ThreatStack Brings Security Observability to AWS EC2

ThreatStack announced this week that it has integrated its observability platform for tracking cybersecurity events with the EC2 cloud service from Amazon Web Services (AWS).

Chris Ford, vice president of product for ThreatStack, said the company’s namesake platform for tracking security events can now consume metadata collected from EC2 by deploying an instance of its agent software on the AWS cloud service.

That agent software then collects data that is normalized and analyzed by machine learning algorithms, that observe more than 60 billion events per day, to identify cybersecurity threats and anomalies.

ThreatStack already provides support for Kubernetes and can consume metadata generated by other AWS platforms. Ford said demand for observability platforms that specifically address cybersecurity concerns is rising, as organizations embrace DevSecOps best practices. Rather than trying to correlate alerts and events generated by multiple monitoring tools, Ford said IT teams need tools that enable them to quickly understand how lethal a threat might be based on the potential blast radius of a breach.

Machine learning algorithms play a critical role in being able to analyze billions of events that are simply not possible to correlate by any other means, Ford added.

It’s not precisely clear where the handoff between man and machine will ultimately fall when it comes to cybersecurity. It’s not likely machine learning algorithms and other forms of AI will be replacing the need for cybersecurity analysts any time soon. However, cybersecurity analysts that lack access to AI-enabled cybersecurity platforms will be at a significant disadvantage. In fact, given the inherent stress of a cybersecurity job, it may soon be a differentiator that impacts organizations’ ability to attract and retain talent. Cybersecurity professionals may not want to work for organizations that have not invested in AI to augment their skills.

In the meantime, the rate of change in application environments will continue to push existing cybersecurity processes to their limits. Containers, for example, are now routinely ripped and replaced at a rate that is nearly impossible to track using existing tools. While containers themselves are generally secure, no one can say the same thing for the software encapsulated in them. Worse yet, as containers are employed to run stateful applications, the length of time code with known vulnerabilities might be running in a container is starting to increase.

In many cases, the adoption of containers is forcing organizations to embrace DevSecOps best processes that shift responsibility for application security further left, toward developers. The challenge is most developers are already working as hard as they can to meet application deadlines. The ability of any developer to proactively eliminate every potential vulnerability before it winds up in a production environment is highly constrained. In fact, so long as humans are writing code, there will always be a need to find and remediate vulnerabilities that find their way into a production environment, despite everyone’s best efforts.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard