Enhancing the Power of Your SIEM With Threat Stack’s Intrusion Detection Platform

Trying to manage security with only one security tool (or, for example, having to use log files alone) can be a major headache. The right combination, however — like a SIEM coupled with an intrusion detection platform — can produce great results, including better data, smaller amounts of data, shorter processing times, and lower operating costs. Read more “Enhancing the Power of Your SIEM With Threat Stack’s Intrusion Detection Platform”

What Makes a Misconfiguration Critical? AWS Security Tips

In the cloud, where there are no perimeters and limitless endpoints, there are many ways attackers can get direct access to your environment if you make the wrong move. Given the speed that companies are moving to and scaling in the cloud, it’s easy to miss a step along the way and leave your business wide open for an attack.

In a recent survey, we found that 73 percent of companies have critical AWS cloud security configurations. Issues like wide open SSH and infrequent software updates are among the top risks identified, and of course, some of the biggest exposures in the recent past (Verizon, Dow Jones, and the RNC) were the result of AWS S3 configuration errors. But there are many others that are more obscure, yet just as dangerous if left unaddressed.

So, how do you know whether a misconfiguration is going to put you at risk? And how do you identify where your gaps are? In this post, we’ll walk through the four signs of a critical misconfiguration, how to spot one, and how you can fix it — fast. Read more “What Makes a Misconfiguration Critical? AWS Security Tips”

How to Generate Compliance Alert Reports Using the Threat Stack API

In previous posts we have described how Threat Stack can help demonstrate compliance, for example with PCI and FFIEC guidance, HIPAA, SOC 2, and other compliance frameworks. (See the Resources section below.) To assist our customers with these initiatives, we have created sample compliance rule sets that can be used to generate alerts that are mapped to specific requirements of these frameworks.

In this post we explain how to leverage the Threat Stack API to create reports of alerts from specific rule sets that can be given to auditors to help demonstrate compliance, used internally, or shared with customers.  Read more “How to Generate Compliance Alert Reports Using the Threat Stack API”

Configuration Auditing Adds Single View for Multiple AWS Accounts

Continuing our commitment to improving the user experience, we are announcing the most recent enhancement to AWS Configuration Auditingthe ability to view multiple AWS accounts from one central location. 

Note:

  • If you are a current customer, this feature will be updated automatically.
  • If you’re not yet a Threat Stack customer, the links at the bottom of this post will give you excellent insights into the capabilities of Threat Stack’s AWS Configuration Auditing.

Read more “Configuration Auditing Adds Single View for Multiple AWS Accounts”

Why You Don’t Need to Code to Run Secure on AWS

Amazon Web Services, the ubiquitous cloud infrastructure provider, has made it increasingly easy for businesses to move to the cloud and take advantage of the scalability, flexibility, and cost savings this approach offers. For some businesses that are contemplating the move to AWS, you may be wondering whether it’s necessary to have a team of developers who can help to ensure that you are capable of running securely on AWS.

The short answer is: You don’t need to start from scratch when it comes to security, and you don’t need  to have extensive coding resources in-house to run securely on AWS. With the right tools at your disposal, you can quickly measure compliance with  your unique security policy and adapt to changes in your environment as needed.

Here’s what you need to know to run securely on AWS, with or without a legion of development resources at your disposal.

Read more “Why You Don’t Need to Code to Run Secure on AWS”

Small Details, Big Impact: Improving Configuration Auditing

The Product Team at Threat Stack is always on the lookout for ways — big and small — that we can make the Threat Stack experience smoother and easier for our users. Recently we rolled out a small UI change that makes a big difference in helping you triage your AWS Configuration Auditing results.

Since we released AWS Configuration Auditing at the end of last year, we’ve had a great response to the feature from new and existing customers alike. But as the feedback rolled in, one theme caught our attention: At a glance, users were taking a while to discern where their focus was most needed — in other words, which violations to remediate first. We wanted to learn more. Read more “Small Details, Big Impact: Improving Configuration Auditing”

Working With Threat Stack Sample Compliance Rule Sets

The Threat Stack Cloud Security Platform® is an important tool for companies with cloud compliance initiatives, including HIPAA, PCI, SOC 2, and FFIEC. To help our customers with these initiatives, Threat Stack has released four new example rulesets with monitoring rules that map to each of these compliance frameworks. This post is an introduction to these rule sets, and explains how to:

  • Request the rule sets
  • Use the compliance rule sets
  • Customize compliance rules
  • Create new compliance rules

(If you’re not a customer, this post will give you an excellent insight into one of Threat Stack’s powerful characteristics — the ability to create, clone, and edit rules in order to reflect the specific nature of your environment.) Read more “Working With Threat Stack Sample Compliance Rule Sets”