eBooks & Reports

Implementing High-Velocity Security Best Practices

Issue link: https://resources.threatstack.com/i/871304

Contents of this Issue


Page 7 of 8

Our lightweight agent installs in the user space of the Linux opera ng system. Our agent deploys in minutes using your favorite automa on so ware—Chef, Puppet, or Ansible—so security is no longer the bo leneck for opera onal efficiency. The workload security begins the moment the agent is deployed. By residing in the infrastructure level, Threat Stack agents are op mally posi oned to oversee system ac vity and record ac vity history. Running an agent on the system itself means they capture the really deep informa on that agentless security solu ons simply cannot provide. The data from the underlying Linux kernel is the ul mate authority when it comes to knowing exactly what's happening in your cloud infrastructure. Threat Stack constantly watches and records deep system ac vity around logins, processes, system ac vity and file changes to ensure that nothing out of the ordinary happens without your knowledge. The Threat Stack agent pulls that data from the Linux kernel file system and adds metadata to the events collec on. This data is communicated securely to our big data analy cs—powered backend. There we get to work, peeling back the onion to discover any suspicious ac vity. Threat Stack brings that rich, contextual data to your finger ps, along with intelligent, security-relevant analy cs gleaned by our backend. Tradi onal SIEMs only aggregate log data. Addi onally, they use signatures to pull out log data that could be the basis for alerts. Threat Stack also aggregates events, but differs from SIEM by storing all events and providing a rich context for your analysis. In the world of the auto-scaling cloud, machines appear and disappear. Some mes you need to look back to de-construct the story of what happened. Our "User Session Tracking" feature enables you to rewind, zoom in and play back any user's ac ons at any point in me, even if the machine no longer exists. Events can be color-coded for easy reference. And our source and des na on port tracking allows you to follow a user throughout your network, including through jump hosts. Threat Stack is built to handle the scale and processing power needed to retain this kind of audit history by taking care of the analy cs and data reten on. Another advantage of having all that historical data is that in the event of a compromise, Threat Stack allows you to inves gate what was used for the exploit. Similarly, if you have an employee leave the company, you can go back and see what—if anything— happened leading up to that departure. Once deployed, Threat Stack lets you focus on your full- me job, knowing that it auto-scales with your environment to make sure you are always covered. It's the perfect security solu on for organiza ons that embrace DevOps in order to rapidly improve their applica ons and services. HOW DOES Threat Stack WORK? HOW IS THREAT STACK Different FROM SIEM? 08 Figure 2: Threat Stack con nuous security monitoring for your cloud.

Articles in this issue

view archives of eBooks & Reports - Implementing High-Velocity Security Best Practices