Threat Stack Included in Gartner Market Guide for Cloud Workload Protection Platforms Report

We believe Threat Stack’s cloud security approach is validated by
inclusion in Gartner’s “Market Guide for Cloud Workload Protection Platforms” Report


Today’s rapidly evolving cloud security landscape is crowded with vendors who take a variety of approaches to providing risk management solutions. Inevitably, some of these are more effective than others. And this, of course, has a direct impact on organizations as they try to select a vendor who will help them achieve the strongest posture for securing their operations, data, and applications.

From the viewpoint of consumers of cloud security solutions, this landscape can be confusing. At times, it seems, there are too many vendors, an absence of formal evaluation criteria, and, ultimately, not enough clarity. In our opinion, however, the following two questions will help simplify the issue:

  1. What security approach is most effective for managing risk in today’s modern infrastructure, including cloud, hybrid, and containerized environments? (Spoiler alert: The absence of a defined security perimeter renders legacy security solutions obsolete.)
  2. What core capabilities must a platform have so that Security and Operations disciplines can be integrated in order to reduce risk and accelerate business velocity?

Our purpose in this post is to answer these questions by describing Threat Stack’s identity and value in relation to the framework provided by Gartner’s recently created Cloud Workload Protection Platform (CWPP) category. More specifically, we will outline our approach to cloud security, discuss the core elements of Threat Stack’s next-generation intrusion detection platform, and its alignment within Gartner’s Market Guide for Cloud Workload Protection Platforms Report.

As appropriate, we reference Gartner’s Market Guide for Cloud Workload Protection Platforms Report to indicate where and how we align with its recommendations.

So let’s take a look at Threat Stack’s position in the cloud security landscape, its core value, and its alignment with the recommendations outlined by Gartner.

Threat Stack’s Position in Today’s Cloud Security Landscape

Threat Stack is an intrusion detection platform.

Unlike traditional intrusion detection that relies on the presence of a defined perimeter, Threat Stack offers a comprehensive intrusion detection platform with support for:

  • Multiple Types of Complex Environments: Cloud, Hybrid-Cloud, Multi-Cloud, On-Premise, and Containers
  • Multiple Types of Detection: Behavior on the Host, Cloud Configuration Auditing, Vulnerabilities, File Integrity Monitoring, and Threat Intelligence
  • Multiple Types and Points of Attack: External or Internal Threats, and Different Stages During an Attack

This approach helps organizations reduce their risk level and know with confidence that they will be alerted to any anomalous behaviours — no matter what approach an attacker takes. As noted in Gartner’s Market Guide for Cloud Workload Protection Platforms Report (page 1), “Security and risk management leaders should use risk-based models to prioritize evaluation criteria for cloud workload protection platforms.”

The Threat Stack Value

Threat Stack enables Security and Operations disciplines to work together to reduce risk over time and accelerate business velocity — which also aligns with recommendations in the Gartner Market Guide for Cloud Workload Protection Platforms Report: “A large number of vendors offer CWPP solutions that vary widely in their capabilities. We recommend that organizations apply a risk-based security strategy when developing their server workload protection strategy.” (Gartner Gartner’s Market Guide for Cloud Workload Protection Platforms Report, page 5.)

In greater detail, Threat Stack enables organizations to save time, increase efficiency, and strengthen security by:

  1. Enabling users to immediately differentiate between day-to-day activities and actual security issues.This builds trust and confidence because Threat Stack enables users to see the entire attack surface along with easy-to-understand data — so they can take immediate action on items requiring attention versus routine behaviors that can be ignored.
  2. Integrating Security and Operations disciplines to reduce risk over time.Using Threat Stack, Security and Operations teams can significantly enhance their productivity and improve Security by automating security into their workflows through a single shared platform.
  3. Detecting anomalous behaviors at scale in a single platform.
    Threat Stack provides a single platform that enables users to see all anomalous behavior over multiple environments (including cloud, hybrid, and other complex environments) in one location. The platform also frictionlessly accommodates real-time scaling up and down, without the need for configuration changes.
  4. Providing a unified, comprehensive picture, rather than fragmented data points.Not having to chase down fragmented data points from multiple point solutions cuts Mean Time To Resolution, and continuous monitoring along with real-time alerting lets users know exactly what action is required.
  5. Seamlessly monitoring containers.Extensive container integration, including Docker, creates work efficiency and provides visibility in container environments, allowing users to detect anomalous behavior at runtime.
  6. Achieving continuous compliance for PCI, HIPAA, SOC 2, and other compliance standards.Meeting compliance and customer requirements is simplified through the use of Threat Stack’s out-of-the-box rules sets.

Gartner Recommendations

In the preceding sections we outlined Threat Stack’s position in the security landscape and focused on elements that make the platform unique and valuable. Now we are going to have a look at the core recommendations presented in Gartner’s Market Guide for Cloud Workload Protection Platforms Report and follow this with a discussion of Threat Stack’s alignment with these recommendations.

Gartner includes the following recommendations which provide guidance on prioritizing evaluation criteria for CWPP. (Note: Text in green is from Gartner Inc.’s “Market Guide for Cloud Workload Protection Platforms.”)

Security and risk management leaders tasked with acquisition, strategizing and planning should:

  • Not assume end-user endpoint protection platforms are best-suited to private and public cloud workloads, which have vastly different protection requirements.
  • Require vendors to support the visibility and control of workloads that span physical and virtual machines, containers and multiple public cloud IaaS, all from a single policy management framework and console.
  • Require vendors to support native integration with VMware, Amazon Web Services and Microsoft Azure APIs and labeling for policy management
  • Require vendors to API-enable security protection functions to be automated and integrate into DevSecOps-style workflows

Threat Stack Alignment With Gartner Recommendations

Let’s end today’s discussion by returning to the two questions we asked at the outset:

  1. What security approach is most effective for managing risk in today’s modern infrastructure, including cloud, hybrid, and containerized environments?

  2. What core capabilities must a platform have so that Security and Operations disciplines can be integrated in order to reduce risk and accelerate business velocity?

To answer the first question: The approach that works best for managing risk in today’s modern infrastructure is intrusion detection.

In designing an intrusion detection platform that is specifically suited to helping organizations manage today’s cyber threats, Threat Stack has created a purpose-built intrusion detection platform that enables organizations to integrate Security and Operations disciplines to reduce risk over time and to help accelerate business velocity.

To answer the second question, the capabilities that a cloud-native platform requires are those found in the Threat Stack intrusion detection platform:

  • Threat Stack is purpose-built for the cloud and its unique challenges. Therefore, it does not assume that end-user endpoint protection platforms are best-suited to private and public cloud works.
  • Threat Stack has the ability to span multiple environments using a single policy management framework and console, providing deep visibility into any Linux or Windows host, from a short-lived virtual machine in the public cloud or a bare metal server in a data center.
  • Threat Stack enables deep integrations with AWS and leverages EC2 tags to streamline many use cases through its API.
  • Threat Stack was designed specifically to bring Security and DevOps together. Deployment of Threat Stack is fully automatable and fits seamlessly into continuous delivery pipelines and DevOps workflows.

Final Words . . .

Given the general lack of clarity that characterizes cloud workload security, Gartner Inc. has introduced some much-needed precision that goes a long way toward defining the characteristics of the space and what a modern workload security platform should include.

While no single definition and no list of requirements can be called definitive at this point, the Gartner guidelines establish a solid foundation that potential adopters can use as evaluation criteria during a purchase decision.

In this context, Threat Stack is an intrusion detection platform that solves the larger problem of integrating Security and Operations disciplines to reduce risk over time and accelerate business velocity.

To learn more about Threat Stack’s intrusion detection platform, please contact us for a demo.

For valuable guidance on the rapidly evolving Cloud Workload Protection space, read Gartner Inc.’s Market Guide for Cloud Workload Protection Platforms Report.

 


Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.