Threat Stack is a provider of cloud security management and compliance solutions delivered using a Software as a service (SaaS) model. The company is a privately held corporation headquartered in Boston, Massachusetts.

Wikipedia
Threat Stack, Inc
Threat Stack, Inc
Page Design Update
Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Aligning security with your organization’s  greater business needs is becoming increasingly important, but how do you actually do it? What it comes down to is being able to map security to business objectives. Done right, security can be a major business driver. Today, everyone from finance to DevOps to sales and engineering has security top of mind, at least if they know what’s good for them. ...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • 12 Low-Cost Cloud Security Practices With Big Payoffs Good security takes effort. But it’s not impossible — far from it. The key to achieving better security is to focus on embedding the right types of thinking early on. Make good security hygiene as natural as muscle memory. And before you start to worry about budget, take note: There are many low-cost, relatively easy measures you can take th...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • In an earlier post, we talked about how we implemented centralized authentication at Threat Stack. This project initially allowed us to create clearer access control for our servers. A side benefit of this work has allowed us to write tooling around common authentication processes. One thing we've wanted to do is create an alert when folks are using a VPN to connect to one of our environments. ...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • The absence of a common framework for assessing Cloud Service Providers (CSPs), combined with the fact that no two CSPs are the same, complicates the process of selecting one that’s right for your organization. To help you work through this, we’re using this post to discuss seven basic factors you can use to identify a provider that can best match your business, technical, and operational needs....

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Oftentimes companies wait until they grow to a certain size or have a full technology stack before they begin thinking seriously about security. The problem with this is that, statistically, it’s a matter of when you will have a security problem, not if. So our observation is: If you wait until your company reaches some arbitrary milestone before implementing mature security practices, you may ...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Security has always been about accepting and managing risk. It’s not about becoming the most secure company; its goal is to protect against likely threats to your unique organization. But how do you know when a new risk crops up? And how can you stay on top of this in a rapidly changing cloud environment with more endpoints to monitor? Fortunately, the cloud doesn’t just introduce new risks. It...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • True or false: Companies born in the cloud naturally understand security. Young and tech-savvy companies running in the cloud often deal with the same cloud security issues as larger organizations that are moving to the cloud from legacy or on-prem solutions. In fact, the unique requirements of tech companies — like continuous development cycles and cutting-edge, rapidly evolving processes — ca...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • At the beginning of this year, Gartner projected that the global public cloud services market would grow to $246.8 billion in 2017, up 18% from $209.2 billion in 2016. Given the many high-value benefits it promises, it’s no wonder that moving to the cloud is the holy grail for many organizations. When the decision to migrate is based on the right reasons, and when a migration is planned and man...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • How would you know if your prevention methods failed to catch a critical threat? One of two ways: Either a customer, an auditor, or another third party would find out about it (an embarrassing situation for you) or  you could get lucky and find it yourself — which is rare without detection. Prevention techniques and technologies (e.g., security controls, firewalls, encryption, antivirus), are d...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • As you probably know by now, containers are a high-priority topic at companies of all sizes. But there are a lot of myths surrounding this technology as well, in part because it is new and unfamiliar territory for most, and simply because the technology is so young. In this post, we’ll debunk five of the pervasive myths and misunderstandings that surround containers, with a focus on Docker (sin...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • “We really appreciate Threat Stack’s great customer support and its Oversight team. Threat Stack takes feedback seriously and ensures that the customer’s voice is always heard. At HelloSign we are committed to making our users awesome, and we were pleased to see that Threat Stack shares the same belief.” — Raaghav Srinivasan, Security Engineer at HelloSign HelloSign is powering the future of i...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Time-to-detection is everything these days. If you don’t find a breach yourself, chances are someone else will. A recent study points out that up to 27% of breaches are discovered by third parties. This includes vendors or partners you work with, auditors, and probably most damaging of all — your customers. The problem most companies are grappling with today is how to cut time-to-detection to e...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Gartner predicts that 95% of cloud security failures from now until 2020 will be the customer’s fault. That means when something goes wrong, it’s probably not AWS or Azure’s fault. Chances are, you have to point the finger at your organization. Or — better yet — you could take the necessary and proactive steps to minimize the likelihood that you’ll become one of the cloud security failures. The...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • SOC 2 compliance is a crucial framework for technology and cloud computing companies today. As with many other compliance mandates, it is not a simple connect-the-dots proposition, but rather a complex set of requirements that must be reviewed and carefully addressed. But it doesn’t have to be overwhelming. Below, we’ll break down nine of the most common basic questions that we hear about SOC 2....

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  •   Kevin Durkin — CFO of the Year The Boston Business Journal recently named Threat Stack’s Kevin Durkin CFO of the Year  (Private Companies Category). The award was given as part of BBJ’s ninth-annual CFO of the Year Awards program which honors “CFOs who make a difference in their companies and organizations”. 

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • If you are currently running an on-premise or hybrid environment with an eye to eventually making a complete transition to the cloud, you may be feeling a bit overwhelmed by everything that needs to change in order for your security posture to be appropriate for this new environment. In this post, we’re going to explain how you can start where you are, take small but meaningful steps, and still ...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • At Threat Stack we are continuously enhancing the Cloud Security Platform® to improve your ability to identify and respond to threats. We have just added an “Alert Trends” view that lets you quickly and easily see spikes in alerts, enabling faster detection of anomalous behaviors.

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • AWS has long ruled the cloud platform game. But today more and more companies are branching out and using additional providers as well. Often this isn’t a matter of replacing one with another, but of different business requirements (such as managing risk and costs) being suited to different cloud vendors. Other factors for using more than one provider center on the fact that vendors work to pric...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Mean Time To Know (or MTTK for short) is one of the most important metrics in security operations. It measures how efficient the security team is at detecting real threats. The shorter it is, the sooner you will catch an attack in progress and be able to put a stop to it, reducing the negative consequences for your organization.  But the reality is, it’s not so easy to reduce MTTK. For starters...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Many companies today are turning to cloud security solutions — from security monitoring platforms to orchestration tools to alerting systems — in order to manage both strategic and tactical security initiatives. Purpose-built technological solutions — especially if you’re a company with limited in-house expertise and resources — can help you stay on top of security without having to hire more pe...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • In previous posts we have described how Threat Stack can help demonstrate compliance, for example with PCI and FFIEC guidance, HIPAA, SOC 2, and other compliance frameworks. (See the Resources section below.) To assist our customers with these initiatives, we have created sample compliance rule sets that can be used to generate alerts that are mapped to specific requirements of these frameworks....

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Docker and other container services are appealing for good reason. They are lightweight and flexible. For many organizations, they enable the next step of platform maturity by reducing the needs of a runtime to the bare essentials (at least, that's the intent). When you dig into the benefits afforded by containers, it’s easy to see why so many companies have started projects to: Containeri...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Recently, headlines were hyping the largest ever exposure of voter information, involving some 9.5 billion data points related to 198 million U.S. voters.  Attention-getting stuff. And since the story involved the Republican National Committee (RNC), the hype was intensified. Somewhat imprecisely, many articles characterized the incident as a data “leak”, “breach”, or “compromise” — again, addi...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Two interesting observations: The average number of days that attackers were present on a victim’s network before being discovered is 146 days. (FireEye) At Threat Stack, we have observed that a majority of the market is moving toward automated security vulnerability and configuration scanning. You would be hard pressed to come by a compliance framework that did not require you to have a sys...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Leveraging Security in the Sales Process Security is more than just a good business practice. It also serves as insurance for your customers that security is a top priority. With the right protections in place, you demonstrate that their data will be safe with you, and this can accelerate the sales cycle. But without good security, sales cycles can drag on or even grind to a halt. Of course, yo...

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • Let’s say you just found out that you need to be compliant with HIPAA or PCI DSS in order to win a big piece of new business for your organization. Whether it’s a potential customer, a partner, a regulatory body or government making the demand, business often can’t move forward without demonstrable compliance with certain frameworks. And these can be thorny, complex, and time-consuming to meet....

Threat Stack, Inc
Threat Stack, Inc
Blog Post
  • As security threats become a bigger part of the day-to-day concerns at all types of organizations, it has become vital to inculcate and promote a “culture of security.” Yes, security is everyone’s responsibility — but it requires a shift in culture for people to begin accepting that responsibility. Triggering this shift can be harder than it sounds on the surface. Why? Well, for one thing, most...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.