Threat Stack Blog

Findings From the Threat Stack Q3, 2019 SOC Report

Blaine Connaughton

Going ahead, the Threat Stack Security Operations Center (SOC) will be publishing a quarterly report summarizing lessons we’ve learned, trends we’ve identified, and recommendations you can follow to strengthen your cloud security observability and overall security maturity. (more…)

Cloud Security Professional Development & Educational Resource Roundup

Bob Allin

The flexibility and speed of cloud computing make is enormously appealing to organizations that are looking to leverage a strong competitive edge. As we’re all aware, however, security threats also exist in the cloud, and enterprise cloud security breaches are increasingly common. In the cloud, visibility throughout your entire infrastructure is a must for proactive risk identification and real-time threat detection across cloud workloads from build-time to runtime. To address the security challenges associated with cloud computing, many organizations are turning to trusted cloud security platforms like Threat Stack for full stack security observability.  (more…)

The Top 3 Security Mistakes SaaS Companies are Making

Stephen Fitzgerald

The more data you store, the more attractive you become to cybercriminals, so SaaS companies need to recognize the importance of following security best practices. However, even those who understand this imperative can find it difficult to know where to start.

With that in mind, this post discusses three of the most common security mistakes that SaaS organizations make and tips on how your organization can address them. (more…)

Industry Experts Provide Tips For Successful Cyber Diligence in M&A

Tim Buntel

Mergers and acquisitions can be successful growth strategies for many companies. They bring together customers, IP, and assets — but they also bring together liabilities and risk as well. Among these are cybersecurity risks. “Cyber diligence” — cybersecurity evaluations performed as part of the M&A decision-making processes — has grown in importance in recent years. What are a company’s vulnerabilities? What cybersecurity issues or incidents have they had in the past, and how have they dealt with them? What defenses do they have in place to protect themselves? Are all important questions to ask in an M&A deal. But even if you’re not involved with a merger or acquisition, the same analysis can yield important and surprising results.  (more…)

16 Kubernetes Experts Share the Most Interesting Current Trends to Look for in Kubernetes

Sabin Thomas

Kubernetes is a popular DevOps tool thanks to its container-centric environment and portability across infrastructure providers. In 2018, Kubernetes had a big year, being the first project to graduate from the Cloud Native Computing Foundation (CNCF) and landing at #9 for commits and #2 for authors/issues on GitHub, coming in second only to Linux. “Three of the largest cloud providers offer their own managed Kubernetes services,” explains CNCF. “Furthermore, according to Redmonk, 71 percent of the Fortune 100 use containers and more than 50 percent of Fortune 100 companies use Kubernetes as their container orchestration platform.” CNCF also points out that Kubernetes is used in production at a massive scale by global companies like The New York Times, eBay, Uber, Goldman Sachs, Buffer, and others. (more…)

10 Automated Testing Tools That Threat Stack Uses — and Why

Laura Haiduck

All software development projects, whether they’re large or small, can benefit from well-planned and well-executed testing. It’s your way to ensure that the software you’re developing performs as expected and delivers value to the customer. More important — given the nature of our current cyber landscape — well-executed testing is your way to ensure that your software doesn’t ship with errors or vulnerabilities that could compromise its integrity. In a word, good testing lets you pass on performance value to customers — while also providing them with underlying security. (more…)