Operation Code and Sam Bisbee Talk About Getting Started in Security

Cloud Security Professional Development
7 Min Read

In February 2019, Threat Stack hosted a meetup with the Boston chapter of Operation Code. Operation Code is a 501(c)(3) non-profit intensely focused on helping veterans, active duty military, and their spouses successfully transition into technology careers and providing continued support as they become established in their new careers. Operation Code is largely veteran-run, but it places a heavy emphasis on bringing non-veterans from the technology industry into its community for the invaluable mentorship and experience they bring to the table.

For the Boston chapter, working with companies like Threat Stack to host events is a crucial element of that mission at the local level. Numerous leaders from Threat Stack across technical disciplines and departments, including Threat Stack CSO Sam Bisbee, spoke at the February event, joined by a common interest to establish lasting mentor relationships with the veteran attendees.

Following the event, Operation Code’s Boston chapter leader, Jack Robertson, reached out to Sam with a number of questions based on feedback from the attendees. While the following Q&A was designed specifically for veterans, it’s worth a read for anyone thinking about a career in technology. Read more “Operation Code and Sam Bisbee Talk About Getting Started in Security”

If You’re Not First, You’re Last: Risks of Delaying CCPA Compliance

All Things Compliance
7 Min Read

Introduction

— by Lindsey Ullian, Threat Stack Compliance Manager

After GDPR went into effect in May 2018, many companies reassessed their privacy program — implementing more transparency and giving more control of personal information to the consumer. Now, with the CCPA (California Consumer Privacy Act) coming into effect in January 2020, even more companies are buttoning up their data privacy programs. The CCPA is not a guideline — it’s an act, and all companies that fall within its scope must comply. If companies don’t abide by this regulation, they could be looking at fines of up to $7,500 for each intentional violation.

Since both acts are related to data privacy and aim to provide more control and transparency to the consumer, most companies’ first question is, “If I’m GDPR compliant, am I covered for the CCPA?” The following article by Kevin Kish, Privacy Technical Lead at Schellman & Company, will give you a clear picture as to what you may have covered and what you’re lacking within your privacy program — outlining the similarities and differences between the two regulations. And what about companies that haven’t implemented proper GDPR data procedures? Short answer — they’ve got a bigger road ahead. Fortunately, this article details clear steps you can take to comply with the CCPA.

It’s clear by the enactment of the CCPA, shortly after the GDPR, that data privacy regulations are not going to go away anytime soon, so as a top level best practice, companies should aim to be proactive and build a privacy program that aligns with these regulations and allows them to maintain strict CCPA compliance monitoring.

Read more “If You’re Not First, You’re Last: Risks of Delaying CCPA Compliance”

7 Cloud Service Evaluation Criteria to Help You Choose the Right Cloud Service Provider

AWS Security, Security Research & Strategy
5 Min Read

The lack of a common framework for assessing Cloud Service Providers (CSPs) combined with the fact that no two CSPs are the same can complicate the process of selecting one that’s right for your organization. Selecting CSPs becomes even more complex when you consider the fact that more and more companies are adopting a multi-cloud approach for a variety of reasons, including cost savings, reduced risk of vendor lock-in, and data portability. (Gartner estimates that 75% of organizations will be using a multi-cloud strategy by 2022.) Add in the adoption of abstraction technologies such as containers, and workloads become for more portable between CSPs. To help you work through this, we’re using this post to discuss seven basic criteria you can use to identify providers that best match your business, technical, and operational needs.

How do you choose a public cloud provider — or if you’re planning to go multi-cloud — cloud providers? Let’s start with the major players. Read more “7 Cloud Service Evaluation Criteria to Help You Choose the Right Cloud Service Provider”

Container Security Tips and Best Practices

Containers, Orchestration & Security
3 Min Read

Containers provide very important functionality: They package various software applications in “containers” to ensure that they are able to run correctly when moved from one computing environment to another.

The container model has all its dependencies packaged into virtual containers. A container not only contains an application but all supporting packages that are needed to run the application effectively. Thus, they provide flexibility, ease of use, and the ability to share resources. However, security is a primary concern when any new technology is pushed into production. Therefore, it is vital to focus on container security because poor security can put various applications and processes at risk for the entire enterprise. Threat Stack’s container security solutions monitor your containerized environments for risky and anomalous behavior and provide the visibility you need, no matter where your container strategy stands. You can deploy the Threat Stack agent on your host or even as a containerized agent to gain visibility into your containers. If you see risky behavior in a container, you’ll be able to follow the path of your attacker across your infrastructure.

Whether you’re using Docker or Docker with Kubernetes, security considerations must be paramount. Below, we discuss security tips and best practices that need to be incorporated for secure and safe utilization of containers. Read more “Container Security Tips and Best Practices”

How to Achieve Full Stack, Multi-Cloud Security Observability

Security Research & Strategy
6 Min Read

You probably know AWS as the leading cloud platform provider. These days, however, many companies are using additional cloud providers as well. According to Gartner’s October 2018 report “Market Insight: Multicloud Becomes Essential for Cloud IaaS Offerings,” 49% of organizations were approaching their cloud computing IaaS strategy through multi-cloud adoption in 2017, and that is expected to increase to 75% by 2022. Most often they’re not trading one for another, but are choosing multiple providers for a variety of reasons: Different business requirements (such as managing risk and costs) may be better suited to different cloud vendors. Many vendors are likewise pricing their offerings competitively and continually adding new features.

If you’ve decided to run a multi-cloud environment as part of your organization’s security strategy, you need to make sure you’re taking appropriate security precautions. This may be a challenge, so in this post, we’ll cover five principles to follow when you make the move to multi-cloud. Read more “How to Achieve Full Stack, Multi-Cloud Security Observability”

How to Track Agent-Based User Activity

AWS Security, Security Research & Strategy
6 Min Read

More often than not we’ll need to go beyond a Severity 1 alert to figure out what a user (including a potentially malicious attacker) was doing on a system. Host events in particular only show a small part of the picture, and a single alert can’t always give you the context necessary to make an escalation decision. This blog post explains how to pivot from a Host event to a user’s session and how to move from a single user-related alert to the user’s session using the data provided by your intrusion detection system. Read more “How to Track Agent-Based User Activity”

How to Understand Your Attacker’s Mindset

Security Research & Strategy
6 Min Read

In this post we’ll try to develop an understanding of a typical attacker’s mindset and then show you how companies like yours can use this knowledge to enhance their security posture. Before we dive in, however, let’s ask a basic question: What is a cyber attacker?

A cyber attacker can be any entity — an individual, a group of individuals, a company, etc. — that tries to harm another entity via their cyber infrastructure. Attackers are often portrayed as ruthless entities that go to great lengths and use elaborate resources to attack state-of-the-art company defenses. Defending companies and individuals frequently view these entities as advanced attackers that challenge themselves by trying to break through fortified security controls by attacking them head on. That may be true in a few cases, but most attackers — especially the most seasoned (i.e., the smartest and most successful) — will try to find the path of least resistance and will also try to use the smallest number of resources when attacking. In other words, they use brains rather than brute force to achieve the biggest gain with the least effort. Let’s explore this in more detail below.
Read more “How to Understand Your Attacker’s Mindset”

The Economic Impact of Threat Stack – A Forrester Research Study

Security Research & Strategy
2 Min Read

Cost Savings and Business Benefits Enabled by Threat Stack

When investing in cloud security platforms and services, businesses naturally want to measure ROI beyond number of deterred attacks. After all, effective cloud security also protects customer data, intellectual property, organizational resources, organizational efficiency, and team productivity — all of which impact your bottom line.

Recently, we asked Forrester Research group to do a total economic impact study of Threat Stack. Their findings? Businesses that use the Threat Stack platform and services are saving more than $900,000 over three years due to reduced risk, improved productivity, and lowered hiring costs. The Threat Stack Cloud Security Platform® offers complete security observability across your infrastructure. So not only can you identify intrusions or threats, but you can also identify and change risky behavior to improve your baseline security posture, which leads to a greater ROI over time. In fact, Forrester found that Threat Stack customers had an average ROI of 178% over three years. Read more “The Economic Impact of Threat Stack – A Forrester Research Study”

How to Cut Through Vendor Claims & Marketing Hype When Evaluating New Security Tools

Machine Learning
3 Min Read

As we’ve pointed out in a couple of recent blog posts, Machine Learning (ML) has been billed as a savior for short-staffed security teams — a silver bullet that can single handedly identify and mitigate every security threat automatically. As we usually do with silver bullet solutions, we’ve cautioned readers to distinguish between the hype and reality. While ML has many strengths and is here to stay, it’s only a part of the solution in the world of cybersecurity — not the solution itself. Human input is still essential to draw meaningful conclusions and define appropriate action.

In today’s post, we’re continuing to advise readers that it’s essential to go below the surface, to distinguish between the hype and reality, when evaluating a cybersecurity solution. Remember: A beautiful package may open up to reveal a beautiful can of worms. Keep your eyes open, investigate below the surface, and avoid nasty surprises. Read more “How to Cut Through Vendor Claims & Marketing Hype When Evaluating New Security Tools”