Security Observability: Operationalizing Data in Complex, Distributed Systems

It’s 2018 — companies are using multiple cloud providers, shifting to microservices, moving monoliths into containers, or maybe even moving to a serverless-style architecture. And while these are the trendy things to do right now, are they right for the business today? Will they be right or wrong for the business tomorrow? Is what we’re doing too complex if the Next Big Thing comes along and you want to leverage it without having to complete a major lift-and-shift?

Regardless of the direction your company is moving in, change is a great opportunity to evaluate your security practices and consider how you can add observability to your operations. Read more “Security Observability: Operationalizing Data in Complex, Distributed Systems”

What’s In Our SecOps Stack: 6 Top Integrations

When it comes to creating a solid SecOps program, an organization must consider people, processes, and technology. It’s not one area that makes a secure program, but a combination of all three working together.

As good as our people are, however, they would not get far without systematic processes backed by powerful tools and integrations. Here at Threat Stack, we use the following tools to ensure that our organization is safe, secure, and operating effectively. Read more “What’s In Our SecOps Stack: 6 Top Integrations”

How to Find and Remediate Open Infrastructure Ports

The evidence is clear — open infrastructure ports lead to security vulnerabilities. When AWS S3 buckets or SSH ports are left open, they can leave your organization at risk for security breaches.

For example, in July 2018, an open S3 bucket at a political autodial company, Robocent, exposed nearly 2,600 files relating to political campaigns. The leak included voter records containing sensitive information such as phone numbers, gender, and birth dates. The files were then indexed by GrayHatWarfare, which has a database of 48,623 open S3 buckets.

Leaks like Robocent’s highlight the need for organizations to maintain visibility into where data is located within their cloud infrastructure, as well as whether the storage system is risk-appropriate given the sensitivity of the information. It’s easy, but never acceptable, for a fast-growing or seasonal organization like this one to lose track of that risk over time.

It’s important to ensure that certain gateways into your infrastructure are password protected or are configured properly to prevent events like this from affecting your organization. That’s why, in this post, we’re highlighting how to find and remediate open infrastructure ports. Read more “How to Find and Remediate Open Infrastructure Ports”

Black Hat USA 2018: A SecOps Recap

Last week, I had the pleasure of joining thousands of security researchers, vendors, marketers, press, and bloggers converging on the desert and Mandalay Bay for my first-ever Black Hat USA conference. Attendees discussed the newest research, latest technologies, scariest threats, and biggest trends in this crazy world of cybersecurity. If you weren’t lucky enough to be part of the fun, here’s a quick recap of Black Hat USA 2018 (aka Security Summer Camp). Read more “Black Hat USA 2018: A SecOps Recap”

What Would You Change About AWS Security?

20 Security Pros Reveal the One Thing They’d Change About AWS Security

AWS is one of the most popular cloud platforms among enterprises and even SMBs, and for good reason: The service is robust, with a variety of features and functionality to make management seamless. But managing an AWS environment still requires a good deal of technical expertise. What’s more, while AWS provides a multitude of options for securing your cloud environment, it’s not perfect, nor does it (or any cloud provider) promise complete, end-to-end security for your infrastructure, applications, and data — and users are responsible for filling in the gaps.

That is, of course, where Threat Stack comes into play, enabling you to secure your cloud infrastructure, as well as your cloud workloads, both at speed and at scale. To gain some insight into where AWS falls short and what users need to know to fully secure their cloud environment, we reached out to a panel of security pros and asked them to answer this question:

“If you could wave a magic wand and change one thing about AWS security what would it be?”

Read more “What Would You Change About AWS Security?”

50 Best Cloud Security Training Resources

The bad news is there’s a global shortage of trained cybersecurity professionals: According to PWC, there will be 1.5 million cybersecurity job openings by 2019, and the talent market is not expected to catch up any time soon. The good news is that hundreds of quality resources are available to help both established and up-and-coming cloud security professionals educate themselves.

If you’re looking for networking opportunities and access to specialized training in your areas of interest, attending cloud security conferences is an excellent way to rack up your credentials, so be sure to visit our list of 50 cloud security conferences to attend in 2018 and beyond.

If conferences aren’t a good option for you, there are lots of other professional development avenues you can take.  To help you in your cloud security training search, we’ve compiled a list of 50 different resources in a variety of categories, ranging from training courses to video content, whitepapers, and more — along with a few useful career resources to help you put those newly acquired skills to work.

It can be difficult to know which training resources are best for your situation, especially when you’re just beginning your career in cybersecurity. That’s why we’ve put this blog post together, grouping resources into logical categories that are intended to help you find resources that are best-suited to your specific needs.

Note: The cloud security training resources discussed below are not ranked in any way, and Threat Stack does not directly endorse any of them. We are simply providing them here for information purposes and have grouped them into logical categories for ease of navigation. Read more “50 Best Cloud Security Training Resources”

Threat Stack Quick Guide to Black Hat USA 2018

Booth #2316 | August 8 – 9 | Las Vegas, NV

Are you attending Black Hat this August? Threat Stack is, and we’d love to see you there!

With so many fascinating events going, we thought it would be helpful to create a Quick Guide to help you get the most out of your visit to Black Hat USA 2018.

If you can’t meet us there (we’ll miss you!), you can keep up with the latest happenings inside and beyond the exhibition floor through our blog and social media (follow @threatstack on Twitter). Read more “Threat Stack Quick Guide to Black Hat USA 2018”

What is the NIST Cybersecurity Framework?

You’ve SOC 2-ed from here to eternity, and you’ve got GDPR in the bag, but if you’re truly focused on security maturity, you know that your work is never done. So, what’s next? Perhaps it’s time to focus on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

Unlike GDPR and SOC 2, organizations will face no penalties for noncompliance with the NIST CSF: It’s purely voluntary. Nevertheless, it serves as a singular guideline that CISOs can look to in a world of fragmented cybersecurity regulations.

The framework was first developed in 2014, after President Obama recognized the growing risk to critical infrastructure. His Cybersecurity Enhancement Act (CEA) of that year called to expand the role of NIST to create a voluntary framework in order to identify “a prioritized, flexible, repeatable, performance-based, and cost-effective approach” to manage cyber threats. A 2017 executive order by President Trump took the framework a step further by making it federal government policy.

After years of gathering feedback, version 1.1 of the framework was released in 2018 to provide “a more comprehensive treatment of identity management,” as well as additional information on managing supply chain cybersecurity. As a living document, the NIST CSF will continue to evolve as the industry provides feedback on implementation.

As the standard developed by the United States for managing cybersecurity risk, organizations would do well to take heed. As with any standard, choosing to comply with the NIST CSF demonstrates to your clients that you’re serious about security, while improving your overall security posture and lessening the risk of a data breach and the resulting financial losses, client churn, and reputational loss that go along with it.

Below we’ll help you understand some of the main points of the NIST CSF so you can begin putting it into practice. Read more “What is the NIST Cybersecurity Framework?”

Why Kubernetes is Not a Silver Bullet

Container adoption is on a meteoric rise. Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. It’s not hard to see why — containers’ offer greater DevOps flexibility along with an optimized build/deployment pipeline.

The surge in container adoption is the driving force behind a new phenomenon in developer circles that we at Threat Stack lovingly refer to as “Kubernetes FOMO.” Eager to get on board with the most popular orchestration platform around, organizations are jumping on the Kubernetes bandwagon.

And why not? Kubernetes speeds container deployment and enables the management of multi-container clusters at scale. It allows for continuous integration and delivery; handles networking, service discovery, and storage; and has the ability to do all that in multi-cloud environments.  

Some would call Kubernetes a silver bullet in the world of container deployment and management, but that doesn’t mean it comes without security concerns. In this post, we’ll discuss a few things to watch out for if you’re considering a move to Kubernetes, as well as some tips on ensuring that your infrastructure remains secure during a transition. Read more “Why Kubernetes is Not a Silver Bullet”

How to Avoid Targeted AWS Attacks With Secure AWS Keys

If the headlines are any indication, hackers continue to exploit vulnerabilities in cloud infrastructure platforms, with targeted AWS attacks becoming very common. Many attacks follow similar patterns: Actors are typically looking opportunistically for AWS keys, which are either accidentally posted to open source code websites like GitHub or stolen from employee laptops using malware. Once the actor has gained access to the AWS account, they often look for fairly direct paths to sensitive data or valuable resources, such as an open S3 bucket or access to launch a new EC2 instance to mine cryptocurrency.

Many developers use AWS access keys that have not been changed in months or years. Although keeping these keys the same makes things easy for the developers, it’s not very good security hygiene. Many organizations aren’t aware that their stagnant AWS keys could be causing major vulnerabilities. Read more “How to Avoid Targeted AWS Attacks With Secure AWS Keys”