Cloud Security Platform
A single, cloud-native platform for workload compliance and security across the entire infrastructure stack, throughout the application lifecycle.
Threat Stack Oversight (SOC)
Reduce mean-time-to-respond with 24/7/365 monitoring and alert escalation from the Threat Stack Security Operations Center.
Threat Stack Insight
Improve your cloud security posture with deep security analytics and a dedicated team of Threat Stack experts who will help you set and achieve your security goals.
File Integrity Monitoring
Container & Kubernetes Security
Cloud Security Posture Management
Application Security Monitoring
Cloud Compliance Overview
Insider Threat Detection
Fargate Security Monitoring
AWS Graviton2 / Arm Support
ThreatML - Cloud Machine Learning
Security Research Center
Case Studies & Testimonials
View Resource Center
Cloud security tips, insights, and ideas.
Stay up to date with the latest press releases, news, and events from Threat Stack.
Watch a sophisticated cloud attack and learn the necessary steps to prepare yourself.
The Threat Stack Cloud Security PlatformⓇ with ThreatML™ host based intrusion detection system (HIDS) contextualizes security data from deep within the operating system, and combines it with security telemetry from across your cloud infrastructure.
Out host based intrusion detection system (HIDS) monitors all user or group modifications to help you catch privilege escalations, attempts by unapproved sudo users, abnormal login or user access attempts, and other risky activity.
We watch for abnormal process events and other activity that could indicate malware or other dangerous command and control activity. We also monitor and alert on risky activities associated with critical or sensitive files, such as when files are opened, copied, moved, created, or modified in a way that appears suspicious.
We combine the machine learning engine of ThreatML and pre-built rules to detect known risks at massive scale and quickly uncover unknown anomalies across cloud workloads — so you can respond to threats faster.
Our host based intrusion detection (HIDS) can identify changes to application services like web servers, database server binds, or proxy nodes, and other critical system service changes.
Threat Stack offers multiple deployment options, so you can add host based intrusion detection without slowing DevOps velocity. Get up and running in minutes, with no additional infrastructure, via the following methods:
Threat Stack HIDS captures all security audit signals by default from native OS subsystems like Linux Audit or the Windows Event Log. Collected telemetry data is enriched in the Threat Stack Cloud Security Platform®, where it's combined with metadata from EC2 instances, AWS management console activity, and more. This approach provides context-rich data that informs proactive security measures like threat hunting and predictive analytics, as well as the precision needed when reacting to an active cyber attack.
Most of the time, the agent is simply gathering data and securely sending it to the Threat Stack platform. More processing happens platform-side, where events are parsed and alerts are fired. In the platform, all of the alerting is based on rules. Several hundred rules come out-of-the-box, and they are all directly customizable so you can ensure that security monitoring is fully tuned and optimized for specific workloads and compliance requirements. On the back end, raw event data is exportable off the platform and into your own S3 bucket.
Threat Stack delivers advanced anomaly detection with ThreatML, a machine learning engine that enhances security observability for the Threat Stack Cloud Security PlatformⓇ, Threat Stack Oversight℠, and Threat Stack Insight℠
By combining full-stack telemetry, machine learning, rules, and human expertise, Threat Stack empowers security teams to accelerate mean-time-to-know (MTTK), focus on high-severity threats, save time, and reduce cost.
Threat Stack intrusion detection behavioral analysis looks for potential signs of compromise and collects data such as:
At a high level, Threat Stack intrusion detection can be deployed in minutes to collect real-time security audit data from the operating system, handle file integrity monitoring (FIM), and capture user-space events. Threat Stack currently supports various versions of the following operating systems:
for specific versions and minimum kernel requirements.
We're a longtime customer that engaged with ThreatStack when they were a very young company. Threat Stack aggregates all of our Linux systems-level events and automatically classifies them according to severity (1, 2, and 3). Threat Stack comes with a default rule set that is good, and there is also a set of rules tuned ...
John N, Mid-Market (51-1000 emp.)