How to Defend Against the runC Container Vulnerability

Earlier this week security researchers Adam Iwaniuk and Borys Poplawski published details on a vulnerability in runC, the underlying container runtime for Docker, Kubernetes, cri-o, containerd, and other container-dependent programs. The vulnerability, CVE-2019-5736 allows malicious containers to overwrite the host runC binary and gain root-level code execution on the host. This would give attackers the ability to run any command as a root-level user including the ability to create new containers using an attacker-controlled image or attach executables into an existing container that they have write access to.

A patch has been issued for CVE-2019-5736, and all users should update to the latest version of all their container management programs as soon as possible.
Read more “How to Defend Against the runC Container Vulnerability”

Transforming Alert Fatigue Into Proactive Security Management

In a recent study, 72% of CISOs stated that their teams are facing alert fatigue, while 82% of respondents to a Threat Stack survey indicated that alert fatigue is having a negative impact on their organization’s well-being and productivity.

Traditional approaches to managing security alerts have often driven teams into a reactive mode where they’re overwhelmed by huge volumes of noisy alerts or spend far too much time gathering information and digging around in log files. If this proliferation of data is transformed into relevant and actionable intelligence, however, teams can overcome alert fatigue, identify and respond to critical issues in real time, and reduce risk continuously over time.

In this post, we’ll take a look at some best practices on how you can move away from reactive, ad hoc tactics and adopt a structured, proactive approach by making alerts a key element of your overall information security strategy. Read more “Transforming Alert Fatigue Into Proactive Security Management”

Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions

Cloud security is one of the most rapidly changing technology landscapes out there. And naturally, the market for security tools is also constantly evolving as stakeholders continue to develop an understanding of how important a mature security posture is to the entire organization — from innovation to sales to ongoing brand and customer success.

Throughout the industry, different security solutions solve different problems for different types of businesses: There is no “one-size-fits-all-cloud-security-silver-bullet.” Being able to cut through the hype, promises, and buzz to figure out which solutions are actually suited to your specific use cases can be a challenge.

So in this post, we’re offering guidance on what some of the broader categories of cloud security solutions do and do not offer, and how they deliver security information and alerts to their end users. In turn, we’ll take a look at using Network IDS tools, using point solutions to build your own security stack, jumping into the emerging world of machine learning (ML), and deploying a comprehensive cloud security platform that not only provides a wide range of security functionality but also integrates security into your existing DevOps workflows and provides a foundation for constantly improving your security maturity. Read more “Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions”

21 Developers & Docker Experts Reveal the Biggest Mistakes People Make When Switching to Docker Containers

Containerized environments are increasingly popular, and Docker remains the most popular container solution for developers. But the process of moving from virtual machines to containers is complex. If you’re just getting started with Docker, check out our list of 50 useful Docker tutorials for IT professionals, which includes tutorials for beginners, intermediate users, and advanced Docker pros.

It’s common to make mistakes during the transition from VMs to Docker containers, and it’s important to remember that Docker won’t fix all your problems in the cloud. There are also security issues you need to weigh in order to keep your environment fully secure both during and after the transition. Threat Stack’s Docker integration offers full visibility into your container environment, alerting you to internal and external threats — along with the context needed to understand what happened during a security event so you can take appropriate action.

Aside from failing to implement robust security measures for your containerized environment, people make other common mistakes make when switching to Docker containers. To gain some insight into the most common, we reached out to a panel of Docker experts and asked them to answer this question:

“What’s the biggest mistake people make in switching to Docker containers?”

Read more “21 Developers & Docker Experts Reveal the Biggest Mistakes People Make When Switching to Docker Containers”

Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts

Increasingly, AWS users are leveraging multiple accounts to manage their infrastructure. While doing so is a recommended best practice that enables users to achieve the highest levels of resource and security isolation and to optimize operational costs, it can also increase the amount of time and effort required for effective administration and remediation.

As a remedy to this problem (and “account sprawl” in general), and as a means of providing more granular alerting and actionable data, Threat Stack has built two key functionalities into its Cloud Security Platform®:

  • The ability to view multiple AWS accounts from one central location: Our unified view reduces admin time and provides significant convenience because end users no longer need to gather information and alerts from multiple accounts. This means you can focus on business issues and not administration!
  • Rulesets that are focused on giving more granular alerting and context to your interactions with the AWS control plane: Our extensive out-of-the-box rulesets give customers increased control plane visibility and more granular tracking of AWS API actions within their accounts, and you still have the flexibility of creating new rules and modifying existing rules (as we have previously documented.)

Read on for more details. Read more “Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts”

50+ Best Cloud and Cloud Security Certifications

The growth of cloud technology has been phenomenal over the past few years, and it doesn’t show any signs of stopping. Companies of all sizes depend on cloud platforms, which is why the demand for IT professionals with cloud and cloud security certifications continues to increase.

This is excellent news for anyone working in IT or considering it as a career. This kind of demand helps with job security, something that’s pretty hard to come by these days. But don’t think that you can just walk in and grab a job in cloud computing without the right training; you need to have proven experience and expertise.

That’s where cloud certifications come in. When you receive a certification, it demonstrates to potential employers that you have the know-how they need. And it only gets better – in addition to making you a more attractive candidate and helping ensure job security, having cloud certifications can also lead to a bigger paycheck. Earning cloud certification is a definite step forward for any IT professional looking to advance their career. (And, of course, certifications are a great asset if you’re trying to strengthen your team or your company’s credibility.)

To help you take that next step forward, we’ve compiled a list of the top 50+ cloud and cloud security certifications. Read more “50+ Best Cloud and Cloud Security Certifications”

50 Great DevOps Tools You May Not Be Using

DevOps is about seamless collaboration between Development and Operations, and you need to have the right tools in your environment to help make this possible. As everyone knows, DevOps covers a lot of functional areas, so knowing what tools to adopt can be a challenge.

Today’s market offers a huge array of both open source and proprietary tools, and together they can answer nearly every need throughout the DevOps lifecycle from Planning to Deployment to Monitoring and ongoing Improvement. When these are coupled with a comprehensive security solution like Threat Stack’s Cloud Security Platform®, they can also help to enable security and compliance: It’s a matter of understanding what each tool offers, matching the right ones to your requirements, and investing the time needed to train your team to use them to their highest potential.

To help you make your way through the almost endless list of tools out there, we’ve used this post to compile a list of 50 great DevOps tools that you might want to consider when you’re looking for a solution that will help streamline, automate, or improve specific aspects of your workflow. Read more “50 Great DevOps Tools You May Not Be Using”

Kubernetes Security Tips & Best Practices

Recently, there has been a significant upswing in the adoption of containerized environments. In light of this, we’ve written a number of posts that focus on the advantages that containers afford and ways to ensure that you’re following security best practices when deploying and operating them. Most recently, we published Docker Security Tips & Best Practices, which identifies common container security issues together with best practices for reducing risk and increasing operational efficiency in containerized environments.

Along with the spike in container adoption, there has been a corresponding uptake in the use of container orchestration platforms, so in this post, we’re providing tips on how to address security issues when using Kubernetes, the most widely adopted container orchestration platform. Read more “Kubernetes Security Tips & Best Practices”

The Best Cloud Security Conferences to Attend in 2019

Securing any cloud infrastructure is a big job. You need to be constantly up to date on skills, tools, and technology, as well as the vulnerabilities and threats that crop up continuously. When it comes to security, becoming stagnant is not an option. A good cloud security professional only remains on top by keeping up with the latest cloud security trends, emerging threats, and best practices.

That’s where cloud security conferences come in, bringing together top experts, cloud security thought leaders, and industry professionals to share tips, tricks, and the latest tactics for bolstering cloud security in the modern landscape.

With the spring conference season kicking off, we’ve rounded up 40 cloud security conferences, grouped by quarter, so you can easily plan your schedule for 2019. For the most part, we’ve focused on North America — but keeping in mind that security is a global issue, of course — we’ve also included a few key events that are being held in other locations.

(For more first rate resources on cloud security, visit our list of the 50 best cloud security training resources, or subscribe to some of our favorite cloud security podcasts to stay on top of the latest cloud security news, emerging threats, and best practices.)

Before jumping into the 2019 conference offerings, take a look at one of the shows we’re most excited about — the new AWS re:Inforce Conference that’s coming up right in our backyard (Boston, MA) on June 25 and 26. Read more “The Best Cloud Security Conferences to Attend in 2019”