It seems that organizations are finally understanding the importance of bridging the gap between security and operations. In a survey we conducted recently, 85% of respondents said that employing SecOps best practices is an important goal for their organizations. Nevertheless, only 35% reported that SecOps is currently an established practice.
When it comes to the ideal of marrying security and operations, many are held back by a lack of expertise. The cybersecurity skills gap has created a severe talent drought in the industry, which is expected to leave 3.5 million cybersecurity jobs open by 2021.
It’s worth looking at what the qualities of an ideal security hire are in today’s business climate, and why it’s so difficult to find these types of professionals. In this post, we’ll outline the skill sets that cybersecurity professionals need to cultivate in the age of the cloud, explain why that ideal is so hard to find, and offer practical advice for moving your SecOps program forward, regardless of who you’re able to bring on your team full-time. Read more “Profile of an Ideal Security Hire in 2018”
We all understand the importance of being proactive about our health. Rather than waiting for symptoms of disease to land us in the ER, we eat healthy, exercise, and see our doctors annually (or at least we know we should!). So why do so many organizations fail to understand the importance of taking a proactive approach to security?
While many companies today are stuck in a mode where they’re continually reacting to alerts, true security maturity means using actionable alerts to proactively become more effective and to reduce risk over time. In this post, we’ll discuss how you can take a more proactive approach to alerting in order to strengthen your overall cloud security posture.
Read more “How to Use Alerts to Become More Proactive About Security”
Security researchers have recently uncovered several high profile cases of cryptojacking involving companies like Tesla and the LA Times. In these incidents, cryptocurrency “miners” illegally gained access to an organization’s public cloud services and exploited their computing power to generate more digital coins.
In this blog post, we’ll give you a basic primer on what cryptomining is, how it’s typically done, and how to avoid unintentionally exposing your company to cryptojackers. Read more “Understanding Cryptojacking — Why It Matters to You and How to Defend Against It”
Threat Stack was honored in four categories as winners of the 14th Annual Info Security PG’s Global Excellence Awards® were announced in San Francisco at a gala attended by finalists, judges, and industry peers:
Read more “Threat Stack a Four-Time Winner in 2018 Info Security Products Guide’s Global Excellence Awards”
With the challenges presented by today’s cloud security landscape, organizations with limited time and resources are taking a variety of approaches in their attempts to incorporate security into their operations practices. Some approaches work better than others, but none provide the silver-bullet solution that some organizations seek. Below, we’ll explore three popular strategies that sound promising but prove to be problematic — and we’ll propose a better way going forward. Read more “Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)”
Over 50% of companies admit to cutting back on security measures to meet a business deadline or objective, according to our recent SecOps Report. In other words, security is falling by the wayside, even as companies invest heavily in DevOps. With DevOps able to move more swiftly than ever in the cloud, security is often mistakenly viewed as a business decelerator, serving as an impediment to DevOps’ efficiency.
But strong security is not only vital to a healthy business in its own right; it can also speed sales cycles, drive revenue, and clear the way for new business opportunities. The key is integrating security with development and operations workflows and embedding it within business practices from the outset.
To do this, it’s necessary to get all stakeholders on the same page around security goals. One way to do that is to build a shared framework. With the help of the new Threat Stack® Cloud SecOps Maturity Framework, benchmarking your security maturity is a straightforward process of evaluating your strengths and weaknesses, and this enables you to develop a clear and actionable plan to move forward. Read more “How to Benchmark Your SecOps Maturity and Make Continuous Improvement”
Security + Operations — Better Together!
Yesterday was a game-changer for Threat Stack and the cybersecurity community! That’s when we launched the Threat Stack Cloud SecOps Program℠, offering a radical transformation in the way Security and Operations teams can work together.
The Threat Stack Cloud SecOps Program has been purpose-built to give organizations the roadmap, technology, and people they need to integrate Security and Operations. Now companies of all sizes can securely leverage modern infrastructure and DevOps at scale!
To see for yourself, take a look at the following video where core members of the Threat Stack team give insights into the what, why, and how: Read more “Threat Stack Launches Cloud SecOps Program”
An Interview With Brian M. Ahern
Cybercrime stands out as the greatest threat posed to every business around the world today. That’s fact, not FUD. Cybercrime is forecast to cost organizations around the globe $6 trillion annually by 2021, doubling its toll from 2015. To put it plainly, this represents the greatest economic wealth transfer in history, and cements cybercrime as a more profitable enterprise than the entire global illegal drug trade.
If you want to build an organization that will survive this onslaught intact, then the question you must answer today is: “What is your team doing to proactively reduce and remediate your security risks?”
To help you answer that question, we are thrilled to announce our brand-new Threat Stack Cloud SecOps Program℠. This new program empowers organizations to revolutionize the way security and operations teams collaborate, proactively fortify infrastructure, and reduce attack surface. The program enables companies of all sizes to minimize their risk profiles without straining security or operations teams. And it accomplishes these goals by applying DevOps principles (like shared KPIs, automation, and continuous feedback) to security. Read more “The Threat Stack Cloud SecOps Program: Why We Built It & How It Can Help Your Organization Become More Secure”
One of the biggest challenges with alert-based IDS solutions is handling the sheer volume of alerts that can be generated on a daily basis. Teams need a way to navigate this data so they can quickly and effectively hone in on the critical details that indicate anomalous activity and tune alerts that are unique to their environment — thereby ensuring ongoing protection against threats and continuously enhancing their organization’s security posture.
At Threat Stack, we have always made sure that customers are seeing the most important security alerts so they can run efficient workflows. To strengthen that capability, we have just introduced Rapid Baselining — a new feature that groups alerts based on the associated rule. By leveraging the metadata within the alerts, we add deeper intelligence to the alert information. Read more “Threat Stack Introduces Rapid Baselining — Transforming Data Into Actionable Intelligence”
At Threat Stack, we use our own intrusion detection platform to protect Threat Stack. This gives us critical visibility into security events and alerts tied to our AWS infrastructure and instances, an all too popular target. But our infrastructure extends beyond AWS into additional vendor-managed solutions such as Cloudflare, SalesForce, corporate email, and others. So a key question is: How can we not only monitor those platforms, but also use the data from these logs to drive security priorities?
With that in mind, we set out to create a new custom internal app that can receive, store, and perform actions on information from all of these different sources. We opted to build this internal pipeline (some would call this security orchestration) instead of buying an off-the-shelf product because our security team indexes so highly on engineering and programming. We felt we could take an event-driven framework in a language we all knew and easily extend it to meet our needs, incorporating our internal detection and automated response frameworks, a choice we would not have made if our team or organization looked different. Read more “High Visibility Ahead: Building and Using Orchestration to Set Security Priorities”