New eBook: Myth Busting Intrusion Detection

Your Guide to Intrusion Detection for Modern Infrastructure

Many organizations that need cloud security are laboring behind a cloud of myths — unable to clearly define their requirements and match them to technology solutions and best practices that will enable them to operate securely at speed and scale in the cloud. Our new eBook — Myth Busting Intrusion Detection — is designed to clarify these issues. Read more “New eBook: Myth Busting Intrusion Detection”

Taking Care of Basics — Lessons From the Boston Cyber Security Summit

This year’s Cyber Security Summit: Boston was a tremendous success. It was rewarding to see so many business leaders, cyber experts, government officials, and thought leaders in one place, all dedicated to advancing the security of our cyber environment.

The event’s mission is to connect C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.

Parsed out, this meant that the event offered up a lot of valuable insights into the state of cyber security, an exhibit floor filled with leading solution providers demonstrating the latest products and services, and much practical advice on a multitude of security and compliance-related topics.

Threat Stack was honored to be a Gold Sponsor. We were also an exhibitor, and Sam Bisbee, our CSO, was well received for his contribution to one of the main panel discussions.

As usual with these gatherings, there was far too much going on to give a full recap here. However, I do want to focus on some of the highlights from the “Compliance Nightmare” panel, because it reminds us that we should never forget the basics. Read more “Taking Care of Basics — Lessons From the Boston Cyber Security Summit”

How to Secure a Non-Production Environment (Webinar Recap)

“This code is fine, right?”

“It should be…”

“Wait… but what about this configuration?”

“Fine, I’ll test it in dev…”

This conversation sounds all too familiar, right? Your non-production environments are the foundation for the tools, applications, and services you provide to your customers. The history of every code deployment, mistake, and refinement made to create your product can be found there.

While test and dev environments serve a different purpose from production environments, they too, can be open to the outside world and introduce risk if not secured. Chances are, the data you’re storing, analyzing, or processing in non-production environments are just as sensitive as the data you push out to production. So why skimp on security here just because it’s not a production environment?

Yesterday, we hosted a brief webinar (led by our Chris Gervais,  VP of Engineering) focusing on the importance of securing non-production environments and how to do so. In case you missed it, here’s the recording along with a written  recap. Read more “How to Secure a Non-Production Environment (Webinar Recap)”

What Makes a Misconfiguration Critical? AWS Security Tips

In the cloud, where there are no perimeters and limitless endpoints, there are many ways attackers can get direct access to your environment if you make the wrong move. Given the speed that companies are moving to and scaling in the cloud, it’s easy to miss a step along the way and leave your business wide open for an attack.

In a recent survey, we found that 73 percent of companies have critical AWS cloud security configurations. Issues like wide open SSH and infrequent software updates are among the top risks identified, and of course, some of the biggest exposures in the recent past (Verizon, Dow Jones, and the RNC) were the result of AWS S3 configuration errors. But there are many others that are more obscure, yet just as dangerous if left unaddressed.

So, how do you know whether a misconfiguration is going to put you at risk? And how do you identify where your gaps are? In this post, we’ll walk through the four signs of a critical misconfiguration, how to spot one, and how you can fix it — fast. Read more “What Makes a Misconfiguration Critical? AWS Security Tips”

Looking Back on Cybersecurity Awareness Month and a 365 Day Outlook

Cybersecurity Awareness Month may be coming to a close, but we have already set our eyes on the future. The question is: How can we stay “security aware” year round and, more importantly, translate this awareness into actions that will help keep our companies secure?

Cybersecurity has never been more important than in the past few years. It seems that every week, a major new breach hits the news headlines, leaving every company more and more worried about whether they’re next. This month — National Cybersecurity Awareness Month — has been a great reminder to verify whether your security protocols and practices are up-to-date and effective. But with the state of things today, you can’t afford to stop there.

We believe that done right, security is a 24/365 operation. If you’ve been following our blog, you’ve learned that there are many ways to streamline and automate security so it doesn’t require an army to maintain.

In this post, we’re wrapping up our best pieces of advice for you so that every month going forward can be cybersecurity month at your company. Read more “Looking Back on Cybersecurity Awareness Month and a 365 Day Outlook”

A Straightforward Workflow to Define Your Cloud Security Strategy

Security is a big concern for organizations of pretty much every size and shape. Once you have organization-wide agreement that security is a priority (for most companies today, this is a no-brainer), it’s time to get to work.

So where do you start? Of course, you’ll need an individual or an interdisciplinary group to lead your security initiatives, but beyond that, it’s a matter of focusing on the right things at the right time to get your security program up and running as quickly and as smoothly as possible. Getting it done right should always be an objective, and getting it done quickly is also highly desirable — especially if you have a legal or customer requirement to become more secure.

In our latest webinar, “Automating Security and Compliance for Your Cloud Deployment,” Chris Gervais, Threat Stack’s VP of Engineering, and Katie Paugh, G2 Technology Group’s Security Architect discussed a simple workflow that every company can follow to successfully implement an effective security plan. Watch the full recording or read the main points below. Read more “A Straightforward Workflow to Define Your Cloud Security Strategy”

5 Years in Review: 4 Can’t-Miss Posts From Our Archive of 450+

Five years is a blink of the eye in time, but in technology, a lot can happen. This year, we’re celebrating the fifth year of the Threat Stack blog. We’ve been digging around our archives and analyzing the metrics to see what’s changed in the market since our inception, how our own product has evolved, and what topics are still tried and true.

Some things changed, and some stayed the same. Most interesting, we saw five of our personal favorite topics rise to the top in terms of article popularity. Some written several years ago, some written this year, they’re indicative of how the market is shifting and what companies are focused on today.

Without further ado, here are the four most-read articles of all time on our blog, and if you haven’t read them, data says you should. Read more “5 Years in Review: 4 Can’t-Miss Posts From Our Archive of 450+”

How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action

Want to take a peek at the World’s Worst Data Breaches? Here you go:

Now that we’ve got that out of the way, let’s start this blog post over again. Our goal isn’t to frighten you or deepen the numbness you might already be feeling from the drip, drip, drip of bad cyber news.

It’s National Cybersecurity Awareness Month (NCSAM), which was launched in October 2004 as a collaboration between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security with the goal of raising awareness and providing education on cybersecurity issues.

The name is something of a misnomer, however. NCSAM is really designed to do more than make you aware of cyber risks. It’s bigger goal is to arm you with information and tools you can use to strengthen yourself, your social groups, and your businesses against the cyber criminals who prey on us.

In the spirit of NCSAM, we at Threat Stack want to do our part by sharing some of the advice our bloggers have offered on how to take action to protect yourself and your company from cyberattacks. With that in mind, here are summaries of four recent blogs. Read more “How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action”

11 Questions to Ask Before Investing in a Cloud Security Solution

Whether you’re in security, operations, or another related discipline, choosing the right cloud security products can be a complex process. With thousands of options, each with their own nuances, how do you know which tool, or mix of tools, is going to be right for your organization? The following questions are designed to help you identify the solutions that will fit your specific needs and requirements. Use them as you make your decision, and the entire process will be much more seamless. Read more “11 Questions to Ask Before Investing in a Cloud Security Solution”

6 Ways to Adopt a Cloud-Specific Security Paradigm

Cloud technologies and traditional security processes are as bad a match as stripes and polka dots. They simply aren’t built to mix well together. As companies adopt cloud technologies, security teams are scrambling to apply what they know to this new way of doing business. But they’re quickly realizing how different an on-prem mindset is from one that’s geared to the cloud. Namely because, in an on-premise environment, security is based on the perimeter. In the cloud, however, there is no defined perimeter, and a seemingly endless number of endpoints. In the face of this, security needs to shift in a major way.

In this post, we will define six ways you can effectively shift your security paradigm so it’s suited to a cloud-defined world. Read more “6 Ways to Adopt a Cloud-Specific Security Paradigm”