Threat Stack Announces New and Enhanced CloudTrail Rules

As AWS continues to expand its services landscape, Threat Stack has made a commitment to keeping in step by crafting additional coverage that keeps your cloud environment secure. The latest additions we’ve made to Threat Stack’s CloudTrail rules are focused on giving more granular alerting and context to your interactions with the AWS control plane.

Threat Stack has significantly expanded the CloudTrail Base Ruleset in its Cloud Security Platform®. Not only have we increased the number of rules from 26 to 87 — we have also provided rules for five AWS Services that were not covered previously (DynamoDB, Elastic Container Service, Elastic Kubernetes Service, Security Token Service, and AWS Support). And don’t forget — the Cloud Security Platform still gives you the flexibility to create custom rules based on CloudTrail event data.

While we’re not going to comment on all 87 rules in this post, we are going to focus on important highlights, including:

  • New rules to cover five additional AWS Services
  • Expanded rules for Identity and Access Management (IAM)
  • Expanded rules for Virtual Public Cloud (VPC)

The new rules for five additional AWS Services are discussed in Part 1 below, while Part 2 gives an overview of the expanded rules for AWS Services that we already support. Read more “Threat Stack Announces New and Enhanced CloudTrail Rules”

Detecting Unsafe Data Deserialization With Threat Stack

Insecure data deserialization first made its way into OWASP’s 2017 Top 10 list by way of community feedback. In the history of application security, that makes it a relatively new vulnerability that can be harder to detect due to the way it uses popular code libraries that are commonly used in web development.

The Threat Stack Cloud SecOps Program℠ exists not only to monitor customer environments and investigate alerts, but also to work with customers to help them improve their security postures. Occasionally, here in the SecOps Program’s security operations center (SOC), we get questions about the detection capability of the Threat Stack Cloud Security Platform®, and whether it is capable of detecting new and advanced attack vectors. (Our system uses behavioral detection, which is an extremely robust methodology for detecting new and old attack techniques.)

In this post, I’ll walk through how my colleagues and I in the SOC addressed an inquiry regarding a specific insecure deserialization exploit seen in the wild. Read more “Detecting Unsafe Data Deserialization With Threat Stack”

Aligning SecOps Teams With Compliance Roadmaps

Compliance is essential, and organizations need to get it right. Despite the importance of compliance, organizations often treat it as an afterthought, rather than a business driver. Some see it as a hurdle or uninvited challenge, even though it can have a significant positive impact on the business.

With the rise of new compliance frameworks like GDPR, the stakes are even higher. If you aren’t compliant, there are heavy fines. Now, more than ever, it’s time to ensure that your organization is adhering to the applicable compliance guidelines.

In this post, we show how SecOps teams can align with compliance roadmaps to drive a more continuous, proactive approach to meeting compliance objectives. Read more “Aligning SecOps Teams With Compliance Roadmaps”

Three Old-School Network Security Tips That (Still!) Work for Modern Infrastructure

The adage “Everything old is new again,” rings true in the cybersecurity industry as much as anywhere else. Some of the best practices from old-school network security still apply to modern virtual server or containerized environments.

Even though hackers are becoming increasingly sophisticated with their attacks, applying some of these oldies but goodies to your arsenal could help reduce the risk of a security incident or breach.

Here are a few security best practices that stand the test of time. Read more “Three Old-School Network Security Tips That (Still!) Work for Modern Infrastructure”

How to Create a Threat Model for Cloud Infrastructure Security

Our Motto is: Threat Modeling: The sooner the better, but never too late. — OWASP

The practice of creating a threat model can help teams proactively understand and develop a strategy for managing the possible vulnerabilities their organization faces, instead of waiting until after an incident occurs. OWASP defines threat modeling as “a procedure for optimizing security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system.”

SecOps teams can benefit from creating a threat model for cloud infrastructure, and defining an approach to operationalizing, hardening, and automating security throughout the software development lifecycle. While it’s best to build security into the design of your systems at the outset, remember the motto: “Threat Modeling: The sooner the better, but never too late.”

Let’s walk through how to get started. Read more “How to Create a Threat Model for Cloud Infrastructure Security”

3 Questions to Ask When You’re Ready to Operationalize Your Security

New global data from Checkmarx reveals that 92 percent of organizations struggle to implement security into DevOps — even though they say they want to. The heart of this issue is the common misconception that security slows things down, which leads to the common practice of skipping security measures in an effort to get things done.

While this approach may seem to create a payoff in terms of productivity, any gains are short term at best and are always offset by the fact that the company is at greater risk for a breach.

But the truth is, speed and security are not mutually exclusive, and you can effectively integrate security into operations throughout your organization if you follow SecOps best practices.

With that in mind, we’ll use this post to walk through the three major questions your organization must ask as it moves toward operationalized security.

Before diving into the post, however, take a look at details on our upcoming webinar — “How to Spend Your Security Budget in a DevOps World.” Read more “3 Questions to Ask When You’re Ready to Operationalize Your Security”

How to Cope With the Security Talent Shortage in SecOps

Security budgets are rising, but are they helping with challenges caused by the security talent shortage? This post offers insights from our recent security budgeting survey and shares ideas on how to deal with the security talent shortage in SecOps.

Before diving into the post, however, take a look at the following details on our upcoming webinar — How to Spend Your Security Budget in a DevOps World.
Read more “How to Cope With the Security Talent Shortage in SecOps”