team’s existing tools for log management and SIEM. That was certainly the case with Threat Stack’s use of Graylog.

On June 22, Sam Bisbee, Threat Stack’s CSO, joined Lennart Koopmann, the founder and CTO of Graylog, to discuss how Threat Stack moved from a manual logging system with data silos and a lack of overall visibility, to using centralized log management and a SIEM to create a holistic picture of our cloud infrastructure security — incorporating data from our own systems as well as third-party applications to cost-effectively create real-time actionable security intelligence.

During the webinar, Sam and Lennart addressed key questions including the following:

  • Why host your own log management system?
  • What drove the need for a SIEM?
  • How did Threat Stack unify its data across various platforms?
  • How did Threat Stack make our security intelligence actionable?

Here’s a recap of the discussion which, I hope, will be helpful if you’re evaluating log management or SIEM vendors for inclusion in your SecOps tech stack. Read more “Visualizing Detection & Remediation in the Cloud With Graylog — Webinar Recap”

3 Things to Know About Kubernetes Security

Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. The operational benefits of containers, including optimized build times and more efficient use of infrastructure resources, have caused a surge in interest in container orchestration platforms like Kubernetes. At the same time, Kubernetes deployments have opened up a whole new set of infrastructure security concerns for Development and Operations teams.

For teams just getting started with Kubernetes deployments, here’s an overview of three things you need to know about securing your infrastructure from the outset. Read more “3 Things to Know About Kubernetes Security”

101 AWS Security Tips & Quotes, Part 1: Essential Security Practices

With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s imperative that organizations develop comprehensive, proactive security strategies that build security in from Day 1 and evolve as their infrastructures scale to keep systems and data secure.

To help as you create a strong security posture for your organization, we’ve compiled a list of 101 AWS security tips and quotes from cloud experts and security thought leaders (including a few from Threat Stack).

To make the list manageable, we’ve divided it into four separate blog posts, which we’ll publish over the next few weeks:

  • Part 1: Essential Security Practices
  • Part 2: Securing Your AWS Environment
  • Part 3: Best Practices for Using Security Groups in AWS
  • Part 4: AWS Security Best Practices

Read more “101 AWS Security Tips & Quotes, Part 1: Essential Security Practices”

5 Statistics That Prove Why Your Security Posture Can’t Be Purely Reactive

While reacting to alerts and incidents after they occur will always be a reality of the security professional’s job, a purely reactive security approach is simply not effective given the way that today’s technical infrastructures and the cyber ecosystem itself have become ever more complex. With organizations adopting new technologies — spreading sensitive data across different cloud servers, service providers, containers, and even various SaaS platforms — it’s essential that they begin to take a more proactive approach to security.

This means putting in place repeatable processes and automating as much of your infrastructure as possible, leaving behind time-consuming, inefficient, and costly ad hoc tactics. It also means integrating Security with Development and Operations from the outset, and prioritizing communication between teams to attain positive business outcomes.

Failing to establish a proactive security posture runs you the risk of becoming a statistic, as you’ll see below. Here are five figures that may provide you with just the motivation you need to get started. Read more “5 Statistics That Prove Why Your Security Posture Can’t Be Purely Reactive”