Resources to Help You Carry Out Your 2018 Security Resolutions

The other week we outlined a number of resolutions to put you on the path to a cyber-secure 2018. In this post we’re going to direct you to some of the resources we produced in 2017 that will help you carry out those resolutions.

2017 was an eventful year in the cybersecurity world — to say the least! It seems that every day a new threat or major breach was causing a stir — whether it was Equifax, the RNC voter data exposure, WannaCry, Uber, Alteryx, or — to start the new year — Spectre and Meltdown!

If you want to take a look at the World’s Worst Data Breaches, here you go. But we’re going to stick to our preferred approach: After you read the splashy headlines, look inward to make sure your own data and systems are secure. To help you secure and manage your cloud environments, we’ve put together a summary of a few of the great resources we produced in 2017.

Webinars

Each of the following links will take you to a webinar recap, and each recap has a full recording embedded:

12 Low-Cost Cloud Security Practices With Big Payoffs

In this webinar, Chris Gervais delivers great advice on ways your organization can significantly strengthen its security posture — without running up a big bill.

A Straightforward Workflow to Define Your Cloud Security Strategy

Chris Gervais and Katie Paugh, G2 Technology Group’s Security Architect, discuss a simple workflow that every company can follow to successfully implement an effective security plan.

How to Leverage Automation to Make Your Organization Secure by Design

Pat Cable, Threat Stack senior security engineer, Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, look at ways that companies can become secure by design using automation.

Compliance in the Cloud: Q&A

Threat Stack spoke with Ryan Buckner, Principal at Schellman & Company, and Kevin Eberman, Director of Ops at MineralTree. Using the cloud as our lens, we discussed the ways in which companies can better understand and navigate compliance.

How to Cut Time to Security Incident Detection on AWS

This webinar outlines important steps that all companies should be implementing to reduce time-to-detection and ensure that they are the first ones to know about an issue — and to do it in a way that won’t put a resource drain on your resources.

Lean Security Webinar Recap: Achieving SecOps Efficiency in the Cloud

This webinar, featuring Sabino Marquez, Allocadia’s CISO, outlines best practices for using “lean security” to achieve SecOps efficiency in the cloud.

Additional Threat Stack Webinars From 2017

Ask Us Anything: How to Get Started With DevOpsSec

Steps for Establishing Your AWS Security Roadmap

How to Secure Your Cloud Environment for What’s Next

To Predict Cloud Security’s Future, We Must First Understand Its Past

How to Secure a Non-Production Environment

eBooks

Lean Cloud Security: Your Guide to SecOps Efficiency in the Cloud

This ebook is designed for small to mid-sized organizations that have limited security personnel (or none at all) along with limited budgets and technical resources. It offers best practices for getting the best results from your existing people, processes, and tools.

Myth Busting Intrusion Detection

Myth Busting dispels misconceptions and explains why modern intrusion detection offers the best protection in a cloud environment against attacks, insider threats, and data loss while enabling you to operate and scale at cloud speed.

Fast-Tracking Compliance in the Cloud: A Guide to Meeting Customer Requirements Now

Fast-Tracking provides guidance for: Demonstrating cloud compliance and security; Identifying threats and vulnerabilities; Measuring, mitigating, and monitoring risk. It also includes three case studies that show how other organizations have tackled compliance in the cloud.

Jump Starting Cloud Security: A Hands-On Guide to Starting Your Cloud Security Journey

If your organization is just starting out in cloud security — whether it’s a rapidly growing startup or a more established company — this eBook is for you. It’s a roadmap full of industry-proven practices that will put you on the fast track to cloud security monitoring, addressing your first round of security concerns, and measurably improving your security stance.

Additional Threat Stack eBooks From 2017

Blog Posts

We have almost 500 posts on our blog. Here’s a sampling from last year’s output:

People, Processes, & Technology: The 3 Elements of a Rockstar Security Organization

Building and sustaining strong security grows out of an effective integration of the right people, technologies, policies, and procedures. This post gives you insights into how to make these elements work for you.

Enhancing the Power of Your SIEM With Threat Stack’s Intrusion Detection Platform

In this post, Christian Lappin explains how Threat Stack’s intrusion detection platform coupled with a SIEM (Splunk, Sumo Logic, Graylog, or other) is a powerful combination that will yield stronger security, faster results, and lower operating expenses.

How to Use Ops Tools for Security and Security Tools for Ops

As DevOps expands to include more security functions and Security evolves to be more agile, there are compelling reasons why you should know how to use Ops tools for security and security tools for Ops. This post tells you what you need to know.

Prevention Isn’t Enough. Why All Companies Need Detection Too

This post explains why prevention techniques and technologies can’t be your only defense. This post clarifies what detection does that prevention can’t, what to watch out for if you’re relying on prevention alone, and how you can use both in parallel.

5 Cloud Security Tips for Emerging Tech Companies

If you are high on security requirements and low on time, resources, and budget, this post can help you set up a security strategy that offers protection now and scales as your organization grows.

Why HelloSign Chose Threat Stack to Accelerate Security Responses and Simplify Compliance

HelloSign offers secure and legally binding eSignature solutions to companies across all industries. To protect this data, HelloSign is beholden to compliance requirements such as HIPAA and SOC 2, but over and above compliance, HelloSign’s business relies on having a strong security posture that enables customers to trust them with their sensitive documents.

In this post, HelloSign explains why they chose Threat Stack to strengthen their security posture, accelerate security responses, and simplify compliance as they continued to scale.

Whose Fault is That? How NOT to Be a Cloud Security Statistic

Gartner predicts that 95% of cloud security failures from now until 2020 will be the customer’s fault. That means when something goes wrong, it’s probably not AWS or Azure’s fault. Chances are, you’ll have to point the finger at your organization. With that in mind, this post outlines a number of proactive steps you can take to minimize the likelihood that you’ll become one of the cloud security failures.

9 Common Questions About SOC 2 Compliance

SOC 2 is a complex set of requirements that must be reviewed and carefully addressed. But it doesn’t have to be overwhelming. To make SOC 2 more understandable and manageable, this post breaks down nine of the most common basic questions that we hear about SOC 2.

11 Questions to Ask Before Investing in a Cloud Security Solution

Whether you’re in security, operations, or another related discipline, choosing the right cloud security products can be a complex process. With thousands of options, each with their own nuances, how do you know which tool, or mix of tools, is going to be right for your organization? This post will help you identify the solutions that will fit your specific requirements.

Research

Threat Stack Cloud Security Report 2017: Security at Speed & Scale.

This report, based on a survey we conducted with Enterprise Strategy Group, examines ways that Ops, Security, and DevOps professionals are using limited resources to deal with increasingly complex environments as they seek to satisfy security demands and compliance requirements. It also discusses the impact that containerization is having on this complex dynamic.

Final Words . . .

We hope you find these resources useful as you look for solutions to your security and compliance issues. Whether it’s best practices, tips for planning your security strategy, guidance on tools or service providers, or expert insights on how to make sense of compliance in the cloud, Threat Stack is here to provide support.

This post just skims the surface of the resources we have available for you. To locate other great webinars, blog posts, worksheets, ebooks, and more, take a look at our Resources page, and be sure to subscribe to our blog to receive regular information updates.