HIPAA Compliance Checklist

Any organization that has access to electronic Protected Health Information (ePHI) must comply with HIPAA. If your organization needs to be compliant, this isn’t something you can delay or phase in gradually because failure to meet HIPAA compliance can carry steep penalties. (On the positive side, becoming HIPAA compliant can be a tremendous business driver if you’re interested in starting a company, entering a new market, attracting new customers, or reducing the time it takes to obtain approvals.) Read more “HIPAA Compliance Checklist”

How to Address PCI DSS Requirement 6.6 — A Two-For-One Solution From Threat Stack

The current version of the PCI DSS is 3.2.1, published in May 2018. Requirement 6 states that you must “Develop and maintain secure systems and applications.”  Sure, no problem. That’s totally clear and straightforward — at least for anyone who’s never tried to develop and maintain secure systems and applications! For the rest of us, that’s a tall order.  Read more “How to Address PCI DSS Requirement 6.6 — A Two-For-One Solution From Threat Stack”

Join Threat Stack & 19,000 InfoSec Professionals at Black Hat USA 2019

Booth #2009 | August 7 – 8 | Las Vegas, NV

Hope we see you at Black Hat next week for one of the world’s leading info security events. The show has something for everyone — research, training, latest trends, networking opportunities, a broad range of security products & solutions presented by Black Hat sponsors — and as always — fantastic social events.  

Threat Stack is a proud Silver Plus sponsor this year, and we’re bringing out our A-Team of security and compliance experts.  Read more “Join Threat Stack & 19,000 InfoSec Professionals at Black Hat USA 2019”

Threat Stack Continues 2018’s Momentum Into 2019

As we enter the first days of 2019, it’s a great time to look back at the tremendous momentum we built up at Threat Stack over the last year. We entered 2018 fresh off a new round of funding with a mission to provide customers with the full stack cloud security observability needed to enable DevSecOps and reduce mean-time-to-know (MTTK) for security incidents across diverse cloud infrastructure. We ended the year with a more comprehensive cloud security platform along with strong growth across the business — and plans in place to carry this momentum forward into 2019. None of this has been due to a lucky accident: It’s the direct result of amazing work and dedication from the entire Threat Stack team as we continued our relentless pursuit to deliver the industry’s best cloud security products and services. Read more “Threat Stack Continues 2018’s Momentum Into 2019”

Creating Custom CloudTrail Rules in Threat Stack

The Threat Stack CloudTrail Base Ruleset has several out-of-the-box rules that alert users on activity within some of  AWS’s most popular services (also the ones most prone to attack), including S3, IAM, Glacier, and Lambda. Given that AWS has over 100 services, we want to arm you with the ability to create custom CloudTrail rules in the Threat Stack Cloud Security Platform® based on the specific AWS services you leverage.

In this post, we cover three examples of one of Threat Stack’s most powerful capabilities — the ability to create, clone, and edit CloudTrail-specific rules. We briefly discuss the scenario that explains why we’re crafting the rule and why it’s important to our organization; we also look at the methodology for creating the rule; and finally we test the rule to make sure it works.

In the three examples that follow, we explain how to create custom rules for Route53, DynamoDB, and EBS Volumes. Read more “Creating Custom CloudTrail Rules in Threat Stack”

Threat Stack Quick Guide to Black Hat USA 2018

Booth #2316 | August 8 – 9 | Las Vegas, NV

Are you attending Black Hat this August? Threat Stack is, and we’d love to see you there!

With so many fascinating events going, we thought it would be helpful to create a Quick Guide to help you get the most out of your visit to Black Hat USA 2018.

If you can’t meet us there (we’ll miss you!), you can keep up with the latest happenings inside and beyond the exhibition floor through our blog and social media (follow @threatstack on Twitter). Read more “Threat Stack Quick Guide to Black Hat USA 2018”

How to Use Threat Stack to Enable Proactive Security

We recently discussed some pretty sobering statistics in the world of cybersecurity, ranging from astronomical misconfiguration rates to the depressing lack of speed with which breaches are detected. Not only are attacks more sophisticated than ever before, but infrastructure is too, with sensitive data spread across various servers, service providers, containers, and even SaaS platforms. No matter how worrisome these statistics, however, each and every one can be mitigated, for the most part, when an organization takes a proactive approach to security.

So what does a proactive security approach look like, exactly? It involves SecOps best practices, where Security is integrated with Development and Operations from the outset and where communication between teams takes priority. It also means putting in place repeatable processes and replacing costly, time-consuming, ad hoc procedures with automation wherever possible.

Transforming your culture to support a proactive security culture can be a daunting prospect to be sure. While 85% of respondents to our recent survey said that employing SecOps best practices is an important goal for their organizations, only 35% reported that SecOps is currently an established practice. Held back by overworked and under-resourced security professionals thanks to an industry-wide skills gap, many organizations simply don’t know where to begin when it comes to establishing a more proactive security posture.

Here’s the good news. The Threat Stack Cloud Security Platform® enables your Security and Operations teams to build security into their workflows from the start to make your organization’s approach to security more proactive. Here’s how. Read more “How to Use Threat Stack to Enable Proactive Security”

Planning to Join the Other 50,000 Security Aficionados at Black Hat USA?

Secure the Strange Things Happening in Your Cloud

Booth #2316 | August 8 – 9 | Las Vegas, NV

Black Hat USA is coming up fast!

So plan your activities now, starting with a visit to Booth #2316 where Threat Stack’s experts will be waiting to say Hi, hand out some great swag, and share ideas on how your Security and Operations teams can address their unique security and compliance issues when building in the cloud. Read more “Planning to Join the Other 50,000 Security Aficionados at Black Hat USA?”

Access Management Lessons From Timehop’s Cloud Security Breach

Over the past couple of weeks, both Macy’s and Timehop experienced breaches as a result of authentication weaknesses. On July 4, social media startup Timehop experienced a data breach that affected 21 million customers and included information such as names, emails, and phone numbers. According to a preliminary investigation conducted by the Timehop team, the attacker gained unauthorized access to the company’s cloud service provider using stolen administrative credentials back in December 2017. For months, the hacker conducted reconnaissance on the system before launching an attack against the company’s production database on the July 4 holiday.

Unfortunately, credential theft attacks like these happen all too often: According to the 2018 Verizon Data Breach Investigation Report, credential theft was the top cause of data breaches. Attackers can gain privileged access to a system using administrative credentials, remaining undetected (sometimes for months as in the Timehop incident) as they move laterally across a system, conducting reconnaissance, and waiting for the right opportunity to exfiltrate data.

Timehop’s breach is an example of the security risk that employees, both current and former, can pose to any organization that practices poor cloud security hygiene. Given the sheer scope of security incidents involving some form of credential theft, it’s important for IT staff and engineers to understand not only where data is stored but also who is accessing and exporting it.

Businesses issue thousands of credentials to employees and contractors, making it more important than ever for them to improve access management. Not doing so could cause an organization’s most sensitive data to be stolen.

Here are a few tips on where to start. Read more “Access Management Lessons From Timehop’s Cloud Security Breach”

Three Homegrown SecOps Tools Used by the Threat Stack Team

As a security company, there’s a lot of pressure to keep our data secure while still moving fast and innovating on product development. I find the intersection of security and speed the most interesting challenge as an infrastructure security professional. The unique thing about Threat Stack is that our Security and Engineering teams have learned how to work together to automate security into our day-to-day processes — making them simultaneously more secure, efficient, and effective.

I’m a firm believer that an effective SecOps organization involves people, processes, and tools, in that order. The tools we’ve built in-house are meant to make people’s lives easier, and ease some of the processes that make security a natural part of the workflow if you’re trying to get a job done quickly.

We’ve open-sourced a lot of the tooling we’ve developed to make our operations more secure, and hope you’ll find this information useful when you’re thinking about automating security in your own organization.

In this post, I’ll describe three of the tools we’ve developed (and then open-sourced) at Threat Stack in order to integrate automated security processes into our workflow. (I’ve also included a description of a fourth tool that we developed — an automated SOC 2 compliance checking bot. We use it internally, but to date, it’s not available outside Threat Stack.) Read more “Three Homegrown SecOps Tools Used by the Threat Stack Team”