How to Balance Risk and Reward When it Comes to Cloud Security

It’s difficult to quantify the money saved by preventing a cyber attack that never happened. This is why proving the ROI of security measures can be tricky and can sometimes make security feel more like a cost-center than an investment.

In truth, being a great security organization is a competitive advantage. It’s both a sales driver and a compliance linchpin. It’s not simply a cost of doing business. In fact, it can really give you a leg up, particularly when selling to customers with HIPAA, SOC 2, ISO27000, or other compliance requirements.

In this post, we’ll explore a number of ways to balance risk and reward as you pursue cloud security and ensure the vitality of your business. Read more “How to Balance Risk and Reward When it Comes to Cloud Security”

The Hidden Dangers of Shadow IT to Cloud Security

Shadow IT has emerged in recent years due to misaligned objectives among teams and the fluid nature of DevOps. We’ve written before that although it may achieve short-term goals for the business units it serves, Shadow IT is detrimental for the long-term stability of organizations, and despite its good intentions, puts companies at greater security risk.

In this post, we’ll explore how development, security, and operations can work together to prevent the need for Shadow IT. Read more “The Hidden Dangers of Shadow IT to Cloud Security”

People, Processes, & Technology: The 3 Elements of a Rockstar Security Organization

In our recent webinar, Automating Security & Compliance for Your Cloud Deployment, we explored ways that firms can scale their cloud security strategies through visibility and intrusion detection, security and compliance automation, and low-cost security practices.

Some organizations are especially successful when it comes to security preparedness. In the webinar, we discussed what makes the strongest teams stand out. It boils down to their unique approaches to people, processes, and technology and how theses elements are bound together by a common set of goals.

In this post, we’ll dig further into these three areas and define what you really need to create a rockstar security organization. Read more “People, Processes, & Technology: The 3 Elements of a Rockstar Security Organization”

Velocity and Security: 5 Posts to Help You Get Security Up to Speed

There’s a lot of talk in the business world — especially the software-driven side of it — about achieving and maintaining velocity. The ability to continuously release new code can be the difference between winning and losing.

But as Threat Stack’s CSO, Sam Bisbee, recently pointed out in InfoSecurity magazine, “The market’s investment in services and tools to automate business processes without incurring heavy maintenance costs has outpaced investment in the methods to secure them.” Sometimes we forget that, if security can’t keep up, it won’t matter how fast you get that new app out there. You’ll eventually be faced with a mountain of security-related headaches — or at least the stress of increased risk. Read more “Velocity and Security: 5 Posts to Help You Get Security Up to Speed”

Enhancing the Power of Your SIEM With Threat Stack’s Intrusion Detection Platform

Trying to manage security with only one security tool (or, for example, having to use log files alone) can be a major headache. The right combination, however — like a SIEM coupled with an intrusion detection platform — can produce great results, including better data, smaller amounts of data, shorter processing times, and lower operating costs. Read more “Enhancing the Power of Your SIEM With Threat Stack’s Intrusion Detection Platform”

‘Tis the Season To Be Proactive, Vigilant, & Transparent

Cyber Monday is here (and for those of us in the cloud security business, it’s also the start of the AWS re:Invent 2017 conference). So given all the strange things that have been happening in our cyber environment, we thought we would once again remind organizations and consumers alike about the need to be proactive and extra vigilant in their security practices. Read more “‘Tis the Season To Be Proactive, Vigilant, & Transparent”

The 7 Key Functions of a Modern Intrusion Detection Platform

When you’re making a mental shift away from legacy, on-prem security thinking, you may be wondering what an effective, modern security solution looks like. You may already know that you should prioritize detection and not focus solely on prevention, but what exactly goes into a best-case intrusion detection solution?

The graphic below should help you understand the five key components of intrusion detection. When considering what types of solutions to invest in, you want to make sure you have all of these bases covered from a technical point of view:

Beyond these core capabilities, we recommend that you keep the following  seven major requirements in mind in order to focus on the holistic goals of an IDP. Read more “The 7 Key Functions of a Modern Intrusion Detection Platform”

How Allocadia Uses Threat Stack to Secure Infrastructure & Accelerate Sales

In this guest blog post, Sabino Marquez, Allocadia’s CISO, outlines his company’s experience using Threat Stack. Specifically, he explains how Threat Stack’s intrusion detection platform enabled Allocadia to secure its infrastructure, integrate security into Dev and Ops workflows, and significantly accelerate the sales cycle. Read more “How Allocadia Uses Threat Stack to Secure Infrastructure & Accelerate Sales”

New eBook: Myth Busting Intrusion Detection

Your Guide to Intrusion Detection for Modern Infrastructure

Many organizations that need cloud security are laboring behind a cloud of myths — unable to clearly define their requirements and match them to technology solutions and best practices that will enable them to operate securely at speed and scale in the cloud. Our new eBook — Myth Busting Intrusion Detection — is designed to clarify these issues. Read more “New eBook: Myth Busting Intrusion Detection”

Taking Care of Basics — Lessons From the Boston Cyber Security Summit

This year’s Cyber Security Summit: Boston was a tremendous success. It was rewarding to see so many business leaders, cyber experts, government officials, and thought leaders in one place, all dedicated to advancing the security of our cyber environment.

The event’s mission is to connect C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.

Parsed out, this meant that the event offered up a lot of valuable insights into the state of cyber security, an exhibit floor filled with leading solution providers demonstrating the latest products and services, and much practical advice on a multitude of security and compliance-related topics.

Threat Stack was honored to be a Gold Sponsor. We were also an exhibitor, and Sam Bisbee, our CSO, was well received for his contribution to one of the main panel discussions.

As usual with these gatherings, there was far too much going on to give a full recap here. However, I do want to focus on some of the highlights from the “Compliance Nightmare” panel, because it reminds us that we should never forget the basics. Read more “Taking Care of Basics — Lessons From the Boston Cyber Security Summit”