Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions

Cloud security is one of the most rapidly changing technology landscapes out there. And naturally, the market for security tools is also constantly evolving as stakeholders continue to develop an understanding of how important a mature security posture is to the entire organization — from innovation to sales to ongoing brand and customer success.

Throughout the industry, different security solutions solve different problems for different types of businesses: There is no “one-size-fits-all-cloud-security-silver-bullet.” Being able to cut through the hype, promises, and buzz to figure out which solutions are actually suited to your specific use cases can be a challenge.

So in this post, we’re offering guidance on what some of the broader categories of cloud security solutions do and do not offer, and how they deliver security information and alerts to their end users. In turn, we’ll take a look at using Network IDS tools, using point solutions to build your own security stack, jumping into the emerging world of machine learning (ML), and deploying a comprehensive cloud security platform that not only provides a wide range of security functionality but also integrates security into your existing DevOps workflows and provides a foundation for constantly improving your security maturity. Read more “Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions”

21 Developers & Docker Experts Reveal the Biggest Mistakes People Make When Switching to Docker Containers

Containerized environments are increasingly popular, and Docker remains the most popular container solution for developers. But the process of moving from virtual machines to containers is complex. If you’re just getting started with Docker, check out our list of 50 useful Docker tutorials for IT professionals, which includes tutorials for beginners, intermediate users, and advanced Docker pros.

It’s common to make mistakes during the transition from VMs to Docker containers, and it’s important to remember that Docker won’t fix all your problems in the cloud. There are also security issues you need to weigh in order to keep your environment fully secure both during and after the transition. Threat Stack’s Docker integration offers full visibility into your container environment, alerting you to internal and external threats — along with the context needed to understand what happened during a security event so you can take appropriate action.

Aside from failing to implement robust security measures for your containerized environment, people make other common mistakes make when switching to Docker containers. To gain some insight into the most common, we reached out to a panel of Docker experts and asked them to answer this question:

“What’s the biggest mistake people make in switching to Docker containers?”

Read more “21 Developers & Docker Experts Reveal the Biggest Mistakes People Make When Switching to Docker Containers”

Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts

Increasingly, AWS users are leveraging multiple accounts to manage their infrastructure. While doing so is a recommended best practice that enables users to achieve the highest levels of resource and security isolation and to optimize operational costs, it can also increase the amount of time and effort required for effective administration and remediation.

As a remedy to this problem (and “account sprawl” in general), and as a means of providing more granular alerting and actionable data, Threat Stack has built two key functionalities into its Cloud Security Platform®:

  • The ability to view multiple AWS accounts from one central location: Our unified view reduces admin time and provides significant convenience because end users no longer need to gather information and alerts from multiple accounts. This means you can focus on business issues and not administration!
  • Rulesets that are focused on giving more granular alerting and context to your interactions with the AWS control plane: Our extensive out-of-the-box rulesets give customers increased control plane visibility and more granular tracking of AWS API actions within their accounts, and you still have the flexibility of creating new rules and modifying existing rules (as we have previously documented.)

Read on for more details. Read more “Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts”

50+ Best Cloud and Cloud Security Certifications

The growth of cloud technology has been phenomenal over the past few years, and it doesn’t show any signs of stopping. Companies of all sizes depend on cloud platforms, which is why the demand for IT professionals with cloud and cloud security certifications continues to increase.

This is excellent news for anyone working in IT or considering it as a career. This kind of demand helps with job security, something that’s pretty hard to come by these days. But don’t think that you can just walk in and grab a job in cloud computing without the right training; you need to have proven experience and expertise.

That’s where cloud certifications come in. When you receive a certification, it demonstrates to potential employers that you have the know-how they need. And it only gets better – in addition to making you a more attractive candidate and helping ensure job security, having cloud certifications can also lead to a bigger paycheck. Earning cloud certification is a definite step forward for any IT professional looking to advance their career. (And, of course, certifications are a great asset if you’re trying to strengthen your team or your company’s credibility.)

To help you take that next step forward, we’ve compiled a list of the top 50+ cloud and cloud security certifications. Read more “50+ Best Cloud and Cloud Security Certifications”

50 Great DevOps Tools You May Not Be Using

DevOps is about seamless collaboration between Development and Operations, and you need to have the right tools in your environment to help make this possible. As everyone knows, DevOps covers a lot of functional areas, so knowing what tools to adopt can be a challenge.

Today’s market offers a huge array of both open source and proprietary tools, and together they can answer nearly every need throughout the DevOps lifecycle from Planning to Deployment to Monitoring and ongoing Improvement. When these are coupled with a comprehensive security solution like Threat Stack’s Cloud Security Platform®, they can also help to enable security and compliance: It’s a matter of understanding what each tool offers, matching the right ones to your requirements, and investing the time needed to train your team to use them to their highest potential.

To help you make your way through the almost endless list of tools out there, we’ve used this post to compile a list of 50 great DevOps tools that you might want to consider when you’re looking for a solution that will help streamline, automate, or improve specific aspects of your workflow. Read more “50 Great DevOps Tools You May Not Be Using”

Kubernetes Security Tips & Best Practices

Recently, there has been a significant upswing in the adoption of containerized environments. In light of this, we’ve written a number of posts that focus on the advantages that containers afford and ways to ensure that you’re following security best practices when deploying and operating them. Most recently, we published Docker Security Tips & Best Practices, which identifies common container security issues together with best practices for reducing risk and increasing operational efficiency in containerized environments.

Along with the spike in container adoption, there has been a corresponding uptake in the use of container orchestration platforms, so in this post, we’re providing tips on how to address security issues when using Kubernetes, the most widely adopted container orchestration platform. Read more “Kubernetes Security Tips & Best Practices”

The Best Cloud Security Conferences to Attend in 2019

Securing any cloud infrastructure is a big job. You need to be constantly up to date on skills, tools, and technology, as well as the vulnerabilities and threats that crop up continuously. When it comes to security, becoming stagnant is not an option. A good cloud security professional only remains on top by keeping up with the latest cloud security trends, emerging threats, and best practices.

That’s where cloud security conferences come in, bringing together top experts, cloud security thought leaders, and industry professionals to share tips, tricks, and the latest tactics for bolstering cloud security in the modern landscape.

With the spring conference season kicking off, we’ve rounded up 40 cloud security conferences, grouped by quarter, so you can easily plan your schedule for 2019. For the most part, we’ve focused on North America — but keeping in mind that security is a global issue, of course — we’ve also included a few key events that are being held in other locations.

(For more first rate resources on cloud security, visit our list of the 50 best cloud security training resources, or subscribe to some of our favorite cloud security podcasts to stay on top of the latest cloud security news, emerging threats, and best practices.)

Before jumping into the 2019 conference offerings, take a look at one of the shows we’re most excited about — the new AWS re:Inforce Conference that’s coming up right in our backyard (Boston, MA) on June 25 and 26. Read more “The Best Cloud Security Conferences to Attend in 2019”

Docker Security Tips & Best Practices

Docker is a software platform that makes it easier to create, deploy, and run applications. Recently there has been a major surge in the adoption of this technology — and while it offers significant benefits, it also presents security challenges. Some of the advantages center on the fact that your applications are loaded into a private namespace and the required dependencies are codified, and when using Docker, developers can package all the parts needed to run an application stack and ship it out as one unit. But if container ecosystems aren’t properly designed, deployed, and managed, they can create problems that offset or undermine the benefits.

To put you on the path to effective and secure usage, this post identifies common security issues and outlines best practices for reducing risk and increasing operational efficiency in containerized environments. (If you want additional resources to brush up on your Docker skills, take a look at our list of 50 useful Docker Tutorials for IT professionals.) Read more “Docker Security Tips & Best Practices”

Threat Stack Continues 2018’s Momentum Into 2019

As we enter the first days of 2019, it’s a great time to look back at the tremendous momentum we built up at Threat Stack over the last year. We entered 2018 fresh off a new round of funding with a mission to provide customers with the full stack cloud security observability needed to enable DevSecOps and reduce mean-time-to-know (MTTK) for security incidents across diverse cloud infrastructure. We ended the year with a more comprehensive cloud security platform along with strong growth across the business — and plans in place to carry this momentum forward into 2019. None of this has been due to a lucky accident: It’s the direct result of amazing work and dedication from the entire Threat Stack team as we continued our relentless pursuit to deliver the industry’s best cloud security products and services. Read more “Threat Stack Continues 2018’s Momentum Into 2019”