What is SecOps? A Definition, Benefits, Best Practices, and More

While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure.

SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle.

Unfortunately, there seems to be a disconnect between what organizations want when it comes to security, and what they’re actually able to put into practice. In Threat Stack’s recent report, Bridging the Gap Between SecOps Intent and Reality, we found that 85% of organizations believe bridging the gap and employing SecOps best practices is an important goal. Yet just 35% say that SecOps is a completely or mostly established practice at their organizations, and 18% say it’s not established at all.

In this post, we’ll discuss a number of facets of SecOps — what it is, it’s goals, how it benefits organizations, best practices for implementing a SecOps program, to name a few — with the aim of giving you some helpful background and, perhaps, some of the motivation you need to get a SecOps program established in your organization. Read more “What is SecOps? A Definition, Benefits, Best Practices, and More”

101 AWS Security Tips & Quotes, Part 2: Securing Your AWS Environment

As part of its mission, Threat Stack has always brought its readers security-related content to help them make informed decisions that will strengthen their organizations’ security.

With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s critical that organizations develop proactive, comprehensive security strategies that build security in from the very beginning and evolve as their infrastructures scale to keep systems and data secure.

So last week we kicked off a 4-part mini-series on AWS Security Tips and Quotes starting with Part 1: Essential Security Practices.

This week we’re bringing you Part 2 — Securing Your AWS Environment — and in the coming weeks we’ll wrap up with:

  • Part 3: Best Practices for Using Security Groups in AWS
  • Part 4: AWS Security Best Practices

Read more “101 AWS Security Tips & Quotes, Part 2: Securing Your AWS Environment”

Visualizing Detection & Remediation in the Cloud With Graylog — Webinar Recap

If you’re on a Security team, chances are you may be able to leverage some of the Operations team’s existing tools for log management and SIEM. That was certainly the case with Threat Stack’s use of Graylog.

On June 22, Sam Bisbee, Threat Stack’s CSO, joined Lennart Koopmann, the founder and CTO of Graylog, to discuss how Threat Stack moved from a manual logging system with data silos and a lack of overall visibility, to using centralized log management and a SIEM to create a holistic picture of our cloud infrastructure security — incorporating data from our own systems as well as third-party applications to cost-effectively create real-time actionable security intelligence.

During the webinar, Sam and Lennart addressed key questions including the following:

  • Why host your own log management system?
  • What drove the need for a SIEM?
  • How did Threat Stack unify its data across various platforms?
  • How did Threat Stack make our security intelligence actionable?

Here’s a recap of the discussion which, I hope, will be helpful if you’re evaluating log management or SIEM vendors for inclusion in your SecOps tech stack. Read more “Visualizing Detection & Remediation in the Cloud With Graylog — Webinar Recap”

3 Things to Know About Kubernetes Security

Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. The operational benefits of containers, including optimized build times and more efficient use of infrastructure resources, have caused a surge in interest in container orchestration platforms like Kubernetes. At the same time, Kubernetes deployments have opened up a whole new set of infrastructure security concerns for Development and Operations teams.

For teams just getting started with Kubernetes deployments, here’s an overview of three things you need to know about securing your infrastructure from the outset. Read more “3 Things to Know About Kubernetes Security”

101 AWS Security Tips & Quotes, Part 1: Essential Security Practices

With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s imperative that organizations develop comprehensive, proactive security strategies that build security in from Day 1 and evolve as their infrastructures scale to keep systems and data secure.

To help as you create a strong security posture for your organization, we’ve compiled a list of 101 AWS security tips and quotes from cloud experts and security thought leaders (including a few from Threat Stack).

To make the list manageable, we’ve divided it into four separate blog posts, which we’ll publish over the next few weeks:

  • Part 1: Essential Security Practices
  • Part 2: Securing Your AWS Environment
  • Part 3: Best Practices for Using Security Groups in AWS
  • Part 4: AWS Security Best Practices

Read more “101 AWS Security Tips & Quotes, Part 1: Essential Security Practices”

Why an Infrastructure Transition is the Perfect Time to Invest in Security

You’re in the midst of an infrastructure transition, and you have a million and one things on your plate. Whether you are deploying containers for the first time or configuring your orchestration tool, dealing with evolving infrastructure can be overwhelming, so security can surely wait, right? Wrong!

The problem with delaying security until your new infrastructure is up and running is the exposure risk your organization will have in its environments. When you put off security until a crisis occurs, you miss the important strategic advantages gained by integrating a security program into your operations from Day 1. Meanwhile, as security sits on the backburner, your new infrastructure is left perilously exposed.

Remediating an attack is always more troublesome, costly, time consuming, and damaging than getting security right in the first place. Therefore, it’s vital to build a culture of security from the beginning and to continuously reinforce it. Here are three reasons why the perfect time to invest in security is when you’re transforming your infrastructure. Read more “Why an Infrastructure Transition is the Perfect Time to Invest in Security”

5 Statistics That Prove Why Your Security Posture Can’t Be Purely Reactive

While reacting to alerts and incidents after they occur will always be a reality of the security professional’s job, a purely reactive security approach is simply not effective given the way that today’s technical infrastructures and the cyber ecosystem itself have become ever more complex. With organizations adopting new technologies — spreading sensitive data across different cloud servers, service providers, containers, and even various SaaS platforms — it’s essential that they begin to take a more proactive approach to security.

This means putting in place repeatable processes and automating as much of your infrastructure as possible, leaving behind time-consuming, inefficient, and costly ad hoc tactics. It also means integrating Security with Development and Operations from the outset, and prioritizing communication between teams to attain positive business outcomes.

Failing to establish a proactive security posture runs you the risk of becoming a statistic, as you’ll see below. Here are five figures that may provide you with just the motivation you need to get started. Read more “5 Statistics That Prove Why Your Security Posture Can’t Be Purely Reactive”

How to Use Threat Stack to Reduce Mean Time To Know

Mean Time To Detect (MTTD) and Mean Time To Know (MTTK) are two of the most important metrics in security operations. Respectively, they measure the following:

  • MTTD: How quickly you can identify something and generate an alert. It determines how fast you’re notified when something suspicious happens anywhere in your cloud or on-premises environment. Today, most security tools keep MTTD low, so you probably receive alerts pretty quickly.
  • MTTK: How fast you can sort signal from noise when you get an alert. It measures how efficient the security team is at detecting real threats and understanding what those threats are. The shorter MTTK is, the sooner you will catch an attack in progress and be able to put a stop to it, reducing the negative consequences for your organization.

You can probably see why MTTK is a lot harder to make an impact on. It’s like seeing how fast you can find a needle in a haystack. Difficult, to say the least!  

To begin, security teams are barraged with alerts on a daily basis, requiring manual work to sift through the noise to find a signal that indicates a real issue. Add on all the other tasks that need to be done aside from alert investigations, and it’s seemingly impossible to get ahead.

This is where automation comes in. Automation not only eliminates the need to manually handle tedious tasks (like alert response). It also helps you to optimize your existing resources, empowering them to actually focus on MTTK and get it under control.

In this post, therefore, we’ll take a closer look at how the Threat Stack Cloud Security Platform® can help you integrate security into your operations from the start so you can optimize alert handling and significantly reduce your MTTK. Read more “How to Use Threat Stack to Reduce Mean Time To Know”

What is AWS PCI Compliance?

A Definition of AWS PCI Compliance, Benefits, Requirements, and More

If your organization processes credit or debit card payments, PCI compliance is essential. If you are a merchant of any size accepting credit cards, you must be in compliance with PCI Security Standards. In this post, I’m going to walk you through what you need to know about AWS PCI compliance to ensure compliance in the cloud. Read more “What is AWS PCI Compliance?”

How to Develop An Incident Response Checklist for Your SaaS Business

Earlier this week, we published a post that explains how to develop an Incident Response Plan (IRP) to prepare for when an incident inevitably impacts your SaaS business. In addition to having an Incident Response Plan that identifies your critical systems, data, risk profile, stakeholders, and so on, it’s vital to have an Incident Checklist that lays out the main action steps to take when an incident actually occurs — thereby ensuring that you’re able to respond, stay on track, and address priorities in a thorough and logical fashion.

With that in mind, this post tells you what to include in an Incident Response Checklist by outlining the main steps and action items you should take from the time you first become aware that an incident might be occurring, through the subsequent investigation and remediation stages, and on to the post-incident phase where you focus on making improvements that will help you handle future incidents more effectively. Read more “How to Develop An Incident Response Checklist for Your SaaS Business”