Threat Stack’s New Packaging for Your Cloud Security Journey

Security maturity in the cloud is an important topic lately, from evolving security with existing DevOps practices, to automating security across your infrastructure, to getting the information you need to piece together what occurred when there is a security incident.

And at the same time, many organizations just don’t know where to start. Read more “Threat Stack’s New Packaging for Your Cloud Security Journey”

Demonstrating PCI Compliance Using Threat Stack

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data. Threat Stack customers frequently ask us how Threat Stack can help them comply with these two sets of requirements:

  • Requirement 10: Track and monitor all access to network resources and cardholder data (in other words, determine the who, what, where, and when)

  • Requirement 11: Regularly test security systems and processes (in order to continuously monitor and test security controls)

The good news is that the following Threat Stack features can provide significant benefits to customers who need to satisfy PCI Compliance Requirements 10 and 11:

  • Configuration Auditing
  • Vulnerability Scanning
  • Rules monitoring file integrity, logins, network access, and threat intelligence activity

In the remainder of this post, we’ll demonstrate how these can help you meet your PCI compliance and security goals. Read more “Demonstrating PCI Compliance Using Threat Stack”

How to Use Automation to Improve Your Cloud Security Posture

Automating security processes and workflows can help teams lower Mean Time To Resolution (MTTR), maintain or strengthen an organization’s security posture, and drive operational efficiency. Sounds pretty good, right?

In our recent Cloud Security Use Cases Playbook, we took a look at the key operational processes that all teams should have in place and some of the ways they can continually optimize those processes over time. Today, let’s take a look at how automation can provide ongoing, deep visibility and supercharge your security operations, all while saving you time and resources. Read more “How to Use Automation to Improve Your Cloud Security Posture”

Writing a Web Service Using Python Flask

Many of our customers are building useful services using our webhook feature — but unfortunately, others are not. Often we hear that no one on their team is proficient enough to write a service that can ingest a webhook payload and do something with the data. That leaves them either hoping to get cycles from their development team (unlikely) or continuing to do without.

But what if you could write your own web services? How many routine tasks that involve taking data from system A and inputting it into system B could you automate?

Learning to code well enough can be a major skill in your tool chest and a major asset for optimizing security processes in your organization.

So in this post, I’m going to walk you through a tutorial that will get you started on the road to writing your own web services using Python Flask. Read more “Writing a Web Service Using Python Flask”

To Build or Buy Your Own Security Platform: That is the Question

What’s your priority: to become a Security Company or be a Secure Company?

If you’re truly in the security business, then of course you’ll be building your own security platform. For all the rest, please keep reading . . .

In this post I will cover some of the challenges involved in building a cloud security platform like Threat Stack. My goal is to give you a clear idea of what is involved and the complexity, so you can make a decision about building or buying that is meaningful from both an engineering and a business perspective.

Spoiler alert: In my view, the right choice for most companies is not to build their own security. Most should strive to become Secure Companies so they can get on with their core business.  Read more “To Build or Buy Your Own Security Platform: That is the Question”

To Predict Cloud Security’s Future, We Must First Understand Its Past

The conversations about cloud security are changing rapidly. A few years ago, companies were hesitant to even talk about moving to the cloud because of all the unknowns — specifically in regard to security. Cloud service providers like Amazon, Google, and Microsoft have made bold commitments to security, so today the conversation is shifting from how secure the cloud itself is, to how individual companies can better secure their data and systems.

On Tuesday, January 17, Threat Stack’s Director of Products, Vikram Varakantam, and OneLogin’s CISO, Alvaro Hoyos, hosted a webinar to discuss where they each see cloud security headed in the coming year. Read more “To Predict Cloud Security’s Future, We Must First Understand Its Past”

Boston Cloud Security & Incident Management Workshop Recap

Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.

Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination! Read more “Boston Cloud Security & Incident Management Workshop Recap”

Why Banks are Moving to the Cloud — And Why You Should Too

A major shift is taking place in banking right now. It’s a shift many banks have been pretty hush-hush about until now, and that naysayers said would never happen.

Banks are rapidly testing and moving to the cloud.

What happened in the past two years that changed how the banking industry approaches the cloud? Two words: Capital One. In October 2015, Capital One’s CIO, Rob Alexander, revealed that the bank was all-in on AWS. They were one of the very first U.S. banks to not only commit to the cloud in a big way, but also to announce it loudly and proudly. Read more “Why Banks are Moving to the Cloud — And Why You Should Too”