Product
Integration
Check out our evergrowing list of integrations
Protect
Spot critical changes before threat actors exploit them
Trap
Plant canaries across your cloud to catch attackers and contain impact
Detect
Risk-driven threat detection with automated triage
Investigate
Investigate without drowning in data—Automated Storylines reveal the entry point, map the attack flow, guide quarantine and containment with ease.
Respond
Respond to attacks with surgical precision and speed to minimize impact
Integrations
Why Stream?
Customers
Book a Demo
Resources
All Resources
Learn about cloud detection and response
Blog
Datasheets
Reports
Webinars
Join our live event or watch on demand
Upcoming Events
Meet our team at upcoming expos and events
Company
About us
Get to know our story and team.
Solution Overview
Download PDF (2-page overview)
Press
News, articles and press resources.
Jobs
Join us, we're hiring!
Contact us
Try it out
Book a Demo
Home
Blogs
Cloud Security
Cloud Security
Cloud Security
Delayed Visibility Puts Your Cloud at Risk: It’s Time for Real-Time
A new architecture for modern cloud defense
Stream Team
Jun 18, 2025
5
min
Cloud Security
What Is Cloud Context? Exploring the Missing Layer in Cloud Security
Most security tools show pieces of cloud activity, but miss how events and data connect across layers. Cloud context reveals the full story: how identities, configurations, behavior, and workloads interact in real time. With this visibility, security teams can detect, investigate, and respond to threats with speed and precision.
Stream Team
Jun 5, 2025
6
min
Cloud Security
No Files, No Trace? Think Again: Detecting Fileless Execution Attacks in the Cloud
Traditional security tools focus on scanning files written to disks, but what happens when no file ever lands there? Fileless attacks bypass static analysis and disk-based detection by executing directly in memory, often through existing tools like Bash, Python, or PowerShell. Although the Linux system call has benefits for software development, especially in the cloud, including use in sandbox frameworks, containerized applications, and temporary computations, those benefits are manipulated by threat actors to carry out attacks.
Miki Farber
May 19, 2025
6
min
Cloud Security
You Can't Respond at Cloud Speed Without Seeing in Real Time: Why Full Cloud Visibility Is Key to Incident Response
Real-time cloud visibility is the foundation for modern incident response. It lowers MTTD, MTTC, and MTTR. It empowers every SOC tier. And it turns scattered workflows into one seamless response.
Maor Idan
May 13, 2025
3
min
Cloud Security
Beyond the Booth: Why Cybersecurity Needs More Imagination
We're an industry obsessed with what we do, but often at the expense of why it matters.
Jeremy Nazarian
May 7, 2025
4
min
Cloud Security
DBIR 2025 Reveals: Everyone’s Hardening the Cloud. But That’s Not Where the Real Security Gap Is.
By now, you’ve probably read Verizon’s 2025 Data Breach Investigations Report (DBIR) (or skimmed the highlights on LinkedIn.) Ransomware attacks are up. Credentials are leaking like a broken pipe. Exploits are targeting your edge devices. You know the drill. But let’s step back. What the DBIR really reveals, beneath the usual stats and graphs, is something much bigger. It exposes a fundamental misalignment in how most organizations think about cloud security.
Maor Idan
Apr 23, 2025
4
min
Cloud Security
Turning the Tables on Threat Actors: Webinar Insights
In a recent webinar, Stav Sitnikov, Chief Product Officer at Stream Security, and Tushar Kothari, Former CEO and Board Member of Attivo Networks, explored how organizations can turn the tables on cyber attackers using Stream Traps—deceptive cloud decoys designed to detect and delay malicious actors.
Maor Idan
Apr 7, 2025
4
min
Cloud Security
Announcing Stream Traps: Delay Threat Actors to Detect and Respond More Effectively
Cloud traps, deception assets embedded in cloud infrastructure, offer a proactive way to detect, delay, and divert attackers, buying security teams the signals and context they need to respond effectively. Rather than chasing faster MTTR alone, cloud traps focus on slowing the adversary down — turning every interaction into a tactical advantage for defenders.
Stav Sitnikov
Apr 1, 2025
5
min
Cloud Security
No More Cloud Kabuki: Unmasking False Negatives in the Cloud with Real-Time Firewall Context
In the dynamic realm of cloud security, the challenge of maintaining a comprehensive view of your environment can feel like navigating a complex Kabuki play. The illusion of security, created by disconnected security tools, often leads to costly investigations and wasted resources. This is especially true when it comes to understanding the interplay between your cloud infrastructure and your perimeter firewalls.
Liran Roffman
Mar 27, 2025
4
min
Cloud Security
The Burnout Battlefield: What I've Learned About Protecting SOC Analysts (and My Company)
Throughout the course of my career in information security, I’ve witnessed a disturbing trend firsthand: the alarming rate of burnout among SOC analysts. It's not just a statistic; it's a real and present danger to our teams and our organizations.
Jason Nations
Mar 17, 2025
3
min
Cloud Security
GitHub Action Supply Chain Attack Exposes Secrets: What You Need to Know and How to Respond
A widely used GitHub Action, tj-actions/changed-files, was compromised sometime before March 14, 2025 with a malicious payload, leading to the exposure of secrets in public repository logs. The incident has been assigned CVE-2025-30066 and is a stark reminder of the growing risks in the software supply chain.
Or Shoshani
Mar 16, 2025
4
min
Cloud Security
Complement, Don’t Consolidate: Bringing Cloud Context to Your Existing Tech Stack
As enterprises accelerate their cloud adoption, traditional security tools struggle to keep pace. The cloud introduces unique attack surfaces, rapid changes in infrastructure, and cloud-specific threats that solutions like SIEM, EDR, and SOAR weren’t designed to handle. This is where Cloud Detection and Response (CDR) comes into play—providing real-time cloud visibility, contextual insights, and guided response to threats across multi-cloud environments.
Tom Gentsch
Mar 10, 2025
5
min
Cloud Security
The Momentum of CDR – Insights from Leaders in the Field
The momentum behind CDR isn’t just hype—it’s necessity. Cloud threats are evolving in real time, and security teams need tools that can keep up.
Or Shoshani
Feb 28, 2025
3
min
Cloud Security
My Next Mission: Bridging the Cloud Security Gap as Stream Security’s Field CISO
I'm thrilled to announce I've joined Stream as the Field CISO. After years immersed in the security world, including my time at OG&E, where I focused on building and maturing their cloud security infrastructure and processes, I'm excited to take on this new challenge and contribute to a company that's truly at the forefront of Cloud Security.
Jason Nations
Feb 24, 2025
2
min
Cloud Security
Toxic Combination: The Pitfalls of layering real-time agents on top of Static CSPM
CSPM was never built for detection and response. It was built for prioritization. Trying to bolt real-time response onto a static, scan-based system doesn’t just fall short—it actively misleads security teams.
Or Shoshani
Feb 14, 2025
min
Cloud Security
MITRE ATT&CK for AWS: Understanding Tactics, Detection, and Mitigation
The MITRE ATT&CK framework is a globally recognized knowledge base of adversary tactics and techniques that provides a structured model for cyber threats. In the context of cloud computing (such as Amazon Web Services),ATT&CK is extremely useful for mapping out potential attack paths and strengthening AWS security. By aligning AWS security monitoring and incident response with ATT&CK tactics, security teams gain a common language to describe threats and can ensure coverage for each phase of an attack lifecycle. This helps SOC analysts and cloud security engineers systematically detect malicious behavior and respond effectively, using AWS’s native tools and logdata.
Stream Team
Jan 2, 2025
10
min
Cloud Security
From SIEM to Stream: Why SIEM is No Longer Enough to Mitigate Cloud Threats
Make your existing SIEM work for the cloud with Stream Security’s Cloud Detection & Response platform
Stav Sitnikov
Dec 30, 2024
5
min
Cloud Security
A Layered Approach to Reducing False Positives in Cloud Security
Discover how real-time context in cloud security can reduce false positives and improve threat response. Stream Security provides visibility into network reachability, identity exploitability, and security controls, helping teams prioritize genuine risks and mitigate threats efficiently without disrupting business operations.
Tal Shladovsky
Sep 18, 2024
5
min
Cloud Security
How to Outpace the Adversary with Stream Security
As organizations increasingly migrate to the cloud, the landscape of cybersecurity evolves, presenting new and complex challenges for security teams. The dynamic nature of cloud environments, coupled with the scale and sophistication of potential threats, demands a proactive and context-driven approach to threat detection. Traditional security measures often fall short, requiring security teams to adapt and develop strategies that can effectively identify, prioritize, and neutralize threats in the cloud. In this blog, we’ll review threat detection challenges in the cloud, and how Stream Security can help overcome these challenges.
Tal Shladovsky
Aug 28, 2024
6
min
Cloud Security
Why Cloud Security Tools Have So Many False Positives?
Struggling with cloud security false positives? Learn how to overcome alert fatigue and focus on real threats by understanding the root causes of false alarms in dynamic cloud environments. Explore specific examples and discover how Stream Security can help you drastically reduce false positives and streamline your security response. Prioritize real risks and improve your cloud security posture today.
Tal Shladovsky
Aug 20, 2024
6
min
Cloud Security
What is CADR (Cloud Application Detection and Response)?
Cloud Application Detection and Response (CADR) is an emerging approach to cloud security that offers real-time protection and response capabilities. Crucially, CADR is designed specifically for Security Operations (SecOps) teams, setting it apart from other cloud security frameworks. To understand its significance, we need to examine its core components and how they compare to existing solutions, particularly the Cloud-Native Application Protection Platform (CNAPP) framework.
Stream Team
Jul 18, 2024
3
min
Cloud Security
The Imperative for CDR (Cloud Detection and Response)
The complexity and pace of cloud environments result in constant changes that are difficult to monitor and secure. Security teams are inundated with alerts, each requiring thorough investigation to determine if it represents a real threat. This constant vigilance can lead to resource overload, missed threats, and delayed responses. Here’s why CDR is indispensable:
Stream Team
Jun 9, 2024
5
min
Cloud Security
AWS Detective for security investigation
Discover how Amazon Detective enhances security investigations by analyzing AWS log data. This guide covers its features, including interactive visualizations and continuous monitoring, to help detect threats and understand security incidents.
Stream Team
Feb 8, 2024
min
Cloud Security
The Rise of Real Time Exposure Detection
In the ongoing battle between cyber adversaries and defenders, the odds are often stacked against the guardians of digital assets. Defenders face a challenging task – they must secure their systems 100% of the time, while adversaries need only find one vulnerability to breach their defenses. This inherent imbalance presents a significant challenge to the cybersecurity community, where constant vigilance is necessary.
Maor Idan
Dec 14, 2023
3
min
Cloud Security
Harmonizing Security and DevOps: Navigating the Cloud Environment
Maor Idan
Nov 13, 2023
3
min
Cloud Security
Still using SIEM for Cloud Detection and Response?
Maor Idan
Nov 12, 2023
5
min
Cloud Security
Cloud Threat Detection Using the MITRE ATT&CK Framework
In the realm of cybersecurity, the escalation of threats, especially in cloud environments, demands robust and adaptive strategies for threat detection and response. The MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations, offers a structured approach to understanding and tackling security threats. This article delves into the utilization of the MITRE ATT&CK framework for enhancing cloud threat detection.
Stream Team
Nov 9, 2023
min
Cloud Security
How to identify a compromised EC2 instance using VPC Flow logs and Amazon GuardDuty
Amazon GuardDuty is a threat detection service that uses machine learning and other techniques to identify malicious activity and unauthorized behavior in your AWS accounts and workloads. It integrates with other AWS security services to provide a comprehensive view of your security posture and helps Security, DevOps, Compliance and Incident response teams to quickly respond to security threats.
Tal Shladovsky
Nov 7, 2023
7
min
Cloud Security
Cloud Security Posture Management (CSPM) Explained
Stream Team
Nov 2, 2023
min
Cloud Security
AWS Well-Architected Framework: Security
The Security pillar of the AWS Well-Architected Framework is focused on ensuring that workloads are designed, deployed, and managed in a secure manner. It includes implementing security best practices, such as protecting data confidentiality, integrity, and availability, managing user access and privileges, and implementing network and application-level security controls.
Tal Shladovsky
Nov 2, 2023
4
min
Cloud Security
AWS GuardDuty for threat detection
Amazon GuardDuty serves as a threat detection solution that employs machine learning and various methodologies to detect malevolent activities and unauthorized conduct within your AWS accounts and workloads.
Stream Team
Jul 13, 2023
min
Cloud Security
AWS well architected framework
Strengthening Your Cloud Infrastructure: A Deep Dive into the AWS Well-Architected Framework's Security Pillar
Stream Team
Jun 22, 2023
min
Cloud Security
Cloud-Native Application Protection Platforms (CNAPP)
Understanding CNAPP and the Market Shift Towards It
Stream Team
May 18, 2023
min
Cloud Security
IAM Guide: Kubernetes on AWS
IAM roles for service accounts provide a secure and efficient way to manage access to cloud resources in a cloud environment. By assigning roles to service accounts instead of individual users, organizations can improve their security posture by minimizing the risk of human error or credential misuse.
Tal Shladovsky
May 18, 2023
10
min
Cloud Security
Cloud Investigation and Response Automation (CIRA)
Cloud Investigation and Response Automation (CIRA) - CIRA vs CDR
Stream Team
May 11, 2023
min
Cloud Security
IAM best practices and troubleshooting tips for AWS EKS
IAM plays a crucial role in securing access to resources in an AWS EKS cluster, therefor it’s important to have a strong understanding of IAM (Identity and Access Management) to effectively troubleshoot any issues that may arise.
Tal Shladovsky
May 11, 2023
4
min
Cloud Security
How to deploy sysdig Falco on an EKS cluster
Deploying Sysdig Falco on an Amazon EKS (Elastic Kubernetes Service) cluster
Stream Team
Apr 25, 2023
min
Cloud Security
Continuous Threat Exposure Management (CTEM)
Breaking down the CTEM (Continuous Threat Exposure Management)
Stream Team
Apr 18, 2023
min
Cloud Security
Cloud Infrastructure Entitlement Management (CIEM) Explained
Cloud Infrastructure Entitlement Manage (CIEM) solutions automate the process of managing user entitlements and privileges in cloud environments.
Stream Team
Mar 23, 2023
min
Cloud Security
Uncovering Hidden Data Risks with AWS Macie Sensitive Data Scanner
Amazon Web Services (AWS) introduced Macie, a fully managed sensitive data scanner designed to detect and protect sensitive information in the cloud. This article takes a closer look at AWS Macie, its features, benefits, and how it can help safeguard your organization's sensitive data.
Stream Team
Feb 14, 2023
min
Cloud Security
Moving Beyond Static, Rules and Algorithms
The shift to the cloud has brought new challenges in securing environments, with traditional static rules and static graph algorithms-based approaches to security falling short. In this article, we will explore why static rules and static graph algorithms are no longer sufficient, and why dynamic graph algorithms present a better solution for cloud security management (CSPM, CIEM, and KSPM)
Stream Team
Feb 14, 2023
min
Cloud Security
Periodic Scans vs. Real-Time Change Impact Analysis
Traditional security measures, such as periodic scans, have become increasingly inadequate in ensuring the safety and integrity of cloud environments. The cloud's rapidly evolving and dynamic nature necessitates a more practical approach: real-time change impact analysis. In this article, we will explore the limitations of periodic scans for cloud security and delve into the benefits of real-time change impact analysis as a superior alternative.
Stream Team
Feb 14, 2023
min
Cloud Security
How to deploy Tetragon on an eks cluster
Stream Team
Feb 7, 2023
min
Cloud Security
Cloud Workload Protection Platform (CWPP)
What is a Cloud Workload Protection Platform (CWPP)?
Stream Team
Nov 10, 2022
min
Cloud Security
AWS Inspector for Vulnerability and Image Scanning
AWS Inspector is a fully managed, automated security assessment service that enables you to improve the security and compliance of your applications deployed on Amazon Elastic Compute Cloud (Amazon EC2) instances. It analyzes your EC2 instances and identifies potential security vulnerabilities, deviations from best practices, and exposure to common attack vectors. With AWS Inspector, you gain valuable insights to help you mitigate risks and build more secure applications.
Stream Team
Jun 2, 2022
min
Cloud Security
A Comprehensive Solution for Agile and Real-time Security Operations, without Agents.
Stream.Security offers a solution that supercharges SecOps by providing real-time visibility and change impact analysis, enabling organizations to respond quickly and effectively to emerging threats. The core value of Stream Security lies in its ability to adapt and scale with evolving cloud environments, delivering real-time analysis, and facilitating faster troubleshooting and response times.
Stream Team
Oct 25, 2021
min
Cloud Security
AWS Config for compliance
AWS Config is a service that delivers an all-encompassing perspective on your AWS resource inventory, configuration history, and change alerts, facilitating security and governance.
Stream Team
Dec 5, 2020
min
Other categories
AI
Cloud Detection & Response
Product
What's new
Blog
From Playground to Production: Detecting EntraGoat Scenarios with Stream
Petr Zuzanov
Resources
How Shield Transformed Its Security Strategy with Cloud Detection and Response for Real-Time Protection
All Resources >
Upcoming event
Partner Event with Grit Security
All events >
News
Stream Security Automates Cloud Incident Response with Guided Runbooks
Stream Team