SOC Threat Intel 2 Min Read
Threat Stack SOC Report, Q1 2020: Security Teams Adjust to Remote Work
Jackson Connell April 9, 2020
This morning the Threat Stack Security Operations Center (SOC) released its Q1 report of key findings and trends among Threat Stack customers. This team of cloud security experts works directly with customers through Threat Stack Oversight℠, where they investigate suspicious behavior, triage alerts, and provide recommendations on how to proactively reduce risk and remediate incidents 24 hours a day/7 days a week.
When combining that deep level of insight with the 60B events analyzed by the Threat Stack Cloud Security Platform® on a daily basis, Threat Stack SOC analysts are able to identify changes and shifts in how organizations are operating in the cloud. For an in-depth look at the trends from Q1 2020, you can jump ahead to the SOC’s quarterly report: Threat Stack SOC Report Q1 2020.
Q1 2020 was defined by the COVID-19 pandemic and the impact it had on a global scale. From the perspective of the Threat Stack SOC, this meant supporting our customers who were forced to shift to remote workforces on extremely short notice. This led to a few overarching trends, including a dramatic increase in the use of multi-factor authentication and changes in expected behavior patterns with employees accessing sensitive systems or data from new locations, different machines, and at odd hours.
Even as we worked closely with customers to help them adapt to new remote work environments and tooling, the regular progression and maturation of cloud environments continued in Q1. As we’ve previously discussed, there has been an uptick in the use of AWS Systems Manager (SSM) among Threat Stack customers and that has had some downstream effects on security investigations.
The steady adoption of Kubernetes continued in Q1, and Threat Stack SOC analysts observed some interesting new behaviors from customers using Amazon Elastic Kubernetes Service (EKS). There were also several interesting observations of unique security events around IAM, firewalls, and other access safeguards which become particularly important with the increase in remote work.
For a detailed look at these trends and others from Q1 2020, download your copy of the Threat Stack SOC Report Q1 2020.
About Jackson Connell
Jackson Connell is the Corporate Communications Manager at Threat Stack where he is responsible for public relations, analyst relations, Threat Stack’s social media channels, and overall content strategy. Prior to joining Threat Stack, Jackson was the Corporate Communications Manager at iboss where he led corporate communications strategy and spent over five years at LPP, an integrated communications agency specializing in B2B technology and healthcare.
View more posts by Jackson ConnellThreat Stack SOC Report, Q1 2020: Security Teams adjust to Remote Work
Read about trends noted by the Threat Stack SOC in Q1 2020 as security teams adjusted to fully remote workforces plus other trends not related to COVID-19. These findings will help you monitor cloud environments, identify suspicious behavior, remediate threats, and reduce risk.
Threat Stack SOC Report Q1 2020