Meltdown & Spectre: How to Secure Your SaaS Environment From Unknown Threats

As a SaaS provider, securing your environment from known threats is one thing, but how about the unknown? That’s a different story altogether, and it’s exactly why the security community is so worked up over Meltdown and Spectre. With so much to learn about the newly discovered vulnerabilities and the threats they pose, many have been sent into a bit of a tailspin. But, before you give in to the panic, we’ve laid out specific steps below that can help you mitigate the risks in order to keep your data and that of your customers secure. Read more “Meltdown & Spectre: How to Secure Your SaaS Environment From Unknown Threats”

Strategies for Measuring and Monitoring the Cloud Like a Boss — Webinar Recap

As you’re probably well aware by now, security is different in the cloud. The good news, of course, is that running in the cloud offers more visibility than ever before. It’s now possible to gain a bird’s-eye view of your entire environment, something that was unimaginable with on-premise data centers.

In partnership with Dark Reading, Threat Stack’s VP of Product, Chris Ford, got together in a recent webinar to discuss measurement and monitoring in the realm of cloud security with Rich Mogull, CEO and Analyst at Securosis. You can read the recap below or view the entire webinar here. Read more “Strategies for Measuring and Monitoring the Cloud Like a Boss — Webinar Recap”

T-72 Hours to Report a Breach – Are You GDPR Ready? – Webinar Recap

The GDPR deadline is looming large. With fewer than 100 days until May 25, many U.S. companies are still unsure what their responsibilities are under GDPR and what steps they need to take to meet new requirements.

To help you prepare, Threat Stack product marketing manager Hank Schless got together with Paul-Johan Jean, GDPR legal consultant at Sphaerist Advisory to give a high level-summary of GDPR responsibilities for U.S. companies in a recent webinar. You can either stream the archived webinar right now, or read the recap below. Read more “T-72 Hours to Report a Breach – Are You GDPR Ready? – Webinar Recap”

Threat Stack Successfully Completes Type 2 SOC 2 Examination

Threat Stack is proud to announce that we have successfully completed a Type 2 SOC 2 examination for the Security and Availability principles with Schellman & Co for our intrusion detection platform and Oversight Managed Service.

This accomplishment is especially exciting for the Threat Stack team because we were able to pass our first SOC 2 examination with zero exceptions — without having taken the organization through any similar experiences before — underscoring our commitment to maintaining rigorous security standards in our company’s technology, processes, and personnel along with the highest level of security and privacy for our customers.

In this post, we want to share highlights of Threat Stack’s SOC 2 journey — why we chose this standard, the process we followed, and our commitment to our customers. In upcoming posts we’ll provide more detailed specifics as our customers go through similar journeys. Read more “Threat Stack Successfully Completes Type 2 SOC 2 Examination”

GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps


— by Pat Cable, Senior Infrastructure Security Engineer, Threat Stack

From time to time Threat Stack invites industry experts to share our blog space, and in today’s post, Chris Lippert, Privacy Technical Lead at Schellman & Company, LLC., takes a look at the General Data Protection Regulation (GDPR), a topic that is on everyone’s mind, whether they’re prepared for it or not.

In this post, Chris explores what’s unique about the GDPR, how it overlaps with existing frameworks including ISO/IEC 27000, NIST, and PCI, and points to how you can leverage your current controls to meet many of the security considerations for personal data under Article 32, as well as other requirements of the GDPR, such as data protection policies or vendor management.

Without further ado, here are Chris’ insights into GDPR. Read more “GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps”

How We Integrated Rust Into Threat Stack’s Operations Workflow

Note: The following post is related to Sensu, a monitoring tool for internal infrastructure health and alerting. If you use Sensu ( for internal monitoring of your own infrastructure health, this could be useful for you. However, this tool does not integrate with Threat Stack services and is not intended or supported for any such use case. It is a tool that we use internally, and we have released this with the intention that it may be helpful to the wider open source community.

Tooling is an integral part of operations at Threat Stack. On the Operations team, our job is to enable both ourselves and the Development team to work more effectively. When I started at Threat Stack almost a year ago, my role primarily centered on improving our tooling to create more granular control over our environment. My first project was creating “shush,” an operations tool for temporarily silencing monitoring checks in Sensu during maintenance. Up to that point, we had had less granularity in our check silencing capabilities for routine maintenance. While we could silence groups of checks and checks coming from a particular node, we were not able to silence single checks or a subset of checks on these hosts. After we discussed the requirements for this tool, I ultimately suggested that it be written in Rust.

In this post I describe our experience integrating Rust and also cover the benefits of using Rust in an operations workflow both technically and from a human factors perspective. Read more “How We Integrated Rust Into Threat Stack’s Operations Workflow”

5 Things Your SaaS Company Should Know About GDPR

The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018, and despite being a European Union regulation, its effects are far reaching, as we’ll explain below. Regardless of where a company is based, it is subject to GDPR if it collects “personal data” from a person physically located in an EU country, provided the collection relates to offering goods or services or monitoring their behavior. Thus virtually any website that collects data would be subject to GDPR. Many SaaS organizations may feel overwhelmed by these new regulations or unsure of how they will (or won’t) apply to them.

Despite the flood of information that’s been published about the new regulation, many SaaS companies are still unclear about what GDPR means for them, so in this post, we have provided a brief definition of the GDPR followed by five key points you should be aware of. Read more “5 Things Your SaaS Company Should Know About GDPR”

Threat Stack Takes Home Gold in the 2018 Cybersecurity Excellence Awards

The Winter Olympics haven’t even started, but Threat Stack has already taken home two Golds and a Bronze in the 2018 Cybersecurity Excellence Awards.

The Awards, which were announced yesterday, honored Threat Stack with:

  • Gold for Intrusion Detection & Prevention
  • Gold for Insider Threat Detection
  • Bronze for Best Cybersecurity Startup

Read more “Threat Stack Takes Home Gold in the 2018 Cybersecurity Excellence Awards”

How a Cloud Security Company Runs Its Security Council

At Threat Stack, we believe in building a security culture that starts at the top and functions as a cross-organizational discipline. Achieving this goal requires education and transparency among business partners. That’s why we at Threat Stack have built our own internal security council, which meets regularly and reviews issues that are relevant and timely for our organization. Read more “How a Cloud Security Company Runs Its Security Council”

The Costs of Open Source & Point Solutions for SaaS Security

As a SaaS company, your time and resources are valuable. You need to make solid, strategic decisions about where to focus your time and energy. You also need to ensure that your organization is secure and compliant in the ways that matter to you and to your customers.

When it comes to security tools, there are a few options:

  • Build your own
  • Buy a bunch of point solutions
  • Use open source security tools
  • Invest in a security platform

Read more “The Costs of Open Source & Point Solutions for SaaS Security”