A single, cloud-native platform for workload compliance and security across the entire infrastructure stack, throughout the application lifecycle.
Cloud Posture Management
Identification of changes made to cloud configuration through service provider APIs, including host instances, security groups, IAM policy, and access keys.
Build-time and runtime application security, including developer feedback and live attack detection and blocking.
Real-time, continuous monitoring and protection for Linux and Windows virtual machine workloads.
RESTful APIs and built-in integrations that leverage existing incident response, investigation, and analytics tools.
Container & Kubernetes Security
Detection of risky behaviors, active threats, and configuration issues for containers, container orchestration, and managed container services.
Extend your team’s security expertise and resources with the Threat Stack Cloud SecOps Program℠.
Threat Stack Oversight℠
Reduce mean-time-to-respond with 24/7 monitoring and alert escalation from the Threat Stack Security Operations Center.
Threat Stack Insight℠
Improve your cloud security posture with deep security analytics and a dedicated team of Threat Stack experts who will help you set and achieve your security goals.
Follow along as the Threat Stack Security Team shows how a malicious actor leverages the unique characteristics of the public cloud to launch their attack.
See inside an active cryptomining malware campaign as Threat Stack’s Security Operations Center (SOC) details a recently discovered variant of the Shellbot malware.
Threat Stack offers unique solution packages to meet your cloud security goals.
Trade Up Program
Trade in any competitive solution and receive an invoice credit for current contract towards a Threat Stack plan, a dedicated on-boarding team, and customer service manager.
Compliance for Cloud Workloads
Demonstrate continuous monitoring to auditors with pre-built rulesets and compliance reports that map to major regulatory compliance requirements like PCI-DSS, HIPAA, and SOC 2.
Security for AWS
Integrate Threat Stack with AWS to monitor changes and misconfigurations across multiple accounts and services.
Monitor for anomalous or risky behaviors across host, container, and container orchestration to alert you to signs of compromise.
Detect and remediate vulnerabilities across your infrastructure.
File Integrity Monitoring
Monitor for creates, deletes, opens, and edits to secret files to identify nefarious activity and satisfy compliance requirements.
Correlate security signals across your entire infrastructure stack with flexible built-in integrations, APIs, and data lake integration for SIEM.
Bring Security and DevOps teams together: Deploy in minutes and auto-scale with configuration management tools and Kubernetes to monitor cloud-native resources throughout the build pipeline.
Monitor all of your de-coupled, stateless, polyglot services in a single solution, even when they’re built and deployed in separate pipelines by different teams.
Fargate Security Monitoring
Threat Stack fills the visibility gap for managed container services like AWS Fargate, with process tracking and detailed netflow metadata.
View Resource Center
eBooks & Whitepapers
Customer Case Studies & Testimonials
Cloud security tips, insights, and ideas.
Stay up to date with the latest press releases, news, and events from Threat Stack.
Watch a sophisticated cloud attack and learn the necessary steps to prepare yourself.
Meet the Threat Stack leadership team.
Building a great company starts with building a great team.
55 Summer Street
Boston, MA 02110
Hear what our customers explain how Threat Stack has made them more successful and secure.
Become a Threat Stack Partner.
How can we help you?
Threat Stack offers both technology and services to help you build a robust Cloud Security program. Explore the combinations to find the mix that’s right for your organization.
Security is hard. Security for the cloud is harder. Not all solutions can help meet the requirements of evolving cloud-native architectures, which is why we put together a trade up program to help you switch to Threat Stack while keeping your investment and environment secure.
The Threat Stack Cloud Security Platform monitors your infrastructure for risky behavior and configurations.
Threat Stack offers three different solutions to meet your company’s Cloud SecOps needs. Whether you have an in-house team managing your security alerts or you need support with your monitoring and proactive risk reduction strategy, Threat Stack will help you meet your security goals.
The Threat Stack Cloud Security Platform integrates with AWS APIs to monitor AWS CloudTrail and AWS EC2. Threat Stack CloudTrail monitoring detects suspicious behaviors and changes to configurations. Threat Stack’s EC2 integrations offer visibility into all active EC2 instances.
The Threat Stack Cloud Security Platform monitors user, system, and file activity on the hosts, using a combination of Host Intrusion Detection, File Integrity Monitoring, Vulnerability Assessment, and Threat Intelligence Correlation. Threat Stack offers rulesets to detect risky and suspicious behavior as well as non-compliant activity.
The Threat Stack Cloud Security Platform integrates with Docker to monitor suspicious container behavior or misconfigurations. The platform offers out-of-the box, customizable Docker rulesets for CIS benchmarks and general insecure behaviors.
The Threat Stack Cloud Security Platform monitors Kubernetes for suspicious behavior or misconfigurations. The platform offers an out-of-the box, customizable Kubernetes ruleset.
Threat Stack Application Security Monitoring detects vulnerabilities in code and blocks live attacks in real time, throughout the application development lifecycle from development through production.
Threat Stack offers the ability to store and consume alerts in third-party tools and services. Threat Stack’s Webhook and RESTful APIs give users the ability to build triage and response workflows. Threat Stack also gives users the ability to export all events to an S3 bucket for long-term storage, forensics, or custom reporting.
Threat Stack does not limit the number of users who can access the Threat Stack Cloud Security Platform.
A dedicated onboarding specialist will enable customers to use the Threat Stack Cloud Security Platform. This includes deployment assistance, alert tuning, training, and supported integration assistance.
A dedicated customer success manager will serve as an ongoing point of contact and proactively ensure that customers are meeting their cloud security goals.
The Threat Stack Technical Support team is available to answer questions and support customers through technical issues.
A Threat Stack Security Operations Center (SOC) team member will monitor the customer’s Threat Stack Cloud Security Platform for critical alerts.
A SOC team member will investigate alerts and collect customer-specific data.
If an alert is deemed suspicious or risky, a SOC team member will notify the customer of the alert within 24 hours of receiving it and will provide an explanation and recommendations for remediation.
Create and deliver monthly reports using customer data in the areas of, User Access Management Report, Network Behavior Report, CloudTrail Activity Report, File Behavior Report, and Vulnerability Report.
On a monthly basis, a Threat Stack security analyst will provide written recommendations for risk reduction based on reports.
Depending on need, each customer may request a 1 hour call each month to discuss the report, analysis, and recommendations.
Talk to a member of the team to learn more about our plans and offerings.