How to Use Automation to Decrease Mean Time To Know

Mean Time To Know (or MTTK for short) is one of the most important metrics in security operations. It measures how efficient the security team is at detecting real threats. The shorter it is, the sooner you will catch an attack in progress and be able to put a stop to it, reducing the negative consequences for your organization. 

But the reality is, it’s not so easy to reduce MTTK. For starters, security teams are barraged with alerts on a daily basis, requiring manual work to sift through the noise to find a signal that indicates a real issue. Add on all the other tasks that need to be done aside from alert investigations, and it’s seemingly impossible to get ahead.

This is where automation comes in. Automation not only eliminates the need to manually handle tedious tasks (like alert response). It also helps you to optimize your existing resources, empowering them to actually focus on MTTK and get it under control.

In this post, we’ll take a closer look at what MTTK is (and isn’t) and how you can leverage automation to effectively decrease it. Read more “How to Use Automation to Decrease Mean Time To Know”

How to Prioritize Security Tasks When You Have Limited Resources

Many organizations have limited resources (time, personnel, and money) for IT, and oftentimes only a small portion of that is devoted to security. Given the limited resources available to create and execute a best practice security plan, you will need to face up to these constraints and prioritize security tasks.

But how, exactly, should you go about strategically prioritizing your security needs? How can you determine which aspects need to be addressed first and which can be dealt with later? After all, aren’t they all important? Read more “How to Prioritize Security Tasks When You Have Limited Resources”

How to Use Automation to Improve Your Cloud Security Posture

Automating security processes and workflows can help teams lower Mean Time To Resolution (MTTR), maintain or strengthen an organization’s security posture, and drive operational efficiency. Sounds pretty good, right?

In our recent Cloud Security Use Cases Playbook, we took a look at the key operational processes that all teams should have in place and some of the ways they can continually optimize those processes over time. Today, let’s take a look at how automation can provide ongoing, deep visibility and supercharge your security operations, all while saving you time and resources. Read more “How to Use Automation to Improve Your Cloud Security Posture”

How to Ensure Simple and Efficient Security Deployments

On the heels of the recent announcement that Threat Stack has joined the Chef Partner Cookbook Program, it’s a good time to talk about some of the advances we’ve made in our configuration management (CM) and automation tools over the past few months — and to emphasize that these are part of a larger set of criteria that differentiate the Threat Stack platform.
Read more “How to Ensure Simple and Efficient Security Deployments”

Behavioral Threat Monitoring Without Models

One of the great things about the cloud is the ability for companies to grow and shrink their infrastructure elastically to meet varying levels of demand. What many people don’t think about is how to secure this sprawl of cloud compute instances. As new systems are deployed, how do you enforce a policy on them? How do you look for anomalous behavior when an instance hasn’t been up long enough to determine a baseline?

Cloud Sight has solved this problem from day 1 with our policy framework. Our policies encompass all attributes of an instance’s security posture: alert rules, file integrity rules, firewall rules, so many rules! But also, each policy has a unique, learned behavioral model associated with it. For example, an Apache web server process doesn’t usually fork /bin/sh. When our agent is activated, the instance’s baseline is already established from its peers which enables us to immediately start monitoring for anomalies.

Read more “Behavioral Threat Monitoring Without Models”