The Importance of Security Monitoring to Achieving Compliance in the Cloud

Monitoring is the most reliable method of identifying and tracking users who are accessing data on company systems. Whether you’re on the lookout for an unauthorized employee viewing confidential patient data, or a malicious outsider trying to steal cardholder data, monitoring is indispensable to a strong security posture.

As well, monitoring is a requirement for just about every major compliance framework and regulation, from PCI DSS to HIPAA and beyond. For the sake of this post, we’ll be focusing on security monitoring requirements for PCI DSS and HIPAA, two of the most widely applicable regulations today.

Read more “The Importance of Security Monitoring to Achieving Compliance in the Cloud”

Proactive Software Testing Meets Proactive Security Monitoring at Applause

Software bugs, like security vulnerabilities, can crop up in unexpected places, and the only way you can really be prepared for them is by testing and monitoring in real-world scenarios. Lab testing can only go so far when it comes to software performance (and security vulnerabilities, for that matter), and that’s exactly how Applause came about. We realized there was a big opportunity to create a new way to test software, websites, mobile apps and other digital properties using a global community of professional testers that could actually test on real devices in real locations under real-world conditions.

Read more “Proactive Software Testing Meets Proactive Security Monitoring at Applause”

Monitorama 2016: Monitoring Tools and the People Who Use Them

If I learned one thing at Monitorama 2016 in Portland, Oregon, it’s this: it has never been easier to monitor your infrastructure. Not only have the tools come a long way in the last few years, but the community and perspectives on monitoring have rallied as well, by focusing on the people who build and use monitoring systems.

Read more “Monitorama 2016: Monitoring Tools and the People Who Use Them”

Threat Stack Takes Center Stage at BSides Boston 2014

Right on the heels of traveling out to Monitorama in Portland, OR, we will be making a splash at BSides Boston. Having been to several BSides events across the country in the past, we’re excited to immerse ourselves in this one — and right in our own backyard!

Mark Thomas and Bill Young of Threat Stack will be speaking at BSides, expanding the local security community on topics of cloud security monitoring and operations security.

Schedule (full schedule here)

Mark Thomas, our Principal Software Engineer, will be speaking on “Smarter Detection and Faster Incident Response”.

When: Friday, May 9th at 2:20pm

Wrapping things up for us, Bill Young, our Senior Infrastructure Engineer, will be speaking on “Security Monitoring for DevOps”.

When:  Saturday, May 10th at 4pm

We look forward to being among many other top-tier security experts in the local Boston area and contributing to the next big innovations in cloud security.

Will you be at BSides Boston this weekend? Mark and Bill would be happy to meet you, so be on the lookout for us. You can follow along with the event at @BSidesBoston and @ThreatStack.

Our new Snorby Cloud sensor setup is amazing

When Dustin developed and launched Snorby in 2009, he had a vision of creating an application that made the process of analyzing and classifying events accessible as simple as possible for analysts. While this helped make NSM accessible to more people, the process of actually deploying the sensor infrastructure remains cumbersome.

Read more “Our new Snorby Cloud sensor setup is amazing”