Blog Categories Application Security Cloud Security Compliance Container Security & Orchestration DevSecOps General Professional Development SOC Threat Intel Threat Stack Uncategorized Subscribe Now x Subscribe to Our Blog! SOC Threat Intel 2 Min Read Threat Stack SOC Report, Q1 2020: Security Teams Adjust to Remote Work Jackson Connell April 9, 2020 This morning the Threat Stack Security Operations Center (SOC) released its Q1 report of key findings and trends among Threat Stack customers. This team of cloud security experts works directly with customers through Threat Stack Oversight℠, where they investigate suspicious behavior, triage alerts, and provide recommendations on how to proactively reduce risk and remediate incidents 24 hours a day/7 days a week. When combining that deep level of insight with the 60B events analyzed by the Threat Stack Cloud Security Platform® on a daily basis, Threat Stack SOC analysts are able to identify changes and shifts in how organizations are operating in the cloud. For an in-depth look at the trends from Q1 2020, you can jump ahead to the SOC’s quarterly report: Threat Stack SOC Report Q1 2020. Q1 2020 was defined by the COVID-19 pandemic and the impact it had on a global scale. From the perspective of the Threat Stack SOC, this meant supporting our customers who were forced to shift to remote workforces on extremely short notice. This led to a few overarching trends, including a dramatic increase in the use of multi-factor authentication and changes in expected behavior patterns with employees accessing sensitive systems or data from new locations, different machines, and at odd hours. Even as we worked closely with customers to help them adapt to new remote work environments and tooling, the regular progression and maturation of cloud environments continued in Q1. As we’ve previously discussed, there has been an uptick in the use of AWS Systems Manager (SSM) among Threat Stack customers and that has had some downstream effects on security investigations. The steady adoption of Kubernetes continued in Q1, and Threat Stack SOC analysts observed some interesting new behaviors from customers using Amazon Elastic Kubernetes Service (EKS). There were also several interesting observations of unique security events around IAM, firewalls, and other access safeguards which become particularly important with the increase in remote work. For a detailed look at these trends and others from Q1 2020, download your copy of the Threat Stack SOC Report Q1 2020. Tags:Threat Stack SOC Findings Q1 2020 You Might Also Like... Threat Stack SOC Analysis: Investigating Incidents Involving Automation Tools How to Track Agent-Based User Activity Findings From the Threat Stack Q3, 2019 SOC Report A Threat Stack SOC Analysis: The Continuing Evolution of the Shellbot Cryptomining Malware About Jackson Connell Jackson Connell is the Corporate Communications Manager at Threat Stack where he is responsible for public relations, analyst relations, Threat Stack’s social media channels, and overall content strategy. Prior to joining Threat Stack, Jackson was the Corporate Communications Manager at iboss where he led corporate communications strategy and spent over five years at LPP, an integrated communications agency specializing in B2B technology and healthcare. View more posts by Jackson Connell Threat Stack SOC Report, Q1 2020: Security Teams adjust to Remote Work Read about trends noted by the Threat Stack SOC in Q1 2020 as security teams adjusted to fully remote workforces plus other trends not related to COVID-19. These findings will help you monitor cloud environments, identify suspicious behavior, remediate threats, and reduce risk. Threat Stack SOC Report Q1 2020 Share this Blog