7 Cloud Service Evaluation Criteria to Help You Choose the Right Cloud Service Provider

The lack of a common framework for assessing Cloud Service Providers (CSPs) combined with the fact that no two CSPs are the same can complicate the process of selecting one that’s right for your organization. Selecting CSPs becomes even more complex when you consider the fact that more and more companies are adopting a multi-cloud approach for a variety of reasons, including cost savings, reduced risk of vendor lock-in, and data portability. (Gartner estimates that 75% of organizations will be using a multi-cloud strategy by 2022.) Add in the adoption of abstraction technologies such as containers, and workloads become for more portable between CSPs. To help you work through this, we’re using this post to discuss seven basic criteria you can use to identify providers that best match your business, technical, and operational needs.

How do you choose a public cloud provider — or if you’re planning to go multi-cloud — cloud providers? Let’s start with the major players. Read more “7 Cloud Service Evaluation Criteria to Help You Choose the Right Cloud Service Provider”

How to Achieve Full Stack, Multi-Cloud Security Observability

You probably know AWS as the leading cloud platform provider. These days, however, many companies are using additional cloud providers as well. According to Gartner’s October 2018 report “Market Insight: Multicloud Becomes Essential for Cloud IaaS Offerings,” 49% of organizations were approaching their cloud computing IaaS strategy through multi-cloud adoption in 2017, and that is expected to increase to 75% by 2022. Most often they’re not trading one for another, but are choosing multiple providers for a variety of reasons: Different business requirements (such as managing risk and costs) may be better suited to different cloud vendors. Many vendors are likewise pricing their offerings competitively and continually adding new features.

If you’ve decided to run a multi-cloud environment as part of your organization’s security strategy, you need to make sure you’re taking appropriate security precautions. This may be a challenge, so in this post, we’ll cover five principles to follow when you make the move to multi-cloud. Read more “How to Achieve Full Stack, Multi-Cloud Security Observability”

How to Track Agent-Based User Activity

More often than not we’ll need to go beyond a Severity 1 alert to figure out what a user (including a potentially malicious attacker) was doing on a system. Host events in particular only show a small part of the picture, and a single alert can’t always give you the context necessary to make an escalation decision. This blog post explains how to pivot from a Host event to a user’s session and how to move from a single user-related alert to the user’s session using the data provided by your intrusion detection system. Read more “How to Track Agent-Based User Activity”

How to Understand Your Attacker’s Mindset

In this post we’ll try to develop an understanding of a typical attacker’s mindset and then show you how companies like yours can use this knowledge to enhance their security posture. Before we dive in, however, let’s ask a basic question: What is a cyber attacker?

A cyber attacker can be any entity — an individual, a group of individuals, a company, etc. — that tries to harm another entity via their cyber infrastructure. Attackers are often portrayed as ruthless entities that go to great lengths and use elaborate resources to attack state-of-the-art company defenses. Defending companies and individuals frequently view these entities as advanced attackers that challenge themselves by trying to break through fortified security controls by attacking them head on. That may be true in a few cases, but most attackers — especially the most seasoned (i.e., the smartest and most successful) — will try to find the path of least resistance and will also try to use the smallest number of resources when attacking. In other words, they use brains rather than brute force to achieve the biggest gain with the least effort. Let’s explore this in more detail below.
Read more “How to Understand Your Attacker’s Mindset”

The Economic Impact of Threat Stack – A Forrester Research Study

Cost Savings and Business Benefits Enabled by Threat Stack

When investing in cloud security platforms and services, businesses naturally want to measure ROI beyond number of deterred attacks. After all, effective cloud security also protects customer data, intellectual property, organizational resources, organizational efficiency, and team productivity — all of which impact your bottom line.

Recently, we asked Forrester Research group to do a total economic impact study of Threat Stack. Their findings? Businesses that use the Threat Stack platform and services are saving more than $900,000 over three years due to reduced risk, improved productivity, and lowered hiring costs. The Threat Stack Cloud Security Platform® offers complete security observability across your infrastructure. So not only can you identify intrusions or threats, but you can also identify and change risky behavior to improve your baseline security posture, which leads to a greater ROI over time. In fact, Forrester found that Threat Stack customers had an average ROI of 178% over three years. Read more “The Economic Impact of Threat Stack – A Forrester Research Study”

Scala Regex String Extraction

Introduction

— Joe Baker, Manager Software Engineering

From time to time the Engineering, Operations, and Security groups at Threat Stack contribute blog posts that share information on techniques and tools we’ve developed so we can do things faster, more accurately, and with fewer resources. These range from tips for using Scala in the real world, to improving our SOC 2 management process using a home-grown tool called sockembot, to insights into how we manage our on-call rotation using another home-built tool called Deputize (which we’ve since made available as open source).

Today’s post is by Alfredo Perez, one of our software engineers, and focuses on Scala Regex String Extraction.

If there’s anything you’d like to hear about, please Tweet us at @threatstack or contact us directly.

One of my favorite Scala patterns that I’ve learned and used here at Threat Stack is Regex String Extraction with pattern matching. It’s a simple pattern but very powerful for extracting parts of a string and very readable. The power comes from the use of regular expression groups combined with the pattern matching of Scala. Read more “Scala Regex String Extraction”

The Promise of Machine Learning vs. The Reality of Human Assisted Learning

Machine Learning (ML) has been around in one form or another for a long time. Arthur Samuel, started working in the field in 1949 and coined the term in 1959 while working at IBM. Over the years, ML applications have been developed in practically every industry sector.

Recently, we’ve been hearing a lot about “silver bullet” ML-based cybersecurity solutions that can single handedly and automatically enable short-staffed security teams to identify and mitigate every kind of security threat imaginable. Of course, silver bullet solutions are as old as security itself, and by definition, they’re almost always too good to be true. So is the current crop of ML-driven cybersecurity solutions real or hype?

Given that a lot of hype has a few grains of truth in it, let’s use this post to look at the promise, the marketing hype, and the reality — at what ML can do and cannot do in its current state (with a peek at what it might be able to do sometime down the road). (Spoiler Alert: The operative word in this blog’s title is “promise.”) Read more “The Promise of Machine Learning vs. The Reality of Human Assisted Learning”

The Difference Between Security Trick Plays and Security Fundamentals

I like watching great football plays on YouTube, but I especially like watching trick plays where players sell some sort of deception so their opponents take their eyes off the ball. Trick plays make great video clips and can win a football game if deployed at the right moment, but there’s a reason “blocking and tackling” are the fundamental skills, tasks, and roles necessary to function. Trick plays might be able to help a team win a football game, but if you show up without “blocking and tackling,” you’re definitely going to have a bad day. I bring this up because sometimes we confuse the trick plays with the fundamentals, and we do so at our own peril. That does not mean trick plays are bad or not helpful; it just means we can’t forget about the “blocking and tackling.”

These days we hear a lot of hullabaloo about machine learning (ML), and with good reason. However, it’s quickly becoming the “trick play” of security, the flashy new toy that leads people to overlook the “blocking and tackling” fundamentals. Read more “The Difference Between Security Trick Plays and Security Fundamentals”

Transforming Alert Fatigue Into Proactive Security Management

In a recent study, 72% of CISOs stated that their teams are facing alert fatigue, while 82% of respondents to a Threat Stack survey indicated that alert fatigue is having a negative impact on their organization’s well-being and productivity.

Traditional approaches to managing security alerts have often driven teams into a reactive mode where they’re overwhelmed by huge volumes of noisy alerts or spend far too much time gathering information and digging around in log files. If this proliferation of data is transformed into relevant and actionable intelligence, however, teams can overcome alert fatigue, identify and respond to critical issues in real time, and reduce risk continuously over time.

In this post, we’ll take a look at some best practices on how you can move away from reactive, ad hoc tactics and adopt a structured, proactive approach by making alerts a key element of your overall information security strategy. Read more “Transforming Alert Fatigue Into Proactive Security Management”

Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions

Cloud security is one of the most rapidly changing technology landscapes out there. And naturally, the market for security tools is also constantly evolving as stakeholders continue to develop an understanding of how important a mature security posture is to the entire organization — from innovation to sales to ongoing brand and customer success.

Throughout the industry, different security solutions solve different problems for different types of businesses: There is no “one-size-fits-all-cloud-security-silver-bullet.” Being able to cut through the hype, promises, and buzz to figure out which solutions are actually suited to your specific use cases can be a challenge.

So in this post, we’re offering guidance on what some of the broader categories of cloud security solutions do and do not offer, and how they deliver security information and alerts to their end users. In turn, we’ll take a look at using Network IDS tools, using point solutions to build your own security stack, jumping into the emerging world of machine learning (ML), and deploying a comprehensive cloud security platform that not only provides a wide range of security functionality but also integrates security into your existing DevOps workflows and provides a foundation for constantly improving your security maturity. Read more “Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions”