Magic for DevOps Teams — Threat Stack Announces Containerized Agent

Do You SecOps?

Quickly assess the security & automation of your infrastructure

Start Here

Every day, malicious actors are taking more complex routes into cloud infrastructure and leveraging increasingly covert traits to persist for longer periods of time. As Dark Reading put it in a recent article, “Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.” With the rapid adoption of containers and orchestration tools as part of that infrastructure, organizations are presented with yet another layer to protect from these complex attacks.

Containers bring many advantages to DevOps such as easier write-test-deploy cycles, flexibility to explore new frameworks, and a simpler way to make updates to individual resources or a range of components in your applications. As more teams move towards containerized workloads, DevOps teams expect the security tools they leverage to keep pace without slowing them down.

To ensure alignment with those expectations, Threat Stack is excited to announce a containerized agent that will be available to customers next month. The containerized agent will provide the deployment and velocity benefits of containerization while concurrently monitoring and alerting on container activity across the entire infrastructure, no matter where customers fall on the container adoption spectrum.


In today’s cloud landscape, people are switching to containers and using orchestration systems like Kubernetes for simple but powerful reasons: efficiency and velocity. However, these benefits are not without their risks.

Making the switch to a more ephemeral infrastructure can help teams innovate more quickly, but it reduces visibility into the environment and widens the potential attack surface with each container deployed. ESG reports that 35 percent of organizations’ current server workload security solutions do not support the same functionality for containers, requiring the use of separate container security technologies. This adds cost and complexity to safeguarding valuable IT assets.

Threat Stack’s containerized agent helps identify risks by giving the same visibility into user, file, and network activity on each container just like our host-based agent always has. In doing so, Threat Stack offers an optimized deployment model to ensure that security does not hinder speed and scalability in containerized infrastructures.


(Note how the Threat Stack agent can access other containers, Docker, and the host from the containerized deployment.)


The Threat Stack containerized agent has a number of key benefits — each one playing a role in ensuring that teams that leverage containers can move fast without sacrificing security:

Optimized deployment in a single container per host

Threat Stack’s containerized agent deploys in its own standalone container. By deploying this way, there is no need to deploy security code in any other containers. Rest assured that you will still receive real-time file, user, and network activity monitoring and alerting for each individual container.

2-step deployment

The containerized agent will be packaged up as a Docker image file, making it easy to convert from Docker Hub to Docker Hub Pull, and deploy. You can continue to benefit from the operational advantages of containerization by pushing Threat Stack via the same CI/CD methodologies already in use.

Integration with Kubernetes DaemonSets

You can integrate the Threat Stack container directly into your existing K8S DaemonSets to automate deployment and ensure that no pod is left exposed as you scale up and down rapidly. This allows you to scale containers as you normally would without having to sacrifice security.


By containerizing the agent, we want our customers to be able to experiment with and leverage the latest infrastructure trends with peace of mind. As infrastructure evolves, it can be challenging to maintain the same level of security visibility across hosts, containers, and the infrastructure control plane. Threat Stack ensures that each of those is covered and you will not sacrifice security in order to scale rapidly and efficiently.

For more information about the containerized agent and the problems it solves, check out our Securing Containerized Environments webpage.