A single, cloud-native platform for workload compliance and security across the entire infrastructure stack, throughout the application lifecycle.
Cloud Posture Management
Identification of changes made to cloud configuration through service provider APIs, including host instances, security groups, IAM policy, and access keys.
Build-time and runtime application security, including developer feedback and live attack detection and blocking.
Real-time, continuous monitoring and protection for Linux and Windows virtual machine workloads.
RESTful APIs and built-in integrations that leverage existing incident response, investigation, and analytics tools.
Container & Kubernetes Security
Detection of risky behaviors, active threats, and configuration issues for containers, container orchestration, and managed container services.
Extend your team’s security expertise and resources with the Threat Stack Cloud SecOps Program℠.
Threat Stack Oversight℠
Reduce mean-time-to-respond with 24/7 monitoring and alert escalation from the Threat Stack Security Operations Center.
Threat Stack Insight℠
Improve your cloud security posture with deep security analytics and a dedicated team of Threat Stack experts who will help you set and achieve your security goals.
Follow along as the Threat Stack Security Team shows how a malicious actor leverages the unique characteristics of the public cloud to launch their attack.
See inside an active cryptomining malware campaign as Threat Stack’s Security Operations Center (SOC) details a recently discovered variant of the Shellbot malware.
Threat Stack offers unique solution packages to meet your cloud security goals.
Trade Up Program
Trade in any competitive solution and receive an invoice credit for current contract towards a Threat Stack plan, a dedicated on-boarding team, and customer service manager.
Compliance for Cloud Workloads
Demonstrate continuous monitoring to auditors with pre-built rulesets and compliance reports that map to major regulatory compliance requirements like PCI-DSS, HIPAA, and SOC 2.
Security for AWS
Integrate Threat Stack with AWS to monitor changes and misconfigurations across multiple accounts and services.
Monitor for anomalous or risky behaviors across host, container, and container orchestration to alert you to signs of compromise.
Detect and remediate vulnerabilities across your infrastructure.
File Integrity Monitoring
Monitor for creates, deletes, opens, and edits to secret files to identify nefarious activity and satisfy compliance requirements.
Correlate security signals across your entire infrastructure stack with flexible built-in integrations, APIs, and data lake integration for SIEM.
Bring Security and DevOps teams together: Deploy in minutes and auto-scale with configuration management tools and Kubernetes to monitor cloud-native resources throughout the build pipeline.
Monitor all of your de-coupled, stateless, polyglot services in a single solution, even when they’re built and deployed in separate pipelines by different teams.
Fargate Security Monitoring
Threat Stack fills the visibility gap for managed container services like AWS Fargate, with process tracking and detailed netflow metadata.
View Resource Center
Cloud security tips, insights, and ideas.
Stay up to date with the latest press releases, news, and events from Threat Stack.
Watch a sophisticated cloud attack and learn the necessary steps to prepare yourself.
Meet the Threat Stack leadership team.
Building a great company starts with building a great team.
55 Summer Street
Boston, MA 02110
Hear what our customers explain how Threat Stack has made them more successful and secure.
Become a Threat Stack Partner.
How can we help you?
As a Senior Software Security Engineer on Threat Stack’s Security team, Mark focuses on guiding development teams in the practice of secure application coding that meets our data security and compliance standards. He also codes secure applications himself as well as building security-related services and product features. Prior to Threat Stack, Mark gained extensive full stack application development experience in large companies and small startups with a special focus on application security.
22 total posts.
April 7, 2020
Telecommuting — also known as working from home (WFH), remote working, and a number of other names — has been around for about 50 years, having ...
March 3, 2020
Young tech companies running in the cloud often deal with the same cloud security issues as larger organizations that are moving to the cloud from ...
February 13, 2020
In the increasingly difficult times of protecting our own digital life or helping others protect theirs, we must be ever vigilant about ensuring that ...
February 4, 2020
It’s safe to say that everyone is impacted — directly or indirectly — by cybersecurity issues these days, and given that fact, security ...
January 7, 2020
Dev and Ops teams constantly evolve their technology and procedures to increase speed and lower costs. Typically this leads to increasingly ...
November 14, 2019
In a SaaS world, everyone wants to move fast! Rapid development can slash time to market and put you in a strong competitive position, and of ...
October 29, 2019
Our last post on HIPAA compliance — HIPAA Compliance Tips & Best Practices — Building Your Foundational Knowledge — provided expert ...
October 24, 2019
When adopting containers, organizations need to create a risk profile for the types of threats and vulnerabilities they expect to experience. This ...
October 22, 2019
The last few years have seen a number of failures in the field of HIPAA compliance and fines that would put many smaller-scale practices out of ...
September 17, 2019
Compliance isn’t as simple as a connect-the-dots exercise. When you consider how fast companies are moving to and expanding in the cloud, and then ...
September 5, 2019
Any organization that has access to electronic Protected Health Information (ePHI) must comply with HIPAA. If your organization needs to be ...
August 16, 2019
PCI DSS stands for Payment Card Industry Data Security Standard. These standards are in place to help businesses protect themselves and their ...
April 25, 2019
The Health Insurance Portability and Accountability Act, or HIPAA, is a United States law that seeks to protect the privacy of patients’ medical ...
January 16, 2019
This AWS Security Readiness Checklist is intended to help organizations evaluate their applications and systems before deployment on AWS. This ...
January 11, 2019
DevOps is about seamless collaboration between Development and Operations, and you need to have the right tools in your environment to help make this ...
October 25, 2018
New global data from Checkmarx reveals that 92 percent of organizations struggle to implement security into DevOps — even though they say they want ...
October 18, 2018
Security budgets are rising, but are they helping with challenges caused by the security talent shortage? This post offers insights from our recent ...
October 3, 2018
DevOps has enabled businesses to bring products to market faster than ever before. But what about security?
In our recent survey, Refocusing ...
September 17, 2018
For an updated list, take a look at Mark Moore's 25 Best Cloud Security Podcasts to Visit in 2020.
Some of the earliest podcasters were ...
August 15, 2018
When it comes to creating a solid SecOps program, an organization must consider people, processes, and technology. It’s not one area that makes a ...
May 2, 2018
Creating APIs for your SaaS products provides invaluable benefits to your customers, allowing developers to plug into your resources and bring their ...