Cloud Security Platform
A single, cloud-native platform for workload compliance and security across the entire infrastructure stack, throughout the application lifecycle.
Threat Stack Oversight (SOC)
Reduce mean-time-to-respond with 24/7/365 monitoring and alert escalation from the Threat Stack Security Operations Center.
Threat Stack Insight
Improve your cloud security posture with deep security analytics and a dedicated team of Threat Stack experts who will help you set and achieve your security goals.
File Integrity Monitoring
Intrusion Detection
Container & Kubernetes Security
Vulnerability Assessment
Cloud Security Posture Management
Application Security Monitoring
Cloud Compliance Overview
DevSecOps Security
Microservice Security
Insider Threat Detection
AWS Security
Fargate Security Monitoring
CloudTrail Monitoring
ThreatML - Cloud Machine Learning
Integrations
XDR Solutions
Security Research Center
Customers
Case Studies & Testimonials
Video Overview
Reviews
View Resource Center
Blog
Cloud security tips, insights, and ideas.
Newsroom
Stay up to date with the latest press releases, news, and events from Threat Stack.
Press Kit
Watch a sophisticated cloud attack and learn the necessary steps to prepare yourself.
Please enable JavaScript in your browser for better use of the website, some features like forms and videos use Javascript in order to display the elements.
The Threat Stack Cloud Security PlatformⓇ with ThreatML™ host based intrusion detection contextualizes security data from deep within the operating system, and combines it with security telemetry from across your cloud infrastructure.
Out host based intrusion detection solution monitors all user or group modifications to help you catch privilege escalations, attempts by unapproved sudo users, abnormal login or user access attempts, and other risky activity.
We watch for abnormal process events and other activity that could indicate malware or other dangerous command and control activity. We also monitor and alert on risky activities associated with critical or sensitive files, such as when files are opened, copied, moved, created, or modified in a way that appears suspicious.
We combine the machine learning engine of ThreatML and pre-built rules to detect known risks at massive scale and quickly uncover unknown anomalies across cloud workloads — so you can respond to threats faster.
Our host based intrusion detection can identify changes to application services like web servers, database server binds, or proxy nodes, and other critical system service changes.
Threat Stack offers multiple deployment options, so you can add host based intrusion detection without slowing DevOps velocity. Get up and running in minutes, with no additional infrastructure, via the following methods:
Threat Stack host based intrusion detection captures all security audit signals by default from native OS subsystems like Linux Audit or the Windows Event Log. Collected telemetry data is enriched in the Threat Stack Cloud Security Platform®, where it's combined with metadata from EC2 instances, AWS management console activity, and more. This approach provides context-rich data that informs proactive security measures like threat hunting and predictive analytics, as well as the precision needed when reacting to an active cyber attack.
Most of the time, the agent is simply gathering data and securely sending it to the Threat Stack platform. More processing happens platform-side, where events are parsed and alerts are fired. In the platform, all of the alerting is based on rules. Several hundred rules come out-of-the-box, and they are all directly customizable so you can ensure that security monitoring is fully tuned and optimized for specific workloads and compliance requirements. On the back end, raw event data is exportable off the platform and into your own S3 bucket.
Threat Stack delivers advanced anomaly detection with ThreatML, a machine learning engine that enhances security observability for the Threat Stack Cloud Security PlatformⓇ, Threat Stack Oversight℠, and Threat Stack Insight℠ By combining full-stack telemetry, machine learning, rules, and human expertise, Threat Stack empowers security teams to accelerate mean-time-to-know (MTTK), focus on high-severity threats, save time, and reduce cost.
Threat Stack intrusion detection behavioral analysis looks for potential signs of compromise and collects data such as:
At a high level, Threat Stack intrusion detection can be deployed in minutes to collect real-time security audit data from the operating system, handle file integrity monitoring (FIM), and capture user-space events. Threat Stack currently supports various versions of the following operating systems:
for specific versions and minimum kernel requirements.
We're a longtime customer that engaged with ThreatStack when they were a very young company. Threat Stack aggregates all of our Linux systems-level events and automatically classifies them according to severity (1, 2, and 3). Threat Stack comes with a default rule set that is good, and there is also a set of rules tuned ...
John N, Mid-Market (51-1000 emp.)
This site uses cookies to provide better user experience. By using this site, you are accepting our use of cookies. View Privacy Policy.