Threat Stack Blog

Tips on How to Stay Secure at Conferences

Pat Cable

At Threat Stack, we attend a lot of conferences: They can be a powerful way to connect with like-minded professionals and educate yourself on what’s new and trending in your industry. Since we attend so many conferences ourselves — in fact, the Threat Stack Team just got back from another great AWS re:Invent out in Las Vegas — we wanted to share some advice on how you can keep secure while you’re attending conferences.  (more…)

How to Transform Alert Fatigue Into Proactive Security Management — 5 Must-Read Blog Posts

Ivan Evsyukov

The global cybersecurity talent shortage is real, and with 72 percent of CISOs claiming that their teams are facing alert fatigue, there’s not a lot of room for error when it comes to getting accurate, context-rich alerts in front of under-resourced teams.

Traditional approaches to managing security alerts have often driven teams into a reactive mode where they’re overwhelmed by huge volumes of alerts or spend too much critical time gathering information and digging through log files. If this proliferation of data can be transformed into actionable intelligence, however, teams can become significantly more proactive and reduce risk over time. 

Today, we’ll look at five must-read Threat Stack blog posts that provide excellent advice on how you can move away from reactive, ad hoc tactics toward a more structured and proactive approach by making alerts a key element of your overall information security strategy. (more…)

Lessons Learned From Lola: Demonstrating PCI Compliance in a Cloud-Native, Containerized Environment

Tim Buntel

Lola.com initially became PCI compliant about a year ago, and this fall completed a successful PCI audit. Recently Katie Paugh, Lola’s Senior DevOps Engineer, took part in a webinar with Threat Stack to discuss their experiences and share key lessons they’ve learned in how to adapt and implement PCI. (more…)

8 Best Practices for Strengthening Security in Cloud-Native Environments

Stephen Fitzgerald

Cloud-native companies and larger companies migrating to cloud environments continue to see the cloud as a way to gain speed, reliability, and other well-known benefits. But there are still plenty of pitfalls that can undermine security and negatively impact operations. To help remedy this situation, this post outlines some of the mistakes that operators make most frequently, along with best practices and recommendations they can follow to proactively reduce risk, achieve their security goals, and continue along the path to stronger cloud security maturity.  (more…)

Cut Time & Costs: 7 Best Practices to Follow When Choosing a Cloud Security Solution

Mark Moore

In a SaaS world, everyone wants to move fast! Rapid development can slash time to market and put you in a strong competitive position, and of course this is the way to operate as long as you’re not sacrificing quality. But remember: There’s bad fast as well as good fast. Too often we jump into projects, or we’re pressured to jump in before we’re ready — before we have all the necessary information and a clear understanding of what that information means. (more…)

HIPAA Compliance Tips & Best Practices — Training Considerations

Bob Allin

What kind of training does your organization need to support HIPAA compliance? A good way to start answering this question is to reference the Department of Health & Human Services (HHS)’s own words:

“The HIPAA Rules are flexible and scalable to accommodate the enormous range in types and sizes of entities that must comply with them. This means that there is no single standardized program that could appropriately train employees of all entities.” [Emphasis added. Ed.]

The standards for training are flexible. But training itself is mandatory: Training is an Administrative requirement of the HIPAA Privacy Rule (45 CFR § 164.530) as well as an Administrative Safeguard of the HIPAA Security Rule (45 CFR § 164.308). (more…)