How to Use Threat Stack to Enable Proactive Security

We recently discussed some pretty sobering statistics in the world of cybersecurity, ranging from astronomical misconfiguration rates to the depressing lack of speed with which breaches are detected. Not only are attacks more sophisticated than ever before, but infrastructure is too, with sensitive data spread across various servers, service providers, containers, and even SaaS platforms. No matter how worrisome these statistics, however, each and every one can be mitigated, for the most part, when an organization takes a proactive approach to security.

So what does a proactive security approach look like, exactly? It involves SecOps best practices, where Security is integrated with Development and Operations from the outset and where communication between teams takes priority. It also means putting in place repeatable processes and replacing costly, time-consuming, ad hoc procedures with automation wherever possible.

Transforming your culture to support a proactive security culture can be a daunting prospect to be sure. While 85% of respondents to our recent survey said that employing SecOps best practices is an important goal for their organizations, only 35% reported that SecOps is currently an established practice. Held back by overworked and under-resourced security professionals thanks to an industry-wide skills gap, many organizations simply don’t know where to begin when it comes to establishing a more proactive security posture.

Here’s the good news. The Threat Stack Cloud Security Platform® enables your Security and Operations teams to build security into their workflows from the start to make your organization’s approach to security more proactive. Here’s how. Read more “How to Use Threat Stack to Enable Proactive Security”

How to Use Threat Stack to Reduce Mean Time To Know

Mean Time To Detect (MTTD) and Mean Time To Know (MTTK) are two of the most important metrics in security operations. Respectively, they measure the following:

  • MTTD: How quickly you can identify something and generate an alert. It determines how fast you’re notified when something suspicious happens anywhere in your cloud or on-premises environment. Today, most security tools keep MTTD low, so you probably receive alerts pretty quickly.
  • MTTK: How fast you can sort signal from noise when you get an alert. It measures how efficient the security team is at detecting real threats and understanding what those threats are. The shorter MTTK is, the sooner you will catch an attack in progress and be able to put a stop to it, reducing the negative consequences for your organization.

You can probably see why MTTK is a lot harder to make an impact on. It’s like seeing how fast you can find a needle in a haystack. Difficult, to say the least!  

To begin, security teams are barraged with alerts on a daily basis, requiring manual work to sift through the noise to find a signal that indicates a real issue. Add on all the other tasks that need to be done aside from alert investigations, and it’s seemingly impossible to get ahead.

This is where automation comes in. Automation not only eliminates the need to manually handle tedious tasks (like alert response). It also helps you to optimize your existing resources, empowering them to actually focus on MTTK and get it under control.

In this post, therefore, we’ll take a closer look at how the Threat Stack Cloud Security Platform® can help you integrate security into your operations from the start so you can optimize alert handling and significantly reduce your MTTK. Read more “How to Use Threat Stack to Reduce Mean Time To Know”

Threat Stack Cloud Security Platform: Streamlined Workflows, Part 2

In the first part of 2016, Threat Stack’s Product Development team concentrated on its goal of continuing to build a powerful, cloud-based security platform with all the features users need to keep their cloud environments protected as they scale.

More recently, we have focused on our second goal — streamlining workflows in three key areas of our Cloud Security Platform® — to ensure that it is easy to use and customize, thus enabling users to move as fast as possible while they prioritize security issues and strengthen their organization’s security.

In Part 1 of this series I explained how we streamlined our Host Intrusion Detection (HIDS) workflows. In Part 2, I am going to describe improvements we’ve made to workflows in the following two areas:

  • Server Management
  • Software Vulnerability Assessment and Management

Read more “Threat Stack Cloud Security Platform: Streamlined Workflows, Part 2”

Threat Stack Cloud Security Platform: Streamlined Workflows, Part 1

At Threat Stack, we have two high-level goals when it comes to product development. First, we want to continue to build a powerful, cloud-based security platform with all the features users need to keep their cloud environment protected as they scale. And second, we want to create a platform that’s easy to use and customize, so users can move as fast as possible and also strengthen their organization’s security.

In the first part of 2016 we put a large effort into the first goal, increasing the breadth and depth of our feature set, including vulnerability assessment, more powerful investigative tools, etc. Recently we have focused heavily on the second goal, streamlining workflows in three areas of our Cloud Security Platform®:

  • Host Intrusion Detection (HIDS) Rules Management
  • Management of Servers protected by Threat Stack
  • Software Vulnerability Assessment and Management

In this post, I’ll discuss how users can customize HIDS using the streamlined rules management functionality. In a follow-up post, I will talk about streamlined workflows that are now available for server management and software vulnerability assessment and management.

Read more “Threat Stack Cloud Security Platform: Streamlined Workflows, Part 1”

Contextual Data: Answering Who, What, Where, When?

What if one day you came home and a bunch of your valuables had been stolen: computers, jewelry, that big screen TV… When you call the police to report the burglary, the first thing they will ask for to begin the investigation is context:

What time did it happen?

Was there a break-in? If not, who had keys to your house?

Where were your valuables being stored?

The more information they have, the better the chances they they will track down the culprit and get your stuff back. Now, if you have a home surveillance system set up—say, a Dropcam or Canary —they’re going to have even more information to work with: timestamps, video footage, audio, etc.

All in all – the more context you have, the better. The same applies to cloud security. When something goes awry, context is what guides you about what to do, where to start investigate, who’s at fault?

Read more “Contextual Data: Answering Who, What, Where, When?”

Introducing Vulnerability Management at the Workload Layer

You know that feeling you sometimes get after you’ve left the house for the day and suddenly fear you didn’t lock the door? You have two options: Turn back around to check, ensuring your home will be safe and secure while you’re gone, or leave it to chance, hoping you locked the door, but worrying all day that you didn’t…

The same situation presents itself when it comes to vulnerabilities within software-defined environments. The options? Embrace a “trust but verify” mindset by proactively monitoring for vulnerabilities, or do nothing, leaving to chance the security of company data, customer data and, as a result, the very existence of your business. Read more “Introducing Vulnerability Management at the Workload Layer”

Announcing Threat Stack Cloud Security Platform

You know that feeling you got as a kid the night before your birthday? That’s been us over at Threat Stack for the last few months. It’s taken all the willpower we could muster to keep it a secret, but today we’re letting the cat out of the bag. We’re thrilled to announce the brand new Threat Stack Cloud Security Platform® (or CSP, as we like to call it), the industry’s first fully integrated cloud security suite. Cloud-native and platform-independent, the Threat Stack CSP measurably reduces the expense and complexity required to identify threats, keep data protected and automate compliance requirements.

Intrigued? Read on…

Read more “Announcing Threat Stack Cloud Security Platform”