Why You Can’t Wait Until a Security Person is Hired

Organizations wait to implement security solutions for a variety of reasons. One that we often hear is that they’re looking to land that cloud service security expert to help them make all the right product selections and correctly implement and maintain the solutions they choose.

This would be great in a perfect world: these organizations would make that hire, buy those products, and start improving security.

Unfortunately there’s a big gap between the ideal world and the one we actually operate in. Read more “Why You Can’t Wait Until a Security Person is Hired”

What Insurance Companies Need to Know About Cloud Security in 2017

Few understand the concept of mitigating risk better than the insurance industry. The insurance industry faces a unique set of challenges when it comes to cloud adoption and security. In this post, we’ll walk through some of the reasons why moving to the cloud is an excellent idea for insurance companies and provide some guidance on how they can overcome the most common hurdles. Read more “What Insurance Companies Need to Know About Cloud Security in 2017”

Your Year-End Cloud Security Health Check: Reflections and Resolutions

It’s the end of the year — a classic time for reflection. So before we charge into 2017, let’s ask:

  • What went well in the world of security this year?
  • What are the areas for improvement?
  • How can you stay ahead of the bad guys in 2017?

Cloud security in particular took some big leaps forward over the past year, but there is still a lot to learn and improve upon in the year ahead. So let’s take a look at where and how. Read more “Your Year-End Cloud Security Health Check: Reflections and Resolutions”

According to Our Readers: Threat Stack’s Top 10 Blog Posts for 2016 (and More)

One of our goals at Threat Stack is sharing information that will help you learn about the current cloud security threat landscape in order to effectively and more easily manage your organization’s security issues — and confidently get on with running your business.

To this end, the Threat Stack blog is a terrific repository of articles that cover a range of security topics. If you’re not a regular reader, we encourage you to start exploring — and in the meantime, have a look at the ten most-read posts of 2016. Read more “According to Our Readers: Threat Stack’s Top 10 Blog Posts for 2016 (and More)”

How to Optimize Your Incident Response Process in the Cloud

Bad guys know the faster they move, the more they’ll be able to accomplish: the more data they’ll be able to steal, the more money they’ll be able to extort, the more damage they can do to your reputation. So it’s a race to see whether the bad guys can move faster than the good guys. You don’t want to be on the wrong side of that equation.

One way to move fast is to optimize your alerting and incident response processes (which are, of course, tightly connected). What does this mean in practice? It means your security tools need to be integrated into the operations team’s workflows so the moment a security issue is detected, an alert is sent to those who can fix it, enabling them to take rapid action based on solid information. Doing this will optimize security workflows and improve operational support.

Here’s an effective way to optimize alerting and incident response. Read more “How to Optimize Your Incident Response Process in the Cloud”

Test Systems: The Soft Underbelly of System Security

Test systems are the guts of your overall system design. Test systems embody an incredible amount of the history of how your team’s code and development practices turn into the tools, applications, and services you provide to your users. Most importantly, these systems show how your systems, tools, and applications mature and refine, and every brilliant and embarrassing decision your team made to create your product can often be found there.

But the contents of test environments, whether it’s test frameworks, CSV files, or a rainbow of test data, can be very sensitive, and more importantly, your test systems could contain a decade or more of information related to the development of your systems, tools, and applications. In spite of the potential sensitivity of the data in these systems, the often ad hoc, or ShadowOPS, nature of their development, frequently means that test systems do not undergo the same security scrutiny as other parts of your development environment or production systems, and this means that the risk associated with them probably outstrips the regular investment that has been made to secure them. So from a security point of view, it’s time to right the balance — to toughen up the soft underbelly of your test systems so they don’t undermine your test, dev, and production environments. Read more “Test Systems: The Soft Underbelly of System Security”

How to Monitor Outbound and Inbound Connections to Maintain Cloud Security

When it comes to staying secure in the cloud, an important practice is to monitor both incoming and outgoing connections from your network. Why? Monitoring and alerting on “interesting” (i.e., anomalous) network connections going in and out of cloud environments can provide early breach detection to cloud security operations teams.

Here’s how to put this type of security monitoring into practice in your organization. Read more “How to Monitor Outbound and Inbound Connections to Maintain Cloud Security”

The USENIX LISA 2016 Conference: In Their Own Words

The USENIX LISA 2016 Conference wrapped up a week ago after a tremendous five-day program of workshops, training sessions, presentations, talks, and more. Our own Pat Cable, Threat Stack Security Engineer, lent his expertise as “Invited Talks Co-Chair,” and Threat Stack was a proud sponsor of the event.

Full length presentations and videos will soon be available on the LISA site, but we thought it would be fun and informative to follow LISA’s motto of “More Craft, Less Cruft” by bringing you short video interviews with five LISA16 attendees and presenters.

So in their own words, here’s what they had to say about their favorite projects, the importance of security, and anything else that was top of mind. Read more “The USENIX LISA 2016 Conference: In Their Own Words”

The Cloud Security Use Cases Playbook

Over the last year, we have published a number of playbooks that, together, deliver strategic and tactical information to guide you from high-level planning down to effective implementation, day-to-day operations, and ongoing improvement of security across your cloud infrastructure.

One of our earlier publications, The Cloud Security Playbook, focused on the need for companies to develop a comprehensive cloud security strategy if they are operating in or migrating to the cloud.

We’re excited to be launching the next Playbook in this series that is shifting from strategy to tactics.

Given Cloud Security’s relatively short history and interdisciplinary nature, it’s important for us to share practical, real-world information that will guide organizations as they start to implement security measures across their modern infrastructure — or if already established — improve their operations and strengthen their security. Read more “The Cloud Security Use Cases Playbook”

Measurably Decreasing Mean-Time-To-Know With Threat Stack

In our last post, we took a look at traditional security incident response vs. the possibility to dramatically increase security velocity (which I affectionately nicknamed “spacefolding”).

We viewed this through the lens of a conventional response timeline that can take hours and days — versus seeing into exactly what occurred and decreasing the Mean Time-To-Know (MTTK) for a security incident — because all of the relevant information is visible and available to you.

In this post, we’ll take this premise into a real-world example that may be familiar to many organizations running instances on AWS. Read more “Measurably Decreasing Mean-Time-To-Know With Threat Stack”