The Linux “Grinch” Vulnerability: Separating Fact From FUD

Recently, a security firm reported what they claimed to be a flaw with a major impact on organizations running Linux. (And apparently since all the rage these days is to give bugs code names, they pre-seeded the market with this timely one: “grinch”).

Linux software bugs have been huge this year, leaving administrators reeling to patch themselves from Shellshock, Heartbleed, POODLE, etc. With claims that this vulnerability could have an impact similar to Shellshock, I really wanted to dive into what the “grinch” bug means in order to separate the fact from the FUD.

Read more “The Linux “Grinch” Vulnerability: Separating Fact From FUD”

Deconstructing Shellshock To Prepare For the Next One

Yesterday, our Co-Founder and Chief Scientist, Jen Andre, and CEO, Doug Cahill, hosted a live webinar, “Preparing for the Next Shellshock.” Shellshock is the most notable and destructive vulnerability to date, and alongside POODLE and Heartbleed, 2014 has now been deemed the year with the most reported vulnerabilities in history.

Read more “Deconstructing Shellshock To Prepare For the Next One”

We’ve Raised $5M in Funding To Further Protect Cloud Environments From Intrusions & Data Loss

We’re thrilled to announce today that we have raised an additional $5M in funding from Atlas Venture and .406 Ventures. The funding will be used to further develop and commercialize our cloud security monitoring service, which officially launched last month, and expand our footprint with customers using Amazon Web Services.

This announcement comes right on the heels of our highly successful and over subscribed beta program and officially launching on-stage in November at Amazon CTO Dr. Werner Vogel’s Start-up Launch keynote during the AWS re:Invent Conference.

Read more “We’ve Raised $5M in Funding To Further Protect Cloud Environments From Intrusions & Data Loss”

How to Prepare for the Next Shellshock: [New Webinar]

On September 24, 2014, a bug in the Unix Bash shell known as Shellshock was disclosed. The vulnerability widely affected Linux distributions, was easy to exploit, and allowed an attacker to gain unauthorized access to a computer system. This net shattering event left many organizations wondering whether they were compromised and if so, the extent of the damage.

That’s why on Wednesday, December 10th at 1:30pm EST, our Co-Founder and Chief Scientist, Jen Andre, and CEO, Doug Cahill, will be discussing lessons learned from this vulnerability and what companies can do to stay protected from the next one.

During this webinar you will learn how to:

  • Uncover new threats
    Using behavioral-based intrusion detection to protect against zero day attacks.
  • Protect your customer data
    Using continuous security monitoring and auditing to keep data secure.
  • Reduce your EC2 workload attack surface
    Gaining visibility and understanding your security coverage in AWS.

Join us for this live, interactive discussion and you will also receive a Threat Stack t-shirt. The webinar is already filling up fast — save your seat today for “Preparing for the Next Shellshock”.

4 Steps To Effectively Integrate DevOps Workflows With Cloud Security Practices

I’ve spent most of my career in Operations, and the last 5 years at various organizations advocating and instilling DevOps principles in the teams I work with. One thing I’ve noticed is that most companies value speed over security, which has traditionally been a blocker in delivering software.

Recently, however, with more and more breaches and vulnerabilities reported (Shellshock and Heartbleed to name a just few), I’ve changed my tune. I’m not going to say I’ve become paranoid, but one of the reasons I’ve joined Threat Stack is because I believe how important it is that security gets integrated into the operations process.

Read more “4 Steps To Effectively Integrate DevOps Workflows With Cloud Security Practices”

Announcements and Highlights: Threat Stack at AWS re:Invent 2014

We just returned from a great week in Las Vegas, NV for the AWS re:Invent Conference. The conference brought together over 13,500 developers, architects and many other technical users of the Amazon Web Services (AWS) infrastructure for an intensive four-day event. It is the year’s top spot to dive deep into the most pressing AWS topics and issues as well as learn about new services and brings the entire AWS ecosystem together.

Threat Stack at AWS re:Invent

Read more “Announcements and Highlights: Threat Stack at AWS re:Invent 2014”

It’s Here! Threat Stack Launches Out of Beta at AWS re:Invent

Today we’re extremely excited to announce the general availability of Threat Stack!

Right on the heels of our successful beta program with hundreds of active users, and a very busy summer that included shipping many new features, hiring key members of our executive team, and participating in several major AWS events, we have officially launched our service at the AWS re:Invent Conference. We are thrilled and honored that Threat Stack, among just a handful of other companies, was selected by Amazon Web Services (AWS) to join Amazon’s CTO, Dr. Werner Vogels, on stage during his Start-up Launch Keynote to introduce our services to the entire AWS community.

Read more “It’s Here! Threat Stack Launches Out of Beta at AWS re:Invent”