Threat Stack Introducing SecDevOps at AWS Summit New York

Next Thursday, we will be at the AWS Summit 2014 in New York meeting with AWS users from across the country — many of which are our own customers — as well as leading the discussion around the intersection of Security, Development and Operations and what that means for continuous monitoring in EC2.

Read more “Threat Stack Introducing SecDevOps at AWS Summit New York”

Behavioral Threat Monitoring Without Models

One of the great things about the cloud is the ability for companies to grow and shrink their infrastructure elastically to meet varying levels of demand. What many people don’t think about is how to secure this sprawl of cloud compute instances. As new systems are deployed, how do you enforce a policy on them? How do you look for anomalous behavior when an instance hasn’t been up long enough to determine a baseline?

Cloud Sight has solved this problem from day 1 with our policy framework. Our policies encompass all attributes of an instance’s security posture: alert rules, file integrity rules, firewall rules, so many rules! But also, each policy has a unique, learned behavioral model associated with it. For example, an Apache web server process doesn’t usually fork /bin/sh. When our agent is activated, the instance’s baseline is already established from its peers which enables us to immediately start monitoring for anomalies.

Read more “Behavioral Threat Monitoring Without Models”

SaaS Platform Runs a Tight Ship Using Threat Stack’s Cloud Security Monitoring

Case Study: Populi Runs a Tight Ship Using Threat Stack’s Complete Cloud Security Monitoring

ABOUT POPULI

Populi provides a SaaS-based college management platform, allowing people, academics, admissions, billing, scheduling, and communications to work together seamlessly in the cloud. A customer and security-focused company, Populi cares deeply about what customer data their tools and systems are transmitting. They know what’s at stake and provide to users everything from encrypted logins to PCI-compliant technology and daily backups.

CHALLENGES

While Populi has many enterprise-grade security practices in place, they were still not confident that every aspect of their environment was being properly monitored. Populi had a network IDS in place but did not have complete visibility into the activity on their growing number of hosted systems. James Hill, CTO of Populi, needed the peace of mind that he could view everything from server logins to logged in activity so he could be alerted as soon as possible about any potential malicious activity.

In addition, it is important that they always meet and exceed PCI requirements since they work with highly confidential information. “Anyone who is responsible should go beyond regulations to protect customer data,” Hill explained. To do this, they needed to move their logs off site to a centralized location. This all led him to Threat Stack’s flagship product, Cloud Sight.

THE SOLUTION

“I selected Cloud Sight because it allows me to centrally monitor the security of our systems and reassures me that no one has been on our servers since the last time my team and I logged in,” said Hill. “Cloud Sight does everything I need; it acts as a ‘burglar alarm’, alerting me when anything suspicious happens.”

In addition, they now have centralized off-server logs available indefinitely on Cloud Sight, exceeding their compliance regulations.

RESULTS

Now, Hill and his team can confidently say that they have a proactive security posture across their entire environment. Especially after the Heartbleed Bug was announced, he was glad to have Cloud Sight in place. “Getting Cloud Sight allowed us to stop maintaining individual packages on individual boxes and aggregate ourselves,” said Hill. While Cloud Sight monitors their systems 24/7, the Populi team is able to focus on the core of their business and sleep easier at night.

Populi is also even better positioned to protect their client data from any incident small or large, as they are now exceedingly compliant to PCI, HIPAA, and FERPA regulations.

Since installing Cloud Sight by Threat Stack, Populi:

  • Rests assured that they have the right heterogeneous cloud security monitoring in place
  • Exceeds PCI, HIPAA, and FERPA regulations to protect client data
  • Can fix potential security issues before anyone else can try to capitalize on a vulnerability

Unlike traditional providers, Cloud Sight is built for heterogeneous cloud environments and instantly provisions new instances, alleviating resources so that Populi can instead focus on the core of their business.

Threat Stack offers Cloud Sight worldwide on subscription and consumption-based cloud appropriate pricing models with an easy self-service account set up. If you are interested in deploying Cloud Sight’s security monitoring solution for your business, visit http://threatstack.com or contact us today at [email protected].

Threat Stack Takes Center Stage at BSides Boston 2014

Right on the heels of traveling out to Monitorama in Portland, OR, we will be making a splash at BSides Boston. Having been to several BSides events across the country in the past, we’re excited to immerse ourselves in this one — and right in our own backyard!

Mark Thomas and Bill Young of Threat Stack will be speaking at BSides, expanding the local security community on topics of cloud security monitoring and operations security.

Schedule (full schedule here)

Mark Thomas, our Principal Software Engineer, will be speaking on “Smarter Detection and Faster Incident Response”.

When: Friday, May 9th at 2:20pm

Wrapping things up for us, Bill Young, our Senior Infrastructure Engineer, will be speaking on “Security Monitoring for DevOps”.

When:  Saturday, May 10th at 4pm

We look forward to being among many other top-tier security experts in the local Boston area and contributing to the next big innovations in cloud security.

Will you be at BSides Boston this weekend? Mark and Bill would be happy to meet you, so be on the lookout for us. You can follow along with the event at @BSidesBoston and @ThreatStack.

Threat Stack Funded to Secure Cloud Infrastructure, Names Doug Cahill as CEO

As the first provider of continuous monitoring for elastic infrastructure, we’re excited to announce that we’ve raised an additional $2.7M in capital from Atlas Venture and .406 Ventures, bringing total amount raised to $4M.  The new funding will be used to commercialize our flagship service, Cloud Sight™, which is currently in beta.

Cloud Sight provides cloud servers with comprehensive protection, detection and response against malicious threats.  It delivers continuous security monitoring to protect cloud-based, elastic infrastructures from intrusion and compromise.  As a native cloud-built platform, Cloud Sight employs a big data architecture that auto-scales; and its DevOps deployable lightweight agent requires very little computational resource.

Read more “Threat Stack Funded to Secure Cloud Infrastructure, Names Doug Cahill as CEO”