Threat Stack Unveils Cloud Security Platform® (CSP) Operational Workflow Enhancements to Decrease Time to Detection

BOSTON – November 14, 2016 —

Threat Stack, a leader in Cloud Security and Compliance Management, today announced new features to the Threat Stack Cloud Security Platform® (CSP) to enable easy customization and decrease total time to detection for busy security and operations teams. The updates to the platform streamline workflows in three key areas: host intrusion detection (HIDS) rules management; management of servers protected by Threat Stack; and software vulnerability assessment and management. These enhancements further reduce the time investment needed to keep scaling cloud environments secure.

“The new set of workflow enhancements to the Threat Stack Cloud Security Platform strengthen our focus on giving organizations the tools they need to easily customize and prioritize what matters the most in their environments,” said Megan Ahigian, Senior Product Manager, Threat Stack. “We understand that agility and operational velocity is key to growing your business, and the Threat Stack team continues to build out new ways to help our customers scale with confidence.”

The new set of Cloud Security Platform enhancements include:

HIDS Rules Management – Threat Stack has made it faster and easier to understand the difference between normal and suspicious behaviors in your environment, alerting you only to the events you need to know about. Enhancements include:

  • File Integrity Monitoring (FIM) is consolidated into one simple rule to manage. Simply specify the file paths to be tracked and the behaviors to be alerted to (e.g. open, modify, delete, etc.) to keep those key files protected.
  • Threat Stack default rules may now be cloned, along with rule suppressions. New users may start with default Threat Stack rules and then easily copy and modify them to match the behavior of their environment. This enables quicker understanding of what behaviors are normal and what need to be escalated.
  • Test rules before deploying them. Threat Stack makes it easy to understand how rules will behave before they are implemented with the new “test filter” feature.

Server Management – Threat Stack has redesigned its server management experience to help users find key insights about their environment as quickly as possible. See which servers are being monitored by Threat Stack at the host level versus the infrastructure level. Enhancements include:

  • New “quick filters” provide recommended views based on what filters the team uses most, and supports easy access to server details, such as tags and vulnerabilities.
  • A better user experience that enables users to quickly identify servers that have excessively long uptime, servers that are not properly reporting back to Threat Stack, or servers with software vulnerabilities.
  • Enhanced searching, filtering and sorting tools make it easier for users managing a large number of servers.

Software Vulnerability Assessment – Threat Stack has released advanced vulnerability management and reporting capabilities that help customers achieve compliance by making it easier to track remediation of vulnerabilities and collect data for auditing purposes. Threat Stack’s vulnerability assessment tool automatically evaluates packages installed on each server and compares them against multiple data sources to give customers a consolidated list of known vulnerabilities in their environment. Enhancements include:

  • A consolidated view of all software vulnerabilities found in an environment, which can be easily linked to the NVD for more information on each.
  • The ability to document what vulnerabilities the organization has chosen not to remediate, including a complete audit trail of who made the decisions, when they made them and why.

Threat Stack CSP eliminates the need for multiple point solutions by offering an integrated platform of capabilities including real-time host monitoring, vulnerability assessment, workflow integrations, compliance reporting and threat intelligence. Its cloud-native architecture automatically scales up or down with the capacity of customers’ infrastructures to ensure continuous visibility across elastic environments, including on-premise, private cloud, public cloud and hybrid environments.

These new features are immediately available to all Threat Stack users. For more information on Threat Stack, please visit