On September 24, 2014, a bug in the Unix Bash shell known as Shellshock was disclosed. The vulnerability widely affected Linux distributions, was easy to exploit, and allowed an attacker to gain unauthorized access to a computer system. This net shattering event left many organizations wondering whether they were compromised and if so, the extent of the damage.
That’s why on Wednesday, December 10th at 1:30pm EST, our Co-Founder and Chief Scientist, Jen Andre, and CEO, Doug Cahill, will be discussing lessons learned from this vulnerability and what companies can do to stay protected from the next one.
During this webinar you will learn how to:
- Uncover new threats
Using behavioral-based intrusion detection to protect against zero day attacks.
- Protect your customer data
Using continuous security monitoring and auditing to keep data secure.
- Reduce your EC2 workload attack surface
Gaining visibility and understanding your security coverage in AWS.
Join us for this live, interactive discussion and you will also receive a Threat Stack t-shirt. The webinar is already filling up fast — save your seat today for “Preparing for the Next Shellshock”.
I’ve spent most of my career in Operations, and the last 5 years at various organizations advocating and instilling DevOps principles in the teams I work with. One thing I’ve noticed is that most companies value speed over security, which has traditionally been a blocker in delivering software.
Recently, however, with more and more breaches and vulnerabilities reported (Shellshock and Heartbleed to name a just few), I’ve changed my tune. I’m not going to say I’ve become paranoid, but one of the reasons I’ve joined Threat Stack is because I believe how important it is that security gets integrated into the operations process.
Read more “4 Steps To Effectively Integrate DevOps Workflows With Cloud Security Practices”
We just returned from a great week in Las Vegas, NV for the AWS re:Invent Conference. The conference brought together over 13,500 developers, architects and many other technical users of the Amazon Web Services (AWS) infrastructure for an intensive four-day event. It is the year’s top spot to dive deep into the most pressing AWS topics and issues as well as learn about new services and brings the entire AWS ecosystem together.
Threat Stack at AWS re:Invent
Read more “Announcements and Highlights: Threat Stack at AWS re:Invent 2014”
Today we’re extremely excited to announce the general availability of Threat Stack!
Right on the heels of our successful beta program with hundreds of active users, and a very busy summer that included shipping many new features, hiring key members of our executive team, and participating in several major AWS events, we have officially launched our service at the AWS re:Invent Conference. We are thrilled and honored that Threat Stack, among just a handful of other companies, was selected by Amazon Web Services (AWS) to join Amazon’s CTO, Dr. Werner Vogels, on stage during his Start-up Launch Keynote to introduce our services to the entire AWS community.
Read more “It’s Here! Threat Stack Launches Out of Beta at AWS re:Invent”
We’re excited to announce that we’ll be exhibiting at AWS re:Invent next week! Visit us at Booth #742to get a sneak peak at the first and only solution built from the ground up to make security easy for DevOps and Security professionals managing cloud infrastructure.
Read more “Join Threat Stack at AWS re:Invent Next Week”
Last week, I had a call with Gene Kim, founding CTO of Tripwire and author of The Phoenix Project (see end of post for more details). I’ve known Gene from the DevOps community for awhile now, so we took this time to dive into all things DevOps and Security, in the end resulting in this great Q&A to share with you all on what bringing Security into DevOps means for us all.
Read more “Bringing Infosec Into The DevOps Tribe: Q&A With Gene Kim”
The internet is yet again feeling the aftereffects of another “net shattering” vulnerability: a bug in the shell ‘/bin/bash’ that widely affects Linux distributions and is trivial to exploit. The vulnerability exposes a weakness in bash that allows users to execute code set in environment variables, and in certain cases allows unauthenticated remote code execution.
Possible vectors for attack include:
At Threat Stack, our team and culture play a critical role in allowing us to build the leading continuous security monitoring solution on the market. We’re all thrilled about the early (and overwhelmingly positive) market response to Threat Stack’s security offering and getting indoctrinated into the AWS ecosystem. Our company culture of constant improvement and dedication to put customers first has fostered this early success, and we’re excited to know that it’ll only get better from here.
Read more “Threat Stack Internship: What It Takes To Be A Boston Startup Intern”
This summer, despite the absolutely perfect weather here in Boston, we’ve spared no time and hunkered down to keep building and shipping new features, focusing in on top AWS community events, hiring several truly awesome people, and much more.
As the summer comes to a close, we’d like to give you a quick update on what we’ve been up to here at Threat Stack.
Read more “Threat Stack Heats Up: Closing In On Redefining Cloud Security”
One of things we like at Threat Stack is magic. But since magic isn’t real, we have to come up with the next best thing, so we’ve hired one of the libevent maintainers Mark Ellzey Thomas (we like to call him our ‘mad kernel scientist’) to make our agent the best in its class.
Many of the more savvy operations and security people that use our service are blown away by the types of information we can collect, correlate, and analyze from Linux servers. They say something to the effect of, “I’ve tried to do this with (Red Hat) auditd, with little to no success… how do you guys do it?”
Read more “Threat Stack vs. Red Hat Auditd Showdown”