The Threat Stack Cloud SecOps Program: Why We Built It & How It Can Help Your Organization Become More Secure

An Interview With Brian M. Ahern

Cybercrime stands out as the greatest threat posed to every business around the world today. That’s fact, not FUD. Cybercrime is forecast to cost organizations around the globe $6 trillion annually by 2021, doubling its toll from 2015. To put it plainly, this represents the greatest economic wealth transfer in history, and cements cybercrime as a more profitable enterprise than the entire global illegal drug trade.

If you want to build an organization that will survive this onslaught intact, then the question you must answer today is: “What is your team doing to proactively reduce and remediate your security risks?

To help you answer that question, we are thrilled to announce our brand-new Threat Stack Cloud SecOps Program℠. This new program empowers organizations to revolutionize the way security and operations teams collaborate, proactively fortify infrastructure, and reduce attack surface. The program enables companies of all sizes to minimize their risk profiles without straining security or operations teams. And it accomplishes these goals by applying DevOps principles (like shared KPIs, automation, and continuous feedback) to security.

How the Threat Stack Cloud SecOps Program Works

To help you start building your own cloud SecOps Program, Threat Stack offers a combination of reactive incident response via alert escalation and proactive remediation leveraging data analytics.

In practice, this means that we work with your team to assess your current state using the Threat Stack Cloud SecOps Maturity Framework®. We then help you set goals, prioritize actions, and put a plan in place to reduce your overall security risk. Meanwhile, as part of our Threat Stack Insight℠ and Threat Stack Oversight℠ services, our security engineers work to optimize the deployment of the Threat Stack Cloud Security Platform® in the context of your unique environment — providing you with actionable recommendations to further reduce your risk and increase efficiency.

Below, our CEO, Brian M. Ahern, explains why this is so valuable and why we believe it will be a game-changer for many organizations.

A Q&A With Brian M. Ahern, CEO, Threat Stack

Q: Why was it important to build a program like this one?

Brian M. Ahern: Security has traditionally been viewed solely as a business cost and often considered an impediment to the kind of innovation that drives top-line growth. Increasingly, however, organizations’ lack of security is becoming a business inhibitor in and of itself. For this reason, the new Threat Stack Cloud SecOps Program is designed to transform security from a cost center to a competitive advantage, accelerating growth.

We have learned over the last several years that failing to meet security goals is rarely a matter of companies not valuing or desiring security. Instead, the challenge often stems from a lack of communication and cooperation between DevOps and security teams on issues like:

  • Cloud security strategy
  • Roles and responsibilities
  • Clearly defined and measurable objectives

Even more to the point, many teams lack the resources they need to effectively execute on a strong security strategy. The Threat Stack Cloud SecOps Program is designed to remove these constraints, enabling businesses to confidently and securely leverage the business benefits of the cloud.

Q: What’s the biggest challenge for organizations that know security matters but don’t know how to bring security up to speed?

Brian M. Ahern: The talent shortage is not something we can ignore when we talk about security. There are simply not enough security professionals to go around, and a lot of the folks who do take on these roles don’t have the bandwidth or the background to handle some of the more coding-oriented aspects of security in the modern business. They’re stuck triaging alerts or begging for resources.

So our Cloud SecOps Program will be a game-changer for organizations that struggle to fill security roles or just can’t afford to have a dedicated security team. We can help teams achieve consensus and collaboration between security and operations, and work with organizations to:

  • Baseline the current state
  • Define the ideal future state
  • Devise a clear strategy to achieve that future state

We will also provide expert security resources who can leverage your data to turn it into actionable insights. As one example, our team of experts can help you configure secure rules and integrations for your unique environment, instead of you needing to hire full-time team members to handle this complex but invaluable task.

Q: What about compliance, since that’s a huge concern for so many businesses today?

Brian M. Ahern: It definitely is. There aren’t many companies out there that don’t find themselves beholden to at least one compliance framework, whether it’s PCI DSS, SOC 2, ISO 270001, HIPAA, or even the upcoming EU GDPR. Many compliance rulesets are already included with the Threat Stack Cloud Security Platform out of the box, and as part of the Threat Stack Cloud SecOps Program, Threat Stack security engineers can help your organization build additional rules and rulesets to meet technical portions of compliance requirements to save you time and resources.

One of our big goals in building out this program was to show companies that compliance — just like security — doesn’t have to be a business decelerator that pulls resources away from other projects. Part of implementing SecOps best practices is automating monitoring and controls that help you achieve compliance without slowing the business down. That means more deals and happier customers.

Q: What’s different about this solution compared to what else is out there on the market?

Brian M. Ahern: A lot of what you’ll see out there are multiple tool sets with overlapping functionality, as well as a ton of hands-on monitoring solutions run by consultants who are stuck piecing together fragmented data. These approaches are costly and ineffective to already constrained security and operations teams. The Threat Stack Cloud SecOps Program, on the other hand, offers a combination of reactive incident response via alert escalation and proactive remediation leveraging data analytics.

Because the Threat Stack Cloud SecOps Program is built on the Threat Stack Cloud Security Platform, our experts can leverage automation, real-time alerting, and deep forensic capabilities via a single pane of glass. That means, when you’re up and running, you’ll be notified faster and given more actionable context to address any incidents that may arise. We want to help you find out about an incident before it escalates into a breach or a PR nightmare — and the combination of our platform and the Cloud SecOps Program makes that doable even for small organizations without a dedicated security team.

Q: Anything else people should know about the SecOps Program and who it can benefit?

Brian M. Ahern: The most important value that the Threat Stack Cloud SecOps Program provides is empowering organizations to move from reactive security management to proactive risk remediation. With this program, we can help organizations leverage the power of data to get ahead of attackers by identifying potentially risky behavior and then enabling security and DevOps teams to collaborate on proactive remediation.

It’s long past the time when any organization can justify looking at security as a business cost that impedes innovation and product development. In today’s business and cyber environments, it’s essential to leverage security as an essential investment to create competitive advantage and drive business growth. This is born out by the fact that 64% of Sales Professionals state that their deals have slowed down as a result of insufficient security investments.

Through the new Threat Stack Cloud SecOps Program, we can help organizations of all sizes address the latest security threats and compliance standards without hiring a massive team of dedicated security staff. With the new Cloud SecOps Program, your organization can transform security into a powerful business driver and competitive edge.

Want to baseline your Cloud SecOps Maturity? Take our assessment

*** This is a Security Bloggers Network syndicated blog from Blog – Threat Stack authored by An interview with Brian M. Ahern. Read the original post at: https://www.threatstack.com/blog/the-threat-stack-cloud-secops-program-why-we-built-it-how-it-can-help-your-organization-become-more-secure/