Post banner
Threat Stack 3 Min Read

A Deep Dive on Threat Stack: Recap of our Live Product Q&A

This week our product team, led by Chris Gervais, Threat Stack’s VP of Engineering, and Aaron Botsis, Threat Stack’s Product Manager, hosted a live Q&A webinar, diving into the intricacies of security for cloud-native environments and what Threat Stack is doing about it. Before the webinar, we asked attendees to submit their most pressing questions, letting them take the reigns in the discussion. We had many great questions come in and took care to cover as many as possible. We also demoed Threat Stack itself to show how the platform works and some recent updates based specifically on customer feedback.

If you weren’t able to attend the webinar, or want a second look at what was covered, you can watch the recording and review our recap below:

Live Product Q&A Recap

1. Threat Stack Architecture: How Threat Stack is cloud native and why that’s best for continuous cloud security monitoring.

Chris kicked off the webinar with a brief overview of what Threat Stack does and the core problem we solve. As we all know, the cloud means something different to everyone and as such, presents a variety of challenges and use cases. However, there is one common thread: we all need cloud-native, continuous security monitoring tools that scale as our environments grow. We use Threat Stack ourselves, so we completely get it. We’re fully AWS native, use a variety of cloud-based applications and are heavily invested in DevOps. Like our customers, we need a security solution that scales with us as we grow. This is the core foundation from which Threat Stack was built.

Since we use Threat Stack internally on a daily basis, we’re always improving on the best ways to deploy agents to make getting started as fast as possible. Chris demonstrated the multiple ways in which companies can deploy agents and how we’ve optimized our platform to seamlessly scale with you. It’s literally as simple as putting the agent on your instance and letting us do all the rest. This means that even extremely large-scale deployments are a snap.

2. New Features: Key updates for deploying Threat Stack agents even faster, our expanding EC2 integration, and a brand new alert view.

Chris then explained several new features added to Threat Stack, most of which were derived directly from customer feedback and our own use of the product:

Deploying Threat Stack Agents

We’re insanely focused on making it as fast as possible for you to get up and running with Threat Stack so you can continue on with what really matters — running your business. Because of that, we took the time to develop templates for getting started on Threat Stack using Chef, Puppet or Ansible. While we were at it, we also improved the packaging of the agent.

Amazon EC2 Integration

Like our customers, we too use AWS, so we understood that having deep integration with AWS was key for our solution. One of the most important and desired features of our AWS integration is the monitoring of EC2 instances to show you exactly where you’re covered (and where you’re not…yet).

Once Threat Stack is deployed, it conducts an initial spread of your EC2 infrastructure to show you what’s covered and then regularly scans for updates. In one clean dashboard, Threat Stack users can see the types of systems that are running (even in the background) and which are covered and which are not, allowing you to target and deploy agents to protect every instance. Without Threat Stack running, there is actually no good way to view all this.

To answer several attendee questions, yes, our AWS integration is just the starting point for our partnership and integration with AWS. We have much more coming — stay tuned for that!

New Alert View

Alerts can get noisy — fast. We’ve meticulously tuned our platform to ensure you receive only the most important alerts that are deserving of your attention, indicating a potential threat, and quiet all others. We currently support alerts via email and desktop, and have more options coming soon. As a few attendees asked, several new integrations are already underway with other DevOps tools to allow for even better alerting functionality to align with your existing workflow.

Best Practices: Mastering alert curation to take smarter action on potential threats

Aaron then unveiled the curtain on our brand new alert view. He showed what we improved, why we improved it and how we use it ourselves. Most importantly, he explained the suppression functions which allow you to customize alerts for exactly what matters most to you. Creating alerts is now easier and faster than ever, adding in the ability to filter them by event type, creating specific suppression rules and even self-learning rules.


The second half of our webinar was spent diving into the questions attendees submitted both before and during the webinar. Many questions were in fact covered during the first half of the webinar as they related to integrations, functionalities and alerts.

If you were not able to attend, or have more questions for us since then, please feel free to ask us anything by emailing us at [email protected].

Ready to get started with Threat Stack?