Threat Stack Cloud Security Platform: Streamlined Workflows, Part 2

In the first part of 2016, Threat Stack’s Product Development team concentrated on its goal of continuing to build a powerful, cloud-based security platform with all the features users need to keep their cloud environments protected as they scale.

More recently, we have focused on our second goal — streamlining workflows in three key areas of our Cloud Security Platform® — to ensure that it is easy to use and customize, thus enabling users to move as fast as possible while they prioritize security issues and strengthen their organization’s security.

In Part 1 of this series I explained how we streamlined our Host Intrusion Detection (HIDS) workflows. In Part 2, I am going to describe improvements we’ve made to workflows in the following two areas:

  • Server Management
  • Software Vulnerability Assessment and Management

Server Management

The newly redesigned Server Management page allows users to gain visibility into the servers in their environment all in one place. The page provides quick access to important details about the servers they have under management — such as their AWS or Threat Stack tags and the HIDS rules that are being applied to them.

To make it easy to obtain and view critical information, we have added a powerful search and filter capability that lets users identify:

  • Servers that have had a long uptime. (We recommend replacing or rebooting servers when possible to ensure that new kernel updates are applied.)
  • Servers that have lost contact with Threat Stack
  • Servers with software vulnerabilities
  • Servers running an out-of-date version of the Threat Stack agent


For users who have our AWS EC2 integration enabled, the Server Management page also provides a consolidated view of EC2 instances and their properties. Specifically, users can:

  • View important attributes of the EC2 instance, such as VPC, Subnet, Region, tags, and AMI
  • View instances that are protected by a particular Security Group or access key
  • View which instances are not protected by the Threat Stack agent



Software Vulnerability Assessment and Management

Moving beyond Server Management, we have also streamlined the interface and workflows associated with Software Vulnerability Assessment and Management.

Specifically, we have made it easy to view all vulnerabilities throughout a user’s environment, organized by package and CVE. If there are vulnerabilities that won’t get remediated, users now have the ability to hide them from view but still capture all relevant details, including the reason, for auditing purposes.



Final Words . . .

Threat Stack’s Host Intrusion Detection Rules Management, Server Management, and Software Vulnerabilities Assessment and Management capabilities enable users to obtain deep insights and highly actionable information that helps strengthen the security of their cloud environments. The newly streamlined workflows for these functions increase agility and operational velocity, enabling users to further strengthen their security posture. As we move into 2017, we will be unveiling additional plans to enrich the Cloud Security Platform platform through new core functionality and optimized workflows. Stay tuned!