How to Generate Compliance Alert Reports Using the Threat Stack API

In previous posts we have described how Threat Stack can help demonstrate compliance, for example with PCI and FFIEC guidance, HIPAA, SOC 2, and other compliance frameworks. (See the Resources section below.) To assist our customers with these initiatives, we have created sample compliance rule sets that can be used to generate alerts that are mapped to specific requirements of these frameworks.

In this post we explain how to leverage the Threat Stack API to create reports of alerts from specific rule sets that can be given to auditors to help demonstrate compliance, used internally, or shared with customers.  Read more “How to Generate Compliance Alert Reports Using the Threat Stack API”

Configuration Auditing Adds Single View for Multiple AWS Accounts

Continuing our commitment to improving the user experience, we are announcing the most recent enhancement to AWS Configuration Auditingthe ability to view multiple AWS accounts from one central location. 

Note:

  • If you are a current customer, this feature will be updated automatically.

  • If you’re not yet a Threat Stack customer, the links at the bottom of this post will give you excellent insights into the capabilities of Threat Stack’s AWS Configuration Auditing.

Read more “Configuration Auditing Adds Single View for Multiple AWS Accounts”

Why You Don’t Need to Code to Run Secure on AWS

Amazon Web Services, the ubiquitous cloud infrastructure provider, has made it increasingly easy for businesses to move to the cloud and take advantage of the scalability, flexibility, and cost savings this approach offers. For some businesses that are contemplating the move to AWS, you may be wondering whether it’s necessary to have a team of developers who can help to ensure that you are capable of running securely on AWS.

The short answer is: You don’t need to start from scratch when it comes to security, and you don’t need  to have extensive coding resources in-house to run securely on AWS. With the right tools at your disposal, you can quickly measure compliance with  your unique security policy and adapt to changes in your environment as needed.

Here’s what you need to know to run securely on AWS, with or without a legion of development resources at your disposal.

Read more “Why You Don’t Need to Code to Run Secure on AWS”

Small Details, Big Impact: Improving Configuration Auditing

The Product Team at Threat Stack is always on the lookout for ways — big and small — that we can make the Threat Stack experience smoother and easier for our users. Recently we rolled out a small UI change that makes a big difference in helping you triage your AWS Configuration Auditing results.

Since we released AWS Configuration Auditing at the end of last year, we’ve had a great response to the feature from new and existing customers alike. But as the feedback rolled in, one theme caught our attention: At a glance, users were taking a while to discern where their focus was most needed — in other words, which violations to remediate first. We wanted to learn more. Read more “Small Details, Big Impact: Improving Configuration Auditing”

Working With Threat Stack Sample Compliance Rule Sets

The Threat Stack Cloud Security Platform® is an important tool for companies with cloud compliance initiatives, including HIPAA, PCI, SOC 2, and FFIEC. To help our customers with these initiatives, Threat Stack has released four new example rulesets with monitoring rules that map to each of these compliance frameworks. This post is an introduction to these rule sets, and explains how to:

  • Request the rule sets
  • Use the compliance rule sets
  • Customize compliance rules
  • Create new compliance rules

(If you’re not a customer, this post will give you an excellent insight into one of Threat Stack’s powerful characteristics — the ability to create, clone, and edit rules in order to reflect the specific nature of your environment.) Read more “Working With Threat Stack Sample Compliance Rule Sets”

Write Your Own AWS Configuration Auditing Rules With Threat Stack’s Guided Rules Editor

Today Threat Stack is excited to announce a powerful and easy-to-use new feature of the  AWS Configuration Auditing capabilities — the Guided Rules Editor for AWS Configuration Auditing. With the Guided Rules Editor, available in the Threat Stack Audit Plan,  users can quickly tailor AWS Configuration Auditing rulesets to their organization’s specific security policies and adapt to changes in their environment.
Read more “Write Your Own AWS Configuration Auditing Rules With Threat Stack’s Guided Rules Editor”

Demonstrating PCI Compliance Using Threat Stack

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data. Threat Stack customers frequently ask us how Threat Stack can help them comply with these two sets of requirements:

  • Requirement 10: Track and monitor all access to network resources and cardholder data (in other words, determine the who, what, where, and when)

  • Requirement 11: Regularly test security systems and processes (in order to continuously monitor and test security controls)

The good news is that the following Threat Stack features can provide significant benefits to customers who need to satisfy PCI Compliance Requirements 10 and 11:

  • Configuration Auditing
  • Vulnerability Scanning
  • Rules monitoring file integrity, logins, network access, and threat intelligence activity

In the remainder of this post, we’ll demonstrate how these can help you meet your PCI compliance and security goals. Read more “Demonstrating PCI Compliance Using Threat Stack”

New Threat Stack Feature: S3 File Integrity Monitoring

Threat Stack customers receive a great deal of value from our Linux File Integrity Monitoring (FIM), and we have now extended that capability to S3.

Many of our AWS customers are storing their critical files on S3, and for various security and compliance reasons, those files need to be monitored to see if any are being accessed, altered, or deleted.

To help ensure the integrity of the files in S3 buckets, Threat Stack now supports alerting on access and changes to files in specific buckets. AWS now has capabilities for putting object level access into CloudTrail events, and we have added rules to our base rule set to support that feature. Read more “New Threat Stack Feature: S3 File Integrity Monitoring”