Access Management Lessons From Timehop’s Cloud Security Breach

Over the past couple of weeks, both Macy’s and Timehop experienced breaches as a result of authentication weaknesses. On July 4, social media startup Timehop experienced a data breach that affected 21 million customers and included information such as names, emails, and phone numbers. According to a preliminary investigation conducted by the Timehop team, the attacker gained unauthorized access to the company’s cloud service provider using stolen administrative credentials back in December 2017. For months, the hacker conducted reconnaissance on the system before launching an attack against the company’s production database on the July 4 holiday.

Unfortunately, credential theft attacks like these happen all too often: According to the 2018 Verizon Data Breach Investigation Report, credential theft was the top cause of data breaches. Attackers can gain privileged access to a system using administrative credentials, remaining undetected (sometimes for months as in the Timehop incident) as they move laterally across a system, conducting reconnaissance, and waiting for the right opportunity to exfiltrate data.

Timehop’s breach is an example of the security risk that employees, both current and former, can pose to any organization that practices poor cloud security hygiene. Given the sheer scope of security incidents involving some form of credential theft, it’s important for IT staff and engineers to understand not only where data is stored but also who is accessing and exporting it.

Businesses issue thousands of credentials to employees and contractors, making it more important than ever for them to improve access management. Not doing so could cause an organization’s most sensitive data to be stolen.

Here are a few tips on where to start. Read more “Access Management Lessons From Timehop’s Cloud Security Breach”

Three Homegrown SecOps Tools Used by the Threat Stack Team

As a security company, there’s a lot of pressure to keep our data secure while still moving fast and innovating on product development. I find the intersection of security and speed the most interesting challenge as an infrastructure security professional. The unique thing about Threat Stack is that our Security and Engineering teams have learned how to work together to automate security into our day-to-day processes — making them simultaneously more secure, efficient, and effective.

I’m a firm believer that an effective SecOps organization involves people, processes, and tools, in that order. The tools we’ve built in-house are meant to make people’s lives easier, and ease some of the processes that make security a natural part of the workflow if you’re trying to get a job done quickly.

We’ve open-sourced a lot of the tooling we’ve developed to make our operations more secure, and hope you’ll find this information useful when you’re thinking about automating security in your own organization.

In this post, I’ll describe three of the tools we’ve developed (and then open-sourced) at Threat Stack in order to integrate automated security processes into our workflow. (I’ve also included a description of a fourth tool that we developed — an automated SOC 2 compliance checking bot. We use it internally, but to date, it’s not available outside Threat Stack.) Read more “Three Homegrown SecOps Tools Used by the Threat Stack Team”

Profile of an Ideal Security Hire in 2018

It seems that organizations are finally understanding the importance of bridging the gap between security and operations. In a survey we conducted recently, 85% of respondents said that employing SecOps best practices is an important goal for their organizations. Nevertheless, only 35% reported that SecOps is currently an established practice.

When it comes to the ideal of marrying security and operations, many are held back by a lack of expertise. The cybersecurity skills gap has created a severe talent drought in the industry, which is expected to leave 3.5 million cybersecurity jobs open by 2021.

It’s worth looking at what the qualities of an ideal security hire are in today’s business climate, and why it’s so difficult to find these types of professionals. In this post, we’ll outline the skill sets that cybersecurity professionals need to cultivate in the age of the cloud, explain why that ideal is so hard to find, and offer practical advice for moving your SecOps program forward, regardless of who you’re able to bring on your team full-time. Read more “Profile of an Ideal Security Hire in 2018”

How to Use Alerts to Become More Proactive About Security

We all understand the importance of being proactive about our health. Rather than waiting for symptoms of disease to land us in the ER, we eat healthy, exercise, and see our doctors annually (or at least we know we should!). So why do so many organizations fail to understand the importance of taking a proactive approach to security?

While many companies today are stuck in a mode where they’re continually reacting to alerts, true security maturity means using actionable alerts to proactively become more effective and to reduce risk over time. In this post, we’ll discuss how you can take a more proactive approach to alerting in order to strengthen your overall cloud security posture.

Read more “How to Use Alerts to Become More Proactive About Security”

Understanding Cryptojacking — Why It Matters to You and How to Defend Against It

Security researchers have recently uncovered several high profile cases of cryptojacking involving companies like Tesla and the LA Times. In these incidents, cryptocurrency “miners” illegally gained access to an organization’s public cloud services and exploited their computing power to generate more digital coins.

In this blog post, we’ll give you a basic primer on what cryptomining is, how it’s typically done, and how to avoid unintentionally exposing your company to cryptojackers. Read more “Understanding Cryptojacking — Why It Matters to You and How to Defend Against It”

Threat Stack a Four-Time Winner in 2018 Info Security Products Guide’s Global Excellence Awards

Threat Stack was honored in four categories as winners of the 14th Annual Info Security PG’s Global Excellence Awards® were announced in San Francisco at a gala attended by finalists, judges, and industry peers:

Read more “Threat Stack a Four-Time Winner in 2018 Info Security Products Guide’s Global Excellence Awards”

Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)

With the challenges presented by today’s cloud security landscape, organizations with limited time and resources are taking a variety of approaches in their attempts to incorporate security into their operations practices. Some approaches work better than others, but none provide the silver-bullet solution that some organizations seek. Below, we’ll explore three popular strategies that sound promising but prove to be problematic — and we’ll propose a better way going forward. Read more “Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)”

How to Benchmark Your SecOps Maturity and Make Continuous Improvement

Over 50% of companies admit to cutting back on security measures to meet a business deadline or objective, according to our recent SecOps Report. In other words, security is falling by the wayside, even as companies invest heavily in DevOps. With DevOps able to move more swiftly than ever in the cloud, security is often mistakenly viewed as a business decelerator, serving as an impediment to DevOps’ efficiency.

But strong security is not only vital to a healthy business in its own right; it can also speed sales cycles, drive revenue, and clear the way for new business opportunities. The key is integrating security with development and operations workflows and embedding it within business practices from the outset.

To do this, it’s necessary to get all stakeholders on the same page around security goals. One way to do that is to build a shared framework. With the help of the new Threat Stack® Cloud SecOps Maturity Framework, benchmarking your security maturity is a straightforward process of evaluating your strengths and weaknesses, and this enables you to develop a clear and actionable plan to move forward. Read more “How to Benchmark Your SecOps Maturity and Make Continuous Improvement”

Threat Stack Launches Cloud SecOps Program

Security + Operations — Better Together!

Yesterday was a game-changer for Threat Stack and the cybersecurity community! That’s when we launched the Threat Stack Cloud SecOps Program, offering a radical transformation in the way Security and Operations teams can work together.

The Threat Stack Cloud SecOps Program has been purpose-built to give organizations the roadmap, technology, and people they need to integrate Security and Operations. Now companies of all sizes can securely leverage modern infrastructure and DevOps at scale!

To see for yourself, take a look at the following video where core members of the Threat Stack team give insights into the what, why, and how: Read more “Threat Stack Launches Cloud SecOps Program”

The Threat Stack Cloud SecOps Program: Why We Built It & How It Can Help Your Organization Become More Secure

An Interview With Brian M. Ahern

Cybercrime stands out as the greatest threat posed to every business around the world today. That’s fact, not FUD. Cybercrime is forecast to cost organizations around the globe $6 trillion annually by 2021, doubling its toll from 2015. To put it plainly, this represents the greatest economic wealth transfer in history, and cements cybercrime as a more profitable enterprise than the entire global illegal drug trade.

If you want to build an organization that will survive this onslaught intact, then the question you must answer today is: “What is your team doing to proactively reduce and remediate your security risks?

To help you answer that question, we are thrilled to announce our brand-new Threat Stack Cloud SecOps Program℠. This new program empowers organizations to revolutionize the way security and operations teams collaborate, proactively fortify infrastructure, and reduce attack surface. The program enables companies of all sizes to minimize their risk profiles without straining security or operations teams. And it accomplishes these goals by applying DevOps principles (like shared KPIs, automation, and continuous feedback) to security. Read more “The Threat Stack Cloud SecOps Program: Why We Built It & How It Can Help Your Organization Become More Secure”