Hi [[ session.user.profile.firstName ]]

Threat Stack

  • Date
  • Rating
  • Views
  • Threat Briefing: New Cryptomining Shellbot Malware Variant
    Threat Briefing: New Cryptomining Shellbot Malware Variant
    Threat Stack Recorded: May 16 2019 24 mins
    Recently, Threat Stack's Security Operations Center (SOC) uncovered a variation of the Shellbot malware in a public cloud environment. In this active cryptojacking campaign, the sophisticated malware features several layers of obfuscation and continues to be updated with new functionality after it has gained a foothold in an infected environment.

    In this threat briefing, Threat Stack SOC Analyst Ethan Hansen will walk through the details of the newly discovered cryptojacking campaign, including the malware components, actual observed attack path, and the future investigations.
  • Architecting and Securing Cloud Infrastructure
    Architecting and Securing Cloud Infrastructure
    Fernando Montenegro, 451 Research Senior Analyst and Chris Ford, Threat Stack VP of Product Recorded: May 7 2019 53 mins
    Many public cloud providers and have robust security capabilities built-in to their IaaS offerings. However, they are often clear in their stance that security in the cloud is a shared responsibility between cloud providers and users. That leaves many organizations struggling to understand the differences between the multitude of third-party cloud security categories and how to determine which tools fit within their cloud environment.

    This webinar will help these organizations understand exactly what they are getting from their security provider and how to take ownership of their side of the shared responsibility model with third-party cloud security tools.
  • Architecting Cloud Infrastructure Security for Enterprise
    Architecting Cloud Infrastructure Security for Enterprise
    Andras Cser - Forrester VP, Principal Analyst Serving Secirty & Risk and Chris Ford - Threat Stack VP, Product Recorded: Mar 18 2019 60 mins
    In this webinar, guest speaker Andras Cser, Forrester Analyst and Chris Ford, Threat Stack VP of Product, will discuss how enterprises can effectively combine the native security offerings of Public Cloud Platforms with third party tools under the shared responsibility model. Attendees will learn about various native security capabilities such as AWS Guard Duty, IAM, and Macie and how to evaluate third-party cloud security tools such as CASB, WAF, and CWS.

    Many public cloud providers and have robust security capabilities built-in to their IaaS offerings. However, they are often clear in their stance that security in the cloud is a shared responsibility between cloud providers and users. That leaves many organizations struggling to understand the differences between the multitude of third-party cloud security categories and how to determine which tools fit within their cloud environment.

    This webinar will help these organizations understand exactly what they are getting from their security provider and how to take ownership of their side of the shared responsibility model with third-party cloud security tools.
  • AWS Security: Visualizing Security Data in 2019
    AWS Security: Visualizing Security Data in 2019
    Chris Murdock, Security Architect at Conga Recorded: Jan 17 2019 36 mins
    In a world of evolving, complex cloud infrastructure – there is no shortage of advanced security technologies that monitor for potential threats. People look for better ways to gain security insights from large datasets and are tasked with the responsibility of communicating associated business risk throughout the entire organization.

    In this webinar, Security Architect Chris Murdock from Conga will explore how to democratize the security of your next-gen infrastructure by building measurement directly into systems, factoring in security-related KPIs and OKRs. Tune in to learn how to securely scale your infrastructure while continuing to enable innovation at the speed of business.
  • Inside a Docker Cryptojacking Exploit
    Inside a Docker Cryptojacking Exploit
    Ethan Hansen, Threat Stack Security Analyst Recorded: Nov 15 2018 30 mins
    Docker containers are often used to create developer sandbox environments. Because Docker containers can be lightweight, ephemeral infrastructure, they’re a natural fit for building sandboxes. While Docker is great at managing the lifecycle of these workloads, it’s not a security tool.

    In this webinar, Ethan Hansen, Security Analyst for Threat Stack’s Cloud Security Operations Program, will discuss recently observed Docker exploit attempts from the field, where attackers were looking for web applications vulnerable to command injection. He’ll also provide examples of what to watch for in your logs, cryptojacking and container breakout attempts among them.
  • How to Spend Your Security Budget in a DevOps World
    How to Spend Your Security Budget in a DevOps World
    Mark Moore, Threat Stack Sr. Security Engineer, Kevin Durkin, CFO, and Natalie Walsh, Product Specialist Recorded: Nov 8 2018 23 mins
    Threat Stack’s latest report reveals that security budgets will increase by nearly 20% in the next two years - yet 96% of organizations believe they need more to be effective in keeping pace with devops.

    In this session, Threat Stack Security Engineer, Mark Moore, and CFO, Kevin Durkin, will discuss the current state of security processes and investments as organizations shift to the cloud. Learn how to build a scalable security program that fits your organization’s budget. Join us on November 8th at 1pm ET to learn more about:

    - Aligning your security budget with your most targeted threats
    - Minimizing risk introduced by development teams
    - Vendor evaluation processes for maximum ROI
  • Container Security: Taking a Layered Approach to Infrastructure Security
    Container Security: Taking a Layered Approach to Infrastructure Security
    Fernando Montenegro, 451 Research Senior Analyst and Security Technologist and Threat Stack's Nathan Cooprider Recorded: Oct 25 2018 48 mins
    Container technologies such as Docker and Kubernetes create massive efficiencies for operations teams, and are, importantly, fun for developers to use. The downside: more IP-addressable containers create greater attack surface for compromising host OS.

    As your containers live, die, and move around – it is important to take a holistic approach to securing each layer of cloud infrastructure. Tune in on October 25th at 1pm ET to hear from 451 Analyst and Threat Stack Security Engineer on:

    - Infrastructure trends and container primitives
    - Pinning down runtime container security
    - Mastering the container control plane and navigating Kubes
  • Inside an Enterprise Breach in a Public Cloud Environment
    Inside an Enterprise Breach in a Public Cloud Environment
    Sam Bisbee, CSO, at Threat Stack Recorded: Oct 22 2018 46 mins
    With the visibility provided by the Threat Stack Cloud Security Platform®, the Threat Stack Security team has the unique ability to observe user, system and file trends across cloud infrastructure, to see how bad actors are attempting to exploit it. Over the past year, the team has observed strong evidence of increasing sophistication of public cloud attacks. Although simpler methods, like exploiting S3 buckets or utilizing mass botnet activity, are still popular as ever, attackers are increasingly using multi-step attacks to traverse infrastructure in search of sensitive customer information and company crown jewels.

    In this session, Threat Stack CSO Sam Bisbee will walk through the steps of a recent customer breach while discussing trends in the rising sophistication of public cloud actors and how to monitor your own infrastructure for these threats.
  • Build a DevSecOps Unicorn for the Cloud
    Build a DevSecOps Unicorn for the Cloud
    Martin Rues, CISO at Outreach Recorded: Oct 4 2018 29 mins
    The modern security professional is somewhat of a Unicorn – needing expertise in devops, security, and cloud infrastructure. Outreach’s CISO, Martin Rues, knew finding a candidate with the right combination of skill sets would be a time-consuming exercise with low yield.

    Despite not making a single security hire in 2017, Martin was able to tune down security alerts, achieve ISO27001 and SOC 2 Type 2 compliance, and develop a container security strategy all in the same year. Learn about Martin’s unique approach to coping with the security talent shortage by leveraging a Cloud SecOps program in this webinar on Thursday October 4th at 11am EST.
  • How to Build and Mature a SecOps Program in the Cloud
    How to Build and Mature a SecOps Program in the Cloud
    Pete Cheslock, Threat Stack's Head of Ops and Pat Cable, Threat Stack's Sr. Infrastructure Security Engineer Recorded: Jul 19 2018 40 mins
    Scaling your business is hard, but scaling your business securely is even harder. While modern cloud infrastructure has fostered speed and innovation through DevOps, security still lags behind. When it comes to securing modern infrastructure, achieving your cloud security objectives should not mean sacrificing good operations principles for good security principles, or vice versa.

    In this webinar, Threat Stack’s Head of Ops, Pete Cheslock, and Sr. Infrastructure Security Engineer, Pat Cable, will discuss what it takes to bring good security and good operations into alignment. They will offer practical advice to help you build and mature a cloud secops program for your Organization

    - Understand how cloud security differs from traditional, on premise security frameworks
    - Learn the five core SecOps principles that will help fortify your cloud infrastructure
    - Develop a comprehensive understanding of cloud secops best practices, including both technology and team management

Embed in website or blog