Black Hat USA 2018: A SecOps Recap

Last week, I had the pleasure of joining thousands of security researchers, vendors, marketers, press, and bloggers converging on the desert and Mandalay Bay for my first-ever Black Hat USA conference. Attendees discussed the newest research, latest technologies, scariest threats, and biggest trends in this crazy world of cybersecurity. If you weren’t lucky enough to be part of the fun, here’s a quick recap of Black Hat USA 2018 (aka Security Summer Camp). Read more “Black Hat USA 2018: A SecOps Recap”

Best Practices for User Access Management

Many organizations have policies in place that restrict internal access to information, but are they truly optimized for security and efficiency? In an age of sophisticated, ever-evolving infrastructure and equally sophisticated attacks, it’s time to get serious about user access management. In order to do so, you’ll need to take a SecOps approach, automating processes wherever possible and prioritizing strong security that is built in from the start. In this way, you can reduce the risk of human oversight and monitor to ensure that the correct policies are being followed consistently.

With the right user access management system in place, you can decrease costs and increase efficiency when it comes to hiring, onboarding, and ongoing security. Read on for best practices to help get you there. Read more “Best Practices for User Access Management”

What Would You Change About AWS Security?

20 Security Pros Reveal the One Thing They’d Change About AWS Security

AWS is one of the most popular cloud platforms among enterprises and even SMBs, and for good reason: The service is robust, with a variety of features and functionality to make management seamless. But managing an AWS environment still requires a good deal of technical expertise. What’s more, while AWS provides a multitude of options for securing your cloud environment, it’s not perfect, nor does it (or any cloud provider) promise complete, end-to-end security for your infrastructure, applications, and data — and users are responsible for filling in the gaps.

That is, of course, where Threat Stack comes into play, enabling you to secure your cloud infrastructure, as well as your cloud workloads, both at speed and at scale. To gain some insight into where AWS falls short and what users need to know to fully secure their cloud environment, we reached out to a panel of security pros and asked them to answer this question:

“If you could wave a magic wand and change one thing about AWS security what would it be?”

Read more “What Would You Change About AWS Security?”

50 Best Cloud Security Training Resources

The bad news is there’s a global shortage of trained cybersecurity professionals: According to PWC, there will be 1.5 million cybersecurity job openings by 2019, and the talent market is not expected to catch up any time soon. The good news is that hundreds of quality resources are available to help both established and up-and-coming cloud security professionals educate themselves.

If you’re looking for networking opportunities and access to specialized training in your areas of interest, attending cloud security conferences is an excellent way to rack up your credentials, so be sure to visit our list of 50 cloud security conferences to attend in 2018 and beyond.

If conferences aren’t a good option for you, there are lots of other professional development avenues you can take.  To help you in your cloud security training search, we’ve compiled a list of 50 different resources in a variety of categories, ranging from training courses to video content, whitepapers, and more — along with a few useful career resources to help you put those newly acquired skills to work.

It can be difficult to know which training resources are best for your situation, especially when you’re just beginning your career in cybersecurity. That’s why we’ve put this blog post together, grouping resources into logical categories that are intended to help you find resources that are best-suited to your specific needs.

Note: The cloud security training resources discussed below are not ranked in any way, and Threat Stack does not directly endorse any of them. We are simply providing them here for information purposes and have grouped them into logical categories for ease of navigation. Read more “50 Best Cloud Security Training Resources”

Threat Stack Quick Guide to Black Hat USA 2018

Booth #2316 | August 8 – 9 | Las Vegas, NV

Are you attending Black Hat this August? Threat Stack is, and we’d love to see you there!

With so many fascinating events going, we thought it would be helpful to create a Quick Guide to help you get the most out of your visit to Black Hat USA 2018.

If you can’t meet us there (we’ll miss you!), you can keep up with the latest happenings inside and beyond the exhibition floor through our blog and social media (follow @threatstack on Twitter). Read more “Threat Stack Quick Guide to Black Hat USA 2018”

What is the NIST Cybersecurity Framework?

You’ve SOC 2-ed from here to eternity, and you’ve got GDPR in the bag, but if you’re truly focused on security maturity, you know that your work is never done. So, what’s next? Perhaps it’s time to focus on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

Unlike GDPR and SOC 2, organizations will face no penalties for noncompliance with the NIST CSF: It’s purely voluntary. Nevertheless, it serves as a singular guideline that CISOs can look to in a world of fragmented cybersecurity regulations.

The framework was first developed in 2014, after President Obama recognized the growing risk to critical infrastructure. His Cybersecurity Enhancement Act (CEA) of that year called to expand the role of NIST to create a voluntary framework in order to identify “a prioritized, flexible, repeatable, performance-based, and cost-effective approach” to manage cyber threats. A 2017 executive order by President Trump took the framework a step further by making it federal government policy.

After years of gathering feedback, version 1.1 of the framework was released in 2018 to provide “a more comprehensive treatment of identity management,” as well as additional information on managing supply chain cybersecurity. As a living document, the NIST CSF will continue to evolve as the industry provides feedback on implementation.

As the standard developed by the United States for managing cybersecurity risk, organizations would do well to take heed. As with any standard, choosing to comply with the NIST CSF demonstrates to your clients that you’re serious about security, while improving your overall security posture and lessening the risk of a data breach and the resulting financial losses, client churn, and reputational loss that go along with it.

Below we’ll help you understand some of the main points of the NIST CSF so you can begin putting it into practice. Read more “What is the NIST Cybersecurity Framework?”

Why Kubernetes is Not a Silver Bullet

Container adoption is on a meteoric rise. Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. It’s not hard to see why — containers’ offer greater DevOps flexibility along with an optimized build/deployment pipeline.

The surge in container adoption is the driving force behind a new phenomenon in developer circles that we at Threat Stack lovingly refer to as “Kubernetes FOMO.” Eager to get on board with the most popular orchestration platform around, organizations are jumping on the Kubernetes bandwagon.

And why not? Kubernetes speeds container deployment and enables the management of multi-container clusters at scale. It allows for continuous integration and delivery; handles networking, service discovery, and storage; and has the ability to do all that in multi-cloud environments.  

Some would call Kubernetes a silver bullet in the world of container deployment and management, but that doesn’t mean it comes without security concerns. In this post, we’ll discuss a few things to watch out for if you’re considering a move to Kubernetes, as well as some tips on ensuring that your infrastructure remains secure during a transition. Read more “Why Kubernetes is Not a Silver Bullet”

How to Avoid Targeted AWS Attacks With Secure AWS Keys

If the headlines are any indication, hackers continue to exploit vulnerabilities in cloud infrastructure platforms, with targeted AWS attacks becoming very common. Many attacks follow similar patterns: Actors are typically looking opportunistically for AWS keys, which are either accidentally posted to open source code websites like GitHub or stolen from employee laptops using malware. Once the actor has gained access to the AWS account, they often look for fairly direct paths to sensitive data or valuable resources, such as an open S3 bucket or access to launch a new EC2 instance to mine cryptocurrency.

Many developers use AWS access keys that have not been changed in months or years. Although keeping these keys the same makes things easy for the developers, it’s not very good security hygiene. Many organizations aren’t aware that their stagnant AWS keys could be causing major vulnerabilities. Read more “How to Avoid Targeted AWS Attacks With Secure AWS Keys”

Why DevOps Needs Security During an Infrastructure Transition

The rising popularity of DevOps practices in cloud infrastructure environments has allowed software teams to release work more quickly and efficiently than ever before, but is security top of mind? Data included in a new Pathfinder Report from 451 Research would suggest not.

According to data included in “Refocusing Security Operations in the Cloud Era,” 36% of businesses said their top IT goal over the next year is to respond to business needs faster, while 24% said it is to cut costs. In comparison, only 10.5% prioritized improving security as their top goal, coming in dead last among the options listed.

The problem seems to stem from the misconception that speed and security are mutually exclusive, where DevOps views security as a business decelerator rather than the stabilizing force it is. Baking security into DevOps processes early on through SecOps best practices, which we’ll review below, is the only way to build long-term sustainable infrastructure that will support your products and team as they move into the future. Read more “Why DevOps Needs Security During an Infrastructure Transition”

How to Use Threat Stack to Enable Proactive Security

We recently discussed some pretty sobering statistics in the world of cybersecurity, ranging from astronomical misconfiguration rates to the depressing lack of speed with which breaches are detected. Not only are attacks more sophisticated than ever before, but infrastructure is too, with sensitive data spread across various servers, service providers, containers, and even SaaS platforms. No matter how worrisome these statistics, however, each and every one can be mitigated, for the most part, when an organization takes a proactive approach to security.

So what does a proactive security approach look like, exactly? It involves SecOps best practices, where Security is integrated with Development and Operations from the outset and where communication between teams takes priority. It also means putting in place repeatable processes and replacing costly, time-consuming, ad hoc procedures with automation wherever possible.

Transforming your culture to support a proactive security culture can be a daunting prospect to be sure. While 85% of respondents to our recent survey said that employing SecOps best practices is an important goal for their organizations, only 35% reported that SecOps is currently an established practice. Held back by overworked and under-resourced security professionals thanks to an industry-wide skills gap, many organizations simply don’t know where to begin when it comes to establishing a more proactive security posture.

Here’s the good news. The Threat Stack Cloud Security Platform® enables your Security and Operations teams to build security into their workflows from the start to make your organization’s approach to security more proactive. Here’s how. Read more “How to Use Threat Stack to Enable Proactive Security”