Compliance Guides

SOC 2 Compliance with Threat Stack

Issue link: https://resources.threatstack.com/i/871259

Contents of this Issue

Navigation

Page 1 of 1

CONTINUOUS MONITORING Threat Stack ensures that you're never le in the dark when it comes to knowing what's happening in your network. Our pla orm automa cally monitors and records all of the ac vity happening in your cloud, providing you with the instruments you need to effec vely maintain a healthy security posture in the cloud. Specifically, Threat Stack: • Con nuously monitors your cloud to iden fy and evaluate security threats and unusual system ac vity — both known and unknown. • Provides granular insight into security configura ons and control effec veness. • Allows you to iden fy areas of risk based on system configura ons changes and so ware installa ons. • Monitors for internal and external system users accessing infrastructure, so ware and data. • Auto-scales with your environment and throughout the development lifecycle. ALERTING Our pla orm monitors and records all of the ac vity happening in your cloud and sounds the alarm if suspicious behavior is detected. Get no fied instantly if anomalous behavior indica ng unauthorized access to or loss of customer data occurs, so you can respond immediately. Specifically, Threat Stack will alert you on: • Unauthorized exposure or modifica on of data, configura ons and login ac vi es. • Threats that may impair system security, availability, processing integrity or confiden ality. • Unencrypted or unauthorized file transfer protocols that may indicate advanced persistent threats. • Suspicious filesystem, account and configura on ac vity. • Access controls failures, improper configura ons and other areas of non-compliance. INVESTIGATE AND VERIFY Determine whether an event is a true threat using Threat Stack's detailed audi ng system. Our audit trails provide you with the intelligence you need to understand an a ack's impact so you can answer the who, what, where, when and how in order to make informed decisions about how to respond in the event of a compromise. Specifically, Threat Stack provides audit logs detailing: • Addi ons or removals of system components. • Unauthorized modifica ons of data and configura ons. • Insights into system ac vity useful for early threat iden fica on. • Root cause analysis intelligence to enhance post-incident analysis. Threat Stack provides you with deep visibility star ng at the underlying kernel — the source of truth — where system ac vity can't be faked. Threat Stack gives you instant, comprehensive visibility into your en re cloud infrastructure and sounds the alarms if suspicious behavior is detected. TAKE ACTION Armed with our pla orm's powerful forensics, you can take ac on to ensure the vulnerability in your a ack surface is fixed to prevent similar events from happening in the future. Specifically, Threat Stack provides: • Detailed informa on about system ac vity that can be used to preemp vely detect threats and improve post- incident analysis and response. • The facts and context you need to make smart security decisions. Threat Stack's monitoring capabili es impact the following SOC 2 requirements: Risk Management and Design and Implementa on of Controls (CC3.2), Monitoring of Controls (CC4.1), Logical and Physical Access Controls (CC5.1, CC5.3, CC5.8), System Opera ons (CC6.1, CC6.2), Change Management (CC7.1, CC7.2), Addi onal Criteria for Confiden ality (C1.2) Threat Stack's aler ng capabili es impact the following SOC 2 requirements: Organiza on and Management (CC1.1), Risk Management and Design and Implementa on of Controls (CC3.1, CC3.3), Monitoring of Controls (CC4.1), Logical and Physical Access Controls (CC5.1, CC5.4, CC5.6, CC5.7, CC5.8), System Opera ons (CC6.1, CC6.2), Change Management (CC7.4), Addi onal Criteria for Processing Integrity (PI1.3), Addi onal Criteria for Confiden ality (C1.2, C1.3). Threat Stack's audi ng capabili es impact the following SOC 2 requirements: Risk Management and Design and Implementa on of Controls (CC3.1), Logical and Physical Access Controls (CC5.6), Change Management (CC7.3). Threat Stack's response capabili es impact the following SOC 2 requirements: Monitoring of Controls (CC4.1), Change Management (CC7.1, CC7.2, CC7.3). The decisions you make are only as good as the intelligence you base them on. That's why Threat Stack is considered the gold standard when it comes to protec ng customer data and maintaining SOC 2 compliance in the cloud. We have you covered, monitoring and aler ng you the moment anything out of the ordinary occurs so you can take ac on and maintain your policies and procedures to ensure complete protec on of your customer's data. Try Threat Stack. Visit ThreatStack.com

Articles in this issue

Links on this page

view archives of Compliance Guides - SOC 2 Compliance with Threat Stack