Olivier Le Moal - Fotolia
The Threat Stack Cloud Security Platform provides end-to-end, cloud-native security and compliance monitoring and management. Learn why it is our Editor's Choice for Innovation.
The editors at SearchCloudApplications regularly recognize cloud applications, platforms and services for their innovation and market impact. The Threat Stack Cloud Security Platform is SearchCloudApps' new Editors' Choice for Innovation.
Product: Threat Stack Cloud Security Platform
Vendor: Threat Stack
Release date: February 17, 2016
What it does
On the centralized dashboard, the Threat Stack Cloud Security Platform provides a total view of "who is doing what in our environments, giving us tighter visibility," said user Trevor Hawthorn, CTO of Wombat Security Technologies, an information security training software provider. That interface also gives Hawthorn the tools to control and act on security and compliance alerts.
Threat Stack Cloud Security Platform (CSP) gives security and DevOps teams integrated, continuous security and compliance monitoring and management wherever their applications live, according to Chris Gervais, Threat Stack VP of engineering. For public, private and hybrid cloud and on-premises environments, the cloud security platform automates the monitoring of workloads, infrastructure, vulnerabilities and compliance and provides alerts, reports and analysis. The user views and controls all security and compliance activities on a single dashboard.
Trevor HawthornCTO of Wombat Security Technologies
Threat Stack's automated alert tags aggregate host data alerts and provide infrastructure tag information about detailed server-specific context. This functionality frees users from spending hours reviewing logs manually, Gervais said. Just click a tag on the dashboard to see each alert's process details, context and the identity of the user involved.
From CSP's launch date in February, Threat Stack's goal was to move from just a set of tools to a complete cloud security platform. "We're constantly extending the scope of what users could do with one platform," Gervais said. For example, in August, automated rules management workflows and streamlined cloning capabilities were added to CSP. Among other capabilities, the rules management features help streamline intrusion detection configuration maintenance and changes by allowing users to apply one change across multiple instances. With the cloning feature, security managers can apply and tailor existing or new rule sets as required by changing environments or user behavior.
Why it's cool
Hawthorn's team at Wombat Security has spent less time writing custom alerts thanks to the comprehensiveness of Threat Stack Cloud Security Platform's alert tags and vulnerability assessment reports, which are part of its data collection and anomaly detection capabilities. The platform has reduced the time they spend finding and responding to security and compliance incidents from hours to minutes, he said.
"It's a full-time job to write all these alerts," Hawthorne said. "Then, if we saw something wrong, like a machine misbehaving badly from a security standpoint, it was difficult to go back and detect individual events."
Gervais sees CSP's depth of tracked information as a coolness factor. Having easy access to historical PCI policy (Payment Card Industry) or HIPAA (Health Insurance Portability and Accountability Act) activities helps when a new incident occurs. When dealing with vulnerabilities, CSP has a mechanism in place to track vulnerable software and to show over time whether you've taken the steps to address those vulnerabilities.
What a user says
Having the flexibility of a cloud-native platform comprised of open-source software built in the cloud for the cloud means a lot, according to Hawthorne. Other security tool suites he'd evaluated had been limited in cross-platform capabilities. Being cloud-native, Threat Stack CSP can be deployed across many host platforms, be they cloud or on-premises. CSP is wrapped into the stack and the Linux kernel, thus providing a continuous view into host-level changes, said Hawthorne. This depth simplifies tracking security events across an immutable environment.
"Threat Stack also has the tie-ins where it will pull stuff out of the Amazon API, so we can correlate events," Hawthorne said. "So, if there's something screwy goes on with one of our servers, we can tie it back to the stuff that we see out of the Amazon API. We have some custom rules set up so that if anybody does anything with our infrastructure and it doesn't come from specific IP addresses, Threat Stack will alert us."
Hawthorne calls Threat Stack Cloud Security Platform an "innovative" technology provider. "As anybody in our industry knows, there's no one silver bullet to security, but Threat Stack is definitely a key piece that gives us a really good capability."
Threat Stack Cloud Security Platform is available in Basic, Advanced and Pro editions that start at $9 per month, per instance. A free trial is available.
Securing the Web's dial tone: REST API security updates
Software testing skills to help you fit in
Secure testing: Making software safe