Cloud Security Is Always Your Responsibility

Too many times we hear and read about how insecure the cloud is or worse — that the cloud is already secure because IaaS providers have security groups and protection capabilities. These ideologies are all too common and far too wrong. By using outsourced cloud infrastructure, you are only outsourcing your infrastructure, not your security. Security is always your responsibility.  

Read more “Cloud Security Is Always Your Responsibility”

The Rise of Behavior Profiling: Relying on Signatures and Rules Isn’t Enough Anymore

If you’re relying solely on signatures and rules to protect your cloud infrastructure, you’re doing it wrong. Yes, these were previously the default methods to protect you from attackers, either internal or external. Today, however, malicious hackers are moving faster than these methods can even pretend to keep up with and are evading traditional signature and rule-based network security methods. This brings forth the importance of behavior profiling to detect and stop attacks as quickly as possible to avoid a full-blown breach.

But first (and to be clear) a little more on why signatures and rules are insufficient:


Read more “The Rise of Behavior Profiling: Relying on Signatures and Rules Isn’t Enough Anymore”

Richard Bejtlich and Chris Wysopal Join Threat Stack Advisory Board

Since starting Threat Stack in November of 2012, it has been our mission to create the most powerful security monitoring and forensics platform built specifically for the cloud. Since then, we’ve been honored and humbled to work with many of the world’s top cloud and security providers and experts.

Now, we’re excited to announce that Richard Bejtlich, CSO of Mandiant, and Chris Wysopal, CTO and co-founder of Veracode, have joined the Threat Stack Advisory board.

Read more “Richard Bejtlich and Chris Wysopal Join Threat Stack Advisory Board”

Threat Stack’s Snorby Cloud Firewall Management Teaser

Sorry for the late post everyone! The team has been hard at work deploying Snorby’s new firewall management to our alpha test team. It has been an incredible weekend + Monday and we’re all very proud of the outcome.

We will have a full-write up on our hackathon and a walkthrough of this amazing new Snorby Cloud functionality very soon!

Read more “Threat Stack’s Snorby Cloud Firewall Management Teaser”

Are you a security company? Be afraid of Threat Stack Hackathons

Threat Stack was founded by extremely passionate and competitive individuals that want to make the lives of IT generalists and overwhelmed security analysts better. We plan on doing this by releasing incredibly useful and high quality software, uniting the defensive security community, and making our products accessible through a great user experience and affordable pricing.

Read more “Are you a security company? Be afraid of Threat Stack Hackathons”

Threat Stack’s Snorby Cloud Rules Management Rules!

Tuning your IDS ruleset to limit false positive alerts and silence non-applicable rules is a critical part of running any competent IDS security strategy. Despite that fact, we’ve always been surprised at how difficult distributing, maintaining, synchronizing, and tuning an efficient set of rules can be.

More mature security shops have had to solve this problem, so they’ve turned to many of the great community and paid tools that are out there. We have seen sophisticated teams leverage everything from popular configuration management tools such as Puppet or Chef, to relying on bash scripts that utilize rsync or SCP to synchronize rules files and configurations across sensors. At the end of the day, none of these solutions are ideal as they still require manual effort and create a system operations expertise barrier to rules tuning.

Read more “Threat Stack’s Snorby Cloud Rules Management Rules!”