My Journey Re-Inventing the SIEM for Cloud-First Security Teams Five years ago I joined Airbnb’s Security team to create a system for analyzing high volumes of critical security data and identifying suspicious behaviors that could indicate a breach. …

How to instrument S3 buckets and monitor for suspicious activity AWS S3 is an extraordinary and versatile data store that promises great scalability, reliability, and performance. Yet, S3 bucket security continues to be in the news for all the wrong reasons — from the leak involving exposure of 200mn US…

A deep dive into AWS CloudTrail — https://github.com/panther-labs/tutorials Amazon Web Services offers many services, from virtual machines (EC2) to storage (S3) to databases (RDS). Each of these services adds a new point of entry for potential cyber-attacks. …

How to utilize modern logging and Serverless technology to jump start your security logging pipeline. To detect and prevent security breaches, security teams must understand everything that is happening in the environment. …

Set up secure programmatic access to AWS with aws-vault — As a company’s cloud footprint grows, it becomes increasingly important for security teams to effectively centralize and provide secure access to the cloud. Organizations across the globe are realizing the importance of investing in safer and robust programmatic access to the cloud. …

With the rising adoption of cloud computing, companies can build and scale their businesses faster than ever. However, the downside of the cloud’s widespread adoption is the dispersion of data and an increased attack surface. …

Panther exists to help businesses stay secure in the cloud-first world by providing a powerful, next-generation, cloud-native alternative to traditional SIEM platforms. — Panther is an early-stage cybersecurity startup founded in San Francisco by Jack Naglieri and incubated at S28 Capital. Today, the company has completed a $4.5M series seed financing co-led by S28 Capital and Innovation Endeavors, with participation from Fathom Capital and 645 Ventures.

Update: For Enterprise-grade security monitoring, check out the successor to StreamAlert, called Panther! Imagine: A VM is launched in your AWS VPC with insecure SSH permissions, (accidentally) allowing anybody in the world to exploit a new 0-day, and granting them access into your environment. How could you detect this type…

Update: For Enterprise-grade security monitoring, check out the successor to StreamAlert, called Panther! Since the announcement post in January of 2017, StreamAlert has accumulated over 1700 commits, 1200 stars, 500 PRs merged, and contributions from 15 members of the open-source community. The project has matured significantly since then, and today…