In our last post, we explored how Threat Stack’s Application Security Monitoring embeds security in development processes — without negatively impacting agility or speed of application development and deployment. Empowering developers to proactively address software risk is central to organizations that “stretch left” to build security into their entire software development and deployment lifecycle. But even with the best security awareness, testing, and early problem identification and mitigation, some risk may always sneak by and make it into a running application. Read more “Stretch Right With Threat Stack Application Security Monitoring”
More companies are migrating their infrastructure to the cloud to take advantage of benefits like reliability, scalability, and lower costs, but cloud migration remains a complex task requiring careful consideration and planning. (For tips on planning a secure and frictionless migration, download our ebook.) Choosing the right security technology is just one of many considerations, but it’s a critically important one, particularly for organizations in sectors such as healthtech and healthcare. Not only do organizations in these areas need to protect large volumes of sensitive patient and institutional data, but they can also face serious penalties for violating privacy regulations.
When it comes to security, it is often advantageous to choose an integrated platform such as Threat Stack’s Cloud Security Platform® in order to gain visibility across all cloud providers, including hybrid cloud environments, in a single dashboard. Threat Stack also enables full stack security observability, which provides organizations with contextualized information from every part of the cloud throughout the entire software development lifecycle.
To learn more about the most common (and most costly) misconceptions companies have about security technology when considering cloud migration, we reached out to a panel of cloud security experts and asked them to answer this question: Read more “16 Cloud Security Experts Share the Most Costly Security Technology Misconceptions When It Comes to Cloud Migration”
Developers have always been overworked. They face a constant flow of feature-focused work from the business and need to balance that with work involving performance, quality and reliability, and technical debt. While DevOps and highly automated CI/CD pipelines have made developers more productive by removing low-value non-development tasks, it has actually made the pressure to deliver even greater. According to the 2018 DORA Accelerate: State of DevOps report, high-performing DevOps teams have 46X more frequent code deploys than low-performing teams. That’s a lot more work for developers — more high-impact work, happily, but more work nonetheless. Read more “Stretching Left With Threat Stack Application Security Monitoring”
Building an effective CI/CD pipeline can be a complex process with countless decisions that require a great deal of planning. Whether it’s a massive DevOps team or a single developer working alone, the more you can draw on practical, real-world knowledge in making decisions about CI/CD tools the better off you are. While highly experienced developers can pass along tips to less experienced team members, the constantly changing nature of DevOps means that even the most experienced developer can benefit.
Like all workflows, CI/CD workflows are susceptible to security concerns, so it’s a best practice to integrate security into your DevOps world (something commonly known as DevSecOps). By pairing leading continuous integration tools with a cloud security and compliance solution like the Threat Stack Cloud Security Platform®, you can build security directly into the entire software development lifecycle. With security across the CI/CD pipeline, you can ensure that your team is developing more reliable and secure applications, without compromising your team’s efficiency.
In this post, we offer 50 tips offered up by a variety of industry experts as a good place for software engineers to start building a knowledge base. To make things easier, we’ve divided the list into the following categories, beginning with a few general tips that are useful no matter the team or project: Read more “Tips for Choosing the Right CI/CD Tools”
Threat Stack’s Application Security Monitoring
enables cloud security observability across the full stack & full lifecycle in a single solution
Here at Threat Stack, we’ve been talking a lot about security observability recently (check out this article and whitepaper). When you design and monitor your systems for security observability, you reduce risk and minimize the likelihood and potential impact of a security breach.
But in the same way that you’d never invest in locks and alarms for the windows of your house while leaving the doors wide open, you can’t protect your business by focusing security observability on a single perimeter only. Security observability delivers value when it’s applied throughout the entire system. We call this Full Stack Security Observability. But what, exactly, is the “full stack?” Read more “Defining the “Full Stack” in Full Stack Security Observability”
Earlier this week a group of security researchers from Graz University of Technology, imec-DistriNet, KU Leuven, Worcester Polytechnic Institute, and Cyberus Technology identified and analyzed a vulnerability in Intel chips being called ZombieLoad (CVE-2018-12130) that allows sensitive data to be stolen from the processor. You can get all the details on ZombieLoad directly from the researchers here. Thankfully, researchers do not believe this exploit has been used in a real-life attack. Read more “How to Defend Against ZombieLoad”
Update: Threat Stack to Present Live Threat Briefing
On New Cryptomining Shellbot Malware Variant
Live Online, May 16, 2019, 1:00 p.m. ET (or on demand after 45 minutes)
About This Threat Briefing
Recently, Threat Stack’s Security Operations Center (SOC) uncovered a variation of the Shellbot malware in a public cloud environment. In this active cryptojacking campaign, the sophisticated malware features several layers of obfuscation and continues to be updated with new functionality after it has gained a foothold in an infected environment.
In this briefing, Threat Stack SOC Analyst Ethan Hansen will walk through the details of the newly discovered cryptojacking campaign, including the malware components, actual observed attack path, and the future investigations.
Download Threat Stack’s Inside a Docker Cryptojacking Exploit
Threat Stack’s Security Operations Center (SOC) recently discovered an ongoing and evolving malware campaign that leverages a new variant of the Shellbot malware discovered by JASK in November 2018 and published in February 2019. (You can read their full report here.)
In this new variant of the campaign, Threat Stack has identified the addition of a new SSH brute force tool, a secondary command and control method, and the added ability to stop other cryptominers on infected servers. Read more “A Threat Stack SOC Analysis: The Continuing Evolution of the Shellbot Cryptomining Malware”
Security Observability has become an important concept recently as companies have started building software with a cloud-native mindset, embracing distributed, immutable, and ephemeral systems. As infrastructure has shifted from traditional deployment methods, older monitoring systems are no longer effective, and a new set of practices — called “observability” — has emerged.
In this post, we explain what observability is, why security observability important, and outline six principles that will help you design and monitor your systems for security observability. (For an in-depth discussion, download our new whitepaper: Cloud Security Observability: A Guide to Reducing Your Cloud Native Infrastructure Risk.) Read more “Cloud Security Observability: How to Reduce Risk in Your Cloud-Native Infrastructure”
Modern healthcare is a full participant in the digital economy, and personal health information (PHI) is at its center. But today’s digital landscape is a volatile threat environment where sensitive personal data is a coveted commodity. Minimizing exposure, liability, and risk to PHI is a necessity with visibility all the way up to the board-level in every healthcare organization.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes the HIPAA Privacy Rule which establishes national standards to protect PHI. Every organization conducting health care transactions electronically is familiar with its rules, and being “HIPAA Compliant” is mandatory. But such standards can create a false sense of security; is simply checking the boxes and satisfying an annual audit really enough to keep attackers at bay? Do standards written over the course of decades adequately cover today’s rapidly evolving threat landscape? Are processes developed in the days of enterprise data-centers sufficient to protect containerized microservices running in the cloud?
The short answer is No: Merely being compliant is no longer enough. Digital leaders in proactive healthcare organizations — from providers to insurance companies — have realized that they must do much more to protect themselves from threats. Embracing DevSecOps and CI/CD gives healthcare organizations a strong foundation for security that goes beyond compliance with true full stack security observability. Read more “Beyond Checkboxes: 6 Cloud Security Measures All Healthcare Organizations Should Take”