How to Prepare for the Next Shellshock: [New Webinar]

On September 24, 2014, a bug in the Unix Bash shell known as Shellshock was disclosed. The vulnerability widely affected Linux distributions, was easy to exploit, and allowed an attacker to gain unauthorized access to a computer system. This net shattering event left many organizations wondering whether they were compromised and if so, the extent of the damage.

That’s why on Wednesday, December 10th at 1:30pm EST, our Co-Founder and Chief Scientist, Jen Andre, and CEO, Doug Cahill, will be discussing lessons learned from this vulnerability and what companies can do to stay protected from the next one.

During this webinar you will learn how to:

  • Uncover new threats
    Using behavioral-based intrusion detection to protect against zero day attacks.
  • Protect your customer data
    Using continuous security monitoring and auditing to keep data secure.
  • Reduce your EC2 workload attack surface
    Gaining visibility and understanding your security coverage in AWS.

Join us for this live, interactive discussion and you will also receive a Threat Stack t-shirt. The webinar is already filling up fast — save your seat today for “Preparing for the Next Shellshock”.

4 Steps To Effectively Integrate DevOps Workflows With Cloud Security Practices

I’ve spent most of my career in Operations, and the last 5 years at various organizations advocating and instilling DevOps principles in the teams I work with. One thing I’ve noticed is that most companies value speed over security, which has traditionally been a blocker in delivering software.

Recently, however, with more and more breaches and vulnerabilities reported (Shellshock and Heartbleed to name a just few), I’ve changed my tune. I’m not going to say I’ve become paranoid, but one of the reasons I’ve joined Threat Stack is because I believe how important it is that security gets integrated into the operations process.

Read more “4 Steps To Effectively Integrate DevOps Workflows With Cloud Security Practices”

Announcements and Highlights: Threat Stack at AWS re:Invent 2014

We just returned from a great week in Las Vegas, NV for the AWS re:Invent Conference. The conference brought together over 13,500 developers, architects and many other technical users of the Amazon Web Services (AWS) infrastructure for an intensive four-day event. It is the year’s top spot to dive deep into the most pressing AWS topics and issues as well as learn about new services and brings the entire AWS ecosystem together.

Threat Stack at AWS re:Invent

Read more “Announcements and Highlights: Threat Stack at AWS re:Invent 2014”

It’s Here! Threat Stack Launches Out of Beta at AWS re:Invent

Today we’re extremely excited to announce the general availability of Threat Stack!

Right on the heels of our successful beta program with hundreds of active users, and a very busy summer that included shipping many new features, hiring key members of our executive team, and participating in several major AWS events, we have officially launched our service at the AWS re:Invent Conference. We are thrilled and honored that Threat Stack, among just a handful of other companies, was selected by Amazon Web Services (AWS) to join Amazon’s CTO, Dr. Werner Vogels, on stage during his Start-up Launch Keynote to introduce our services to the entire AWS community.

Read more “It’s Here! Threat Stack Launches Out of Beta at AWS re:Invent”

Bringing Infosec Into The DevOps Tribe: Q&A With Gene Kim

Last week, I had a call with Gene Kim, founding CTO of Tripwire and author of The Phoenix Project (see end of post for more details). I’ve known Gene from the DevOps community for awhile now, so we took this time to dive into all things DevOps and Security, in the end resulting in this great Q&A to share with you all on what bringing Security into DevOps means for us all.

Read more “Bringing Infosec Into The DevOps Tribe: Q&A With Gene Kim”

CVE-2014-6271 And You: A Tale Of Nagios And The Bash Vulnerability

The internet is yet again feeling the aftereffects of another “net shattering” vulnerability: a bug in the shell ‘/bin/bash’ that widely affects Linux distributions and is trivial to exploit. The vulnerability exposes a weakness in bash that allows users to execute code set in environment variables, and in certain cases allows unauthenticated remote code execution.

Possible vectors for attack include:

Threat Stack Internship: What It Takes To Be A Boston Startup Intern

At Threat Stack, our team and culture play a critical role in allowing us to build the leading continuous security monitoring solution on the market. We’re all thrilled about the early (and overwhelmingly positive) market response to Threat Stack’s security offering and getting indoctrinated into the AWS ecosystem. Our company culture of constant improvement and dedication to put customers first has fostered this early success, and we’re excited to know that it’ll only get better from here.

Read more “Threat Stack Internship: What It Takes To Be A Boston Startup Intern”

Threat Stack Heats Up: Closing In On Redefining Cloud Security

This summer, despite the absolutely perfect weather here in Boston, we’ve spared no time and hunkered down to keep building and shipping new features, focusing in on top AWS community events, hiring several truly awesome people, and much more.

As the summer comes to a close, we’d like to give you a quick update on what we’ve been up to here at Threat Stack.
Read more “Threat Stack Heats Up: Closing In On Redefining Cloud Security”

Threat Stack vs. Red Hat Auditd Showdown

One of things we like at Threat Stack is magic.  But since magic isn’t real, we have to come up with the next best thing, so we’ve hired one of the libevent maintainers Mark Ellzey Thomas (we like to call him our ‘mad kernel scientist’) to make our agent the best in its class. 

Many of the more savvy operations and security people that use our service are blown away by the types of information we can collect, correlate, and analyze from Linux servers. They say something to the effect of, “I’ve tried to do this with (Red Hat) auditd, with little to no success… how do you guys do it?”  

Read more “Threat Stack vs. Red Hat Auditd Showdown”