Post banner
SOC Threat Intel 2 Min Read

Threat Stack SOC Report, Q1 2020: Security Teams Adjust to Remote Work

This morning the Threat Stack Security Operations Center (SOC) released its Q1 report of key findings and trends among Threat Stack customers. This team of cloud security experts works directly with customers through Threat Stack Oversight℠, where they investigate suspicious behavior, triage alerts, and provide recommendations on how to proactively reduce risk and remediate incidents 24 hours a day/7 days a week.

When combining that deep level of insight with the 60B events analyzed by the Threat Stack Cloud Security Platform® on a daily basis, Threat Stack SOC analysts are able to identify changes and shifts in how organizations are operating in the cloud. For an in-depth look at the trends from Q1 2020, you can jump ahead to the SOC’s quarterly report: Threat Stack SOC Report Q1 2020.

Q1 2020 was defined by the COVID-19 pandemic and the impact it had on a global scale. From the perspective of the Threat Stack SOC, this meant supporting our customers who were forced to shift to remote workforces on extremely short notice. This led to a few overarching trends, including a dramatic increase in the use of multi-factor authentication and changes in expected behavior patterns with employees accessing sensitive systems or data from new locations, different machines, and at odd hours.

Even as we worked closely with customers to help them adapt to new remote work environments and tooling, the regular progression and maturation of cloud environments continued in Q1. As we’ve previously discussed, there has been an uptick in the use of AWS Systems Manager (SSM) among Threat Stack customers and that has had some downstream effects on security investigations.

The steady adoption of Kubernetes continued in Q1, and Threat Stack SOC analysts observed some interesting new behaviors from customers using Amazon Elastic Kubernetes Service (EKS). There were also several interesting observations of unique security events around IAM, firewalls, and other access safeguards which become particularly important with the increase in remote work.

For a detailed look at these trends and others from Q1 2020, download your copy of the Threat Stack SOC Report Q1 2020.