Measurably Decreasing Mean-Time-To-Know With Threat Stack

In our last post, we took a look at traditional security incident response vs. the possibility to dramatically increase security velocity (which I affectionately nicknamed “spacefolding”).

We viewed this through the lens of a conventional response timeline that can take hours and days — versus seeing into exactly what occurred and decreasing the Mean Time-To-Know (MTTK) for a security incident — because all of the relevant information is visible and available to you.

In this post, we’ll take this premise into a real-world example that may be familiar to many organizations running instances on AWS. Read more “Measurably Decreasing Mean-Time-To-Know With Threat Stack”

Increasing Security Response Velocity

I recently added a Starz subscription to my Amazon Prime and found a new supply of science fiction movies. One of these, Deja Vu, is a time travel story from a decade ago; a weird mashup of the post-9/11 terror attack genre mixed with science fiction. In the film, a terror attack takes place in New Orleans and a small army of government men-in-black from various state and Federal agencies respond. Because the attack involved a ferry, the NTSB and FBI collaborate along with elements of the ATF, including a talented investigator played by Denzel Washington.

Read more “Increasing Security Response Velocity”

The Case of the Missing Context (And Why Cloud Security Needs It)

Dr. Watson is the intellectual and gentlemanly sidekick of fictional detective Sherlock Holmes. With Watson at his side, Sherlock is able to better navigate the complexities of human emotion (not his forte), so Sherlock leans on Watson, and understandably so. They make a good pair.

But while Watson is able to solve the odd mystery himself, only the highly observant Sherlock, with his machine-like analytical mind, is able to produce the insight needed to crack their toughest cases.

You can think of cloud security in the same way. A basic cloud security system will probably alert you to many of the biggest, most obvious attacks. But without sufficient context, you won’t be able to see the full scope of impact. You won’t know where it has spread in your system or what kind of damage it has done. Even if you manage to stop it in one area, you may not succeed in defeating it, and the ramifications can be distressing.

Cloud context gives you the clarity of a Sherlock Holmes.

Read more “The Case of the Missing Context (And Why Cloud Security Needs It)”

Contextual Data: Answering Who, What, Where, When?

What if one day you came home and a bunch of your valuables had been stolen: computers, jewelry, that big screen TV… When you call the police to report the burglary, the first thing they will ask for to begin the investigation is context:

What time did it happen?

Was there a break-in? If not, who had keys to your house?

Where were your valuables being stored?

The more information they have, the better the chances they they will track down the culprit and get your stuff back. Now, if you have a home surveillance system set up—say, a Dropcam or Canary —they’re going to have even more information to work with: timestamps, video footage, audio, etc.

All in all – the more context you have, the better. The same applies to cloud security. When something goes awry, context is what guides you about what to do, where to start investigate, who’s at fault?

Read more “Contextual Data: Answering Who, What, Where, When?”

Threat Stack Takes Center Stage at BSides Boston 2014

Right on the heels of traveling out to Monitorama in Portland, OR, we will be making a splash at BSides Boston. Having been to several BSides events across the country in the past, we’re excited to immerse ourselves in this one — and right in our own backyard!

Mark Thomas and Bill Young of Threat Stack will be speaking at BSides, expanding the local security community on topics of cloud security monitoring and operations security.

Schedule (full schedule here)

Mark Thomas, our Principal Software Engineer, will be speaking on “Smarter Detection and Faster Incident Response”.

When: Friday, May 9th at 2:20pm

Wrapping things up for us, Bill Young, our Senior Infrastructure Engineer, will be speaking on “Security Monitoring for DevOps”.

When:  Saturday, May 10th at 4pm

We look forward to being among many other top-tier security experts in the local Boston area and contributing to the next big innovations in cloud security.

Will you be at BSides Boston this weekend? Mark and Bill would be happy to meet you, so be on the lookout for us. You can follow along with the event at @BSidesBoston and @ThreatStack.