We recently discussed some pretty sobering statistics in the world of cybersecurity, ranging from astronomical misconfiguration rates to the depressing lack of speed with which breaches are detected. Not only are attacks more sophisticated than ever before, but infrastructure is too, with sensitive data spread across various servers, service providers, containers, and even SaaS platforms. No matter how worrisome these statistics, however, each and every one can be mitigated, for the most part, when an organization takes a proactive approach to security.
So what does a proactive security approach look like, exactly? It involves SecOps best practices, where Security is integrated with Development and Operations from the outset and where communication between teams takes priority. It also means putting in place repeatable processes and replacing costly, time-consuming, ad hoc procedures with automation wherever possible.
Transforming your culture to support a proactive security culture can be a daunting prospect to be sure. While 85% of respondents to our recent survey said that employing SecOps best practices is an important goal for their organizations, only 35% reported that SecOps is currently an established practice. Held back by overworked and under-resourced security professionals thanks to an industry-wide skills gap, many organizations simply don’t know where to begin when it comes to establishing a more proactive security posture.
Here’s the good news. The Threat Stack Cloud Security Platform® enables your Security and Operations teams to build security into their workflows from the start to make your organization’s approach to security more proactive. Here’s how. Read more “How to Use Threat Stack to Enable Proactive Security”
Mean Time To Detect (MTTD) and Mean Time To Know (MTTK) are two of the most important metrics in security operations. Respectively, they measure the following:
- MTTD: How quickly you can identify something and generate an alert. It determines how fast you’re notified when something suspicious happens anywhere in your cloud or on-premises environment. Today, most security tools keep MTTD low, so you probably receive alerts pretty quickly.
- MTTK: How fast you can sort signal from noise when you get an alert. It measures how efficient the security team is at detecting real threats and understanding what those threats are. The shorter MTTK is, the sooner you will catch an attack in progress and be able to put a stop to it, reducing the negative consequences for your organization.
You can probably see why MTTK is a lot harder to make an impact on. It’s like seeing how fast you can find a needle in a haystack. Difficult, to say the least!
To begin, security teams are barraged with alerts on a daily basis, requiring manual work to sift through the noise to find a signal that indicates a real issue. Add on all the other tasks that need to be done aside from alert investigations, and it’s seemingly impossible to get ahead.
This is where automation comes in. Automation not only eliminates the need to manually handle tedious tasks (like alert response). It also helps you to optimize your existing resources, empowering them to actually focus on MTTK and get it under control.
In this post, therefore, we’ll take a closer look at how the Threat Stack Cloud Security Platform® can help you integrate security into your operations from the start so you can optimize alert handling and significantly reduce your MTTK. Read more “How to Use Threat Stack to Reduce Mean Time To Know”
Threat Stack was honored in four categories as winners of the 14th Annual Info Security PG’s Global Excellence Awards® were announced in San Francisco at a gala attended by finalists, judges, and industry peers:
Read more “Threat Stack a Four-Time Winner in 2018 Info Security Products Guide’s Global Excellence Awards”
This is a guest blog post by Steve Caldwell, Director of Engineering at Springbuk, a health analytics software company that unifies pharmacy, biometric, and activity data, as well as medical claims to help employers make better decisions about employee health benefit programs.
As a health analytics company, Springbuk helps companies make better decisions around disease prevention and management through data. As such, meeting HIPAA requirements and following security best practices are very important to us; to ensure that we’re always compliant and as secure as possible, we needed to get a better handle on how security was managed across the organization. Read more “Springbuk Case Study: How to Get Ahead of Compliance and Security Requirements on AWS”
In the first part of 2016, Threat Stack’s Product Development team concentrated on its goal of continuing to build a powerful, cloud-based security platform with all the features users need to keep their cloud environments protected as they scale.
More recently, we have focused on our second goal — streamlining workflows in three key areas of our Cloud Security Platform® — to ensure that it is easy to use and customize, thus enabling users to move as fast as possible while they prioritize security issues and strengthen their organization’s security.
In Part 1 of this series I explained how we streamlined our Host Intrusion Detection (HIDS) workflows. In Part 2, I am going to describe improvements we’ve made to workflows in the following two areas:
- Server Management
- Software Vulnerability Assessment and Management
Read more “Threat Stack Cloud Security Platform: Streamlined Workflows, Part 2”
At Threat Stack, we have two high-level goals when it comes to product development. First, we want to continue to build a powerful, cloud-based security platform with all the features users need to keep their cloud environment protected as they scale. And second, we want to create a platform that’s easy to use and customize, so users can move as fast as possible and also strengthen their organization’s security.
In the first part of 2016 we put a large effort into the first goal, increasing the breadth and depth of our feature set, including vulnerability assessment, more powerful investigative tools, etc. Recently we have focused heavily on the second goal, streamlining workflows in three areas of our Cloud Security Platform®:
- Host Intrusion Detection (HIDS) Rules Management
- Management of Servers protected by Threat Stack
- Software Vulnerability Assessment and Management
In this post, I’ll discuss how users can customize HIDS using the streamlined rules management functionality. In a follow-up post, I will talk about streamlined workflows that are now available for server management and software vulnerability assessment and management.
What if one day you came home and a bunch of your valuables had been stolen: computers, jewelry, that big screen TV… When you call the police to report the burglary, the first thing they will ask for to begin the investigation is context:
What time did it happen?
Was there a break-in? If not, who had keys to your house?
Where were your valuables being stored?
The more information they have, the better the chances they they will track down the culprit and get your stuff back. Now, if you have a home surveillance system set up—say, a Dropcam or Canary —they’re going to have even more information to work with: timestamps, video footage, audio, etc.
All in all – the more context you have, the better. The same applies to cloud security. When something goes awry, context is what guides you about what to do, where to start investigate, who’s at fault?
Read more “Contextual Data: Answering Who, What, Where, When?”
February is the month of love, and we may be biased, but we’re head over heels for the new and improved Threat Stack! If you’ve been keeping up with us on our blog or over on Twitter recently, you’ve noticed that we started 2016 off with a pretty big bang. From a completely new platform to several key new features, we wanted to share it all with you today.
Read more “Threat Stack February Recap”
What roadblocks will attackers come across when attempting to penetrate your workload? If you’re drawing a blank, chances are your attackers will have it easy when they decide to attack your environment.
Read more “How to Integrate Threat Intelligence With Your Cloud Security Operations”
You know that feeling you sometimes get after you’ve left the house for the day and suddenly fear you didn’t lock the door? You have two options: Turn back around to check, ensuring your home will be safe and secure while you’re gone, or leave it to chance, hoping you locked the door, but worrying all day that you didn’t…
The same situation presents itself when it comes to vulnerabilities within software-defined environments. The options? Embrace a “trust but verify” mindset by proactively monitoring for vulnerabilities, or do nothing, leaving to chance the security of company data, customer data and, as a result, the very existence of your business. Read more “Introducing Vulnerability Management at the Workload Layer”