How to Understand Your Attacker’s Mindset

Security Research & Strategy
6 Min Read

In this post we’ll try to develop an understanding of a typical attacker’s mindset and then show you how companies like yours can use this knowledge to enhance their security posture. Before we dive in, however, let’s ask a basic question: What is a cyber attacker?

A cyber attacker can be any entity — an individual, a group of individuals, a company, etc. — that tries to harm another entity via their cyber infrastructure. Attackers are often portrayed as ruthless entities that go to great lengths and use elaborate resources to attack state-of-the-art company defenses. Defending companies and individuals frequently view these entities as advanced attackers that challenge themselves by trying to break through fortified security controls by attacking them head on. That may be true in a few cases, but most attackers — especially the most seasoned (i.e., the smartest and most successful) — will try to find the path of least resistance and will also try to use the smallest number of resources when attacking. In other words, they use brains rather than brute force to achieve the biggest gain with the least effort. Let’s explore this in more detail below.
Read more “How to Understand Your Attacker’s Mindset”

New eBook: 5 Ways to Strengthen Your SaaS Security & Build Customer Loyalty

Security Research & Strategy
2 Min Read

The SaaS subscription model can make churn an unavoidable issue because there’s nothing to prevent customers from cutting ties with one provider and moving to another.

As a security or operations professional at a SaaS company, you know you have to address trust and loyalty at the platform level so your customers experience optimal performance. You also know you have to deal with the unique security requirements associated with your SaaS infrastructure. The good news is, if you take steps to ensure platform stability, performance, and data security, you’ll be well-positioned to attract prospects and build long-term customer trust.

To help you get there, our new eBook — 5 Ways to Strengthen Your SaaS Security & Build Customer Loyalty — offers practical advice and specific steps you can take to avoid operational pitfalls, secure your SaaS business, and give customers the assurances they need to stay loyal to your service. Read more “New eBook: 5 Ways to Strengthen Your SaaS Security & Build Customer Loyalty”

Getting Started With Security? Here’s the Very First Thing to Do

Security Research & Strategy
4 Min Read

Every organization is unique in the way it functions and the role each team member plays. So when it comes to security, the very first thing you need to do before kicking off a program or updating your strategy is to decide how security will be driven in your organization and how decisions will be made. While this may be managed formally in larger organizations, smaller companies that don’t have a dedicated security team need to structure their approach to security to ensure that they can create effective security coverage using their more limited resources.

With that in mind, here are four recommendations for getting started with a security program in your organization. Read more “Getting Started With Security? Here’s the Very First Thing to Do”

How to Get The Security Conversation Started at Your Organization

Security Research & Strategy
5 Min Read

Security is critical to any business operating in the cloud — in fact, it needs to be a top business priority for the reasons outlined below — and its importance leads many companies to serious conversations about it as early as Day One of operations (if not while the company is still in the planning stages).

If you’re not proactively building out a security program from the earliest days, your turning point could come after a security breach.

But why live under the threat of an incident or put off implementing security measures until something bad happens? It’s much wiser to take a proactive approach to reduce your organization’s risk — and, as we point out below — to reap the other operational and business benefits that are directly connected to good cloud security.

Whatever motivates you to start a security program, the question is “How can you get the initial conversation started in a way that fosters an understanding of the real value of cloud security and wins you the support your project will need to carry it from a concept to an ongoing program?”

The good news is there are best practices that can help your program gets traction. In this post, we explore four that will help you successfully prepare for and manage the initial security conversation at your company. Read more “How to Get The Security Conversation Started at Your Organization”

How to Work Backwards to Develop a Sound Security Strategy

Security Research & Strategy
3 Min Read

In today’s cloud-based environments, security threats can move faster and do more damage than ever before. To avoid a financial and technological repercussions, companies must be proactive with their security strategies and have the ability to act fast.

A common approach is to “over-secure” company systems, but this can unnecessarily limit employee access to important tools and hinder productivity. Alternatively, those who know security well realize that if you offer employees too much access, it can open your business to security vulnerabilities.

A better approach centers on striking the right balance between security and practicality, and the way companies can achieve this is by working backwards from the ideal security scenario to formulate their strategy.

In this post, we’ll explore ways that security leaders can approach technology in a manner that is both usable for employees but also secure for the company. To do this, they must begin with an analysis of the risks and the needs of their employees. Let’s dive in. Read more “How to Work Backwards to Develop a Sound Security Strategy”

New eBook: Myth Busting Intrusion Detection

Security Research & Strategy
2 Min Read

Your Guide to Intrusion Detection for Modern Infrastructure

Many organizations that need cloud security are laboring behind a cloud of myths — unable to clearly define their requirements and match them to technology solutions and best practices that will enable them to operate securely at speed and scale in the cloud. Our new eBook — Myth Busting Intrusion Detection — is designed to clarify these issues. Read more “New eBook: Myth Busting Intrusion Detection”

A Straightforward Workflow to Define Your Cloud Security Strategy

AWS Security, Security Research & Strategy
4 Min Read

Security is a big concern for organizations of pretty much every size and shape. Once you have organization-wide agreement that security is a priority (for most companies today, this is a no-brainer), it’s time to get to work.

So where do you start? Of course, you’ll need an individual or an interdisciplinary group to lead your security initiatives, but beyond that, it’s a matter of focusing on the right things at the right time to get your security program up and running as quickly and as smoothly as possible. Getting it done right should always be an objective, and getting it done quickly is also highly desirable — especially if you have a legal or customer requirement to become more secure.

In our latest webinar, “Automating Security and Compliance for Your Cloud Deployment,” Chris Gervais, Threat Stack’s VP of Engineering, and Katie Paugh, G2 Technology Group’s Security Architect discussed a simple workflow that every company can follow to successfully implement an effective security plan. Watch the full recording or read the main points below. Read more “A Straightforward Workflow to Define Your Cloud Security Strategy”

5 Security Blogs Your CFO Needs to Read

All Things Compliance, Security Research & Strategy
4 Min Read
5 Security Blogs Your CFO Needs to Read

Before I started working at Threat Stack, security was not always at the top of my priority list. Now, as the CFO of a leading cloud security company, I’ve learned to take a more holistic view of security: I still view it as a necessity that ensures the safety of an organization’s data and systems, of course, but I also understand that it can be a powerful business enabler and business driver.

Put another way, I no longer view security as just an expense (a “necessary evil”?), and see it as an investment that adds ongoing value throughout the organization and beyond as it not only provides foundational security, but also bolsters corporate reputation, adds confidence to customer relations, streamlines sales cycles, reassures board members and investors, helps with achieving compliance, and so on.

In spite of the huge value it adds, security can still be something of a hard sell — especially in companies where resources, including budget, are limited. With that in mind, I want to use this post to share some of the things I’ve learned as CFO at Threat Stack. Read more “5 Security Blogs Your CFO Needs to Read”

When It’s Time To Put An Engine In Your Cloud Security Lifeboat

Security Research & Strategy
5 Min Read

Oftentimes companies wait until they grow to a certain size or have a full technology stack before they begin thinking seriously about security. The problem with this is that, statistically, it’s a matter of when you will have a security problem, not if.

So our observation is: If you wait until your company reaches some arbitrary milestone before implementing mature security practices, you may already be late to the game. (If you’ll pardon the obvious, it’s not a great practice to put your life jacket on after your boat gets in trouble; it’s much better to put it on at the very start — i.e., as soon as you board the boat.)

Security maturity actually has nothing to do with the size of your operations — and a great deal to do with how you manage the risk that is inherent in any environment. Even in the smallest companies, security can have a major impact. And we’re not just talking about implementing two-factor authentication or using VPNs (although these are, of course, important). We’re talking about the importance of starting to use a comprehensive approach to monitoring and protecting your infrastructure (on-prem, cloud, or hybrid) as early as possible.

The good news is, today you don’t need dozens of security tools or a major budget to start building end-to-end protection. But you do need to be smart about when and how you implement security. If you haven’t integrated security into your operations from Day 1, this post reviews four transformative events (planned or otherwise) that signal when it’s time to get serious about your organization’s cloud security maturity. Read more “When It’s Time To Put An Engine In Your Cloud Security Lifeboat”

How to Adapt Your Risk Management Strategy for the Cloud

Security Research & Strategy
5 Min Read

Security has always been about accepting and managing risk. It’s not about becoming the most secure company; its goal is to protect against likely threats to your unique organization. But how do you know when a new risk crops up? And how can you stay on top of this in a rapidly changing cloud environment with more endpoints to monitor?

Fortunately, the cloud doesn’t just introduce new risks. It also offers new opportunities for successful risk management. And while managing risk in the cloud may seem overwhelming, it can actually become a lot more streamlined if you do it right. In this post, we’ll explain how risk management is different in the cloud and how you can adapt with a few simple shifts to your current approach. Read more “How to Adapt Your Risk Management Strategy for the Cloud”