On April 24, I had a great conversation with Sam Smith, the Chief Architect for Sigstr, a fast-growing SaaS platform for email signature marketing. Sigstr’s infrastructure is hosted and managed on AWS and secured by Threat Stack. Every day, Sigstr consumes and processes employee contact information from HRIS systems, customer information from marketing automation platforms, and email behavior data — which makes cloud security and data privacy key concerns for both Sigstr and its customers.
Sam’s team is a great model of how to make security a top business differentiator and sales driver. Since many of Sigstr’s customers are enterprise companies with significant risk concerns, the team has consistently been responsive to questions such as:
- How does Sigstr access, store, and protect data?
- How is the application’s infrastructure monitored and secured?
- Had Sigstr undergone SOC 2 compliance or ISO 27001 compliance audits?
- How could Sigstr help them meet GDPR requirements?
During the webinar, he shared information on how the startup managed to be so responsive to its customers’ security needs, while still maintaining a rapid pace of growth. Read more “How Sigstr Built Customer Trust with Threat Stack and AWS Security — Webinar Recap”
Approximately 50,000 attendees descended on San Francisco’s Moscone Center April 16–20 for RSA Conference 2018. With cyberthreats on the upswing, this year’s theme of “Now Matters” was especially apt, and a wide range of keynotes, sessions, and courses covering cybersecurity today didn’t disappoint. In this post, we’ll recap some of the highlights in a day-by-day rundown of the most interesting sessions, keynotes, and events. Whether you were able to attend or not, we want to share some of the great resources and information that came out of the conference. Read more “Highlights From RSA Conference 2018”
We all understand the importance of being proactive about our health. Rather than waiting for symptoms of disease to land us in the ER, we eat healthy, exercise, and see our doctors annually (or at least we know we should!). So why do so many organizations fail to understand the importance of taking a proactive approach to security?
While many companies today are stuck in a mode where they’re continually reacting to alerts, true security maturity means using actionable alerts to proactively become more effective and to reduce risk over time. In this post, we’ll discuss how you can take a more proactive approach to alerting in order to strengthen your overall cloud security posture.
Read more “How to Use Alerts to Become More Proactive About Security”
Security researchers have recently uncovered several high profile cases of cryptojacking involving companies like Tesla and the LA Times. In these incidents, cryptocurrency “miners” illegally gained access to an organization’s public cloud services and exploited their computing power to generate more digital coins.
In this blog post, we’ll give you a basic primer on what cryptomining is, how it’s typically done, and how to avoid unintentionally exposing your company to cryptojackers. Read more “Understanding Cryptojacking — Why It Matters to You and How to Defend Against It”
Threat Stack was honored in four categories as winners of the 14th Annual Info Security PG’s Global Excellence Awards® were announced in San Francisco at a gala attended by finalists, judges, and industry peers:
Read more “Threat Stack a Four-Time Winner in 2018 Info Security Products Guide’s Global Excellence Awards”
With the challenges presented by today’s cloud security landscape, organizations with limited time and resources are taking a variety of approaches in their attempts to incorporate security into their operations practices. Some approaches work better than others, but none provide the silver-bullet solution that some organizations seek. Below, we’ll explore three popular strategies that sound promising but prove to be problematic — and we’ll propose a better way going forward. Read more “Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)”
As you likely know, RSA Conference is one of the largest and most comprehensive security events held each year. Choosing which sessions to attend and how to prioritize your time can be a big job.
At Threat Stack, we have SecOps on our minds big-time, so in this post we put together a list of related sessions that we think are absolutely can’t-miss.
Before you start reading, however, make a note to join us at Booth #S2504 to meet with one of our experts for tips on how to Secure the Strange Things Happening in Your Cloud! Read more “8 SecOps-Related Sessions You Don’t Want to Miss at RSA Conference 2018”
Even organizations that understand the importance of cybersecurity in theory often stumble when it comes to marrying security initiatives with their development and operations processes.
We recently surveyed a group of development, operations, and security professionals, compiling our findings in this report: Bridging the Gap Between SecOps Intent and Reality. We found a huge gap between intent and reality when it comes to implementing and practicing SecOps — a term that — properly understood — refers to the integration and alignment of security with DevOps practices.
Most organizations agree that everyone should be responsible for security, but this principle is not being upheld on a day-to-day basis in many organizations. And that’s bad news for everyone.
Today, we’re examining why the vision for SecOps hasn’t become a reality at most organizations. We’re exploring specific obstacles and attitudes to spotlight what is standing in the way, even at organizations where a stronger security posture is an explicitly stated goal. Read more “The 5 Biggest Obstacles to SecOps Success”
SecOps is a multi-faceted function tasked with a variety of responsibilities, not the least of which is coming up with secure software and applications while maintaining the development and release cadence users demand. It’s no longer enough to just concern yourself with writing code and developing software. Today, adding security into the mix is considered a best practice — and it’s certainly one we live by at Threat Stack.
Fortunately, a number of tools can help SecOps professionals meet these demands and achieve business goals. From dashboards that let SecOps pros view all the essential metrics about their apps in one place, to hunting tools that help users detect patterns and pinpoint potential vulnerabilities, to tools that issue alerts when anomalies arise, to attack modeling tools that create a standardized taxonomy of security threats, and more, there are many types of tools that today’s SecOps pros should have in their arsenal.
In this post, we’ve rounded up 50 of the most useful tools for SecOps teams in the following categories: Read more “Best SecOps Tools: 50 Must-Have Tools For Your SecOps Arsenal”
Over 50% of companies admit to cutting back on security measures to meet a business deadline or objective, according to our recent SecOps Report. In other words, security is falling by the wayside, even as companies invest heavily in DevOps. With DevOps able to move more swiftly than ever in the cloud, security is often mistakenly viewed as a business decelerator, serving as an impediment to DevOps’ efficiency.
But strong security is not only vital to a healthy business in its own right; it can also speed sales cycles, drive revenue, and clear the way for new business opportunities. The key is integrating security with development and operations workflows and embedding it within business practices from the outset.
To do this, it’s necessary to get all stakeholders on the same page around security goals. One way to do that is to build a shared framework. With the help of the new Threat Stack® Cloud SecOps Maturity Framework, benchmarking your security maturity is a straightforward process of evaluating your strengths and weaknesses, and this enables you to develop a clear and actionable plan to move forward. Read more “How to Benchmark Your SecOps Maturity and Make Continuous Improvement”