Threat Stack Solution Tiers

The Threat Stack Cloud Security Platform integrates with AWS APIs to monitor AWS CloudTrail and AWS EC2. Threat Stack CloudTrail monitoring detects suspicious behaviors and changes to configurations. Threat Stack’s EC2 integrations offer visibility into all active EC2 instances.

The Threat Stack Cloud Security Platform monitors user, system, and file activity on the hosts, using a combination of Host Intrusion Detection, File Integrity Monitoring, Vulnerability Assessment, and Threat Intelligence Correlation. Threat Stack offers rulesets to detect risky and suspicious behavior as well as non-compliant activity.

The Threat Stack Cloud Security Platform integrates with Docker to monitor suspicious container behavior or misconfigurations. The platform offers out-of-the box, customizable Docker rulesets for CIS benchmarks and general insecure behaviors.

The Threat Stack Cloud Security Platform monitors Kubernetes for suspicious behavior or misconfigurations. The platform offers an out-of-the box, customizable Kubernetes ruleset.

Threat Stack Application Security Monitoring detects vulnerabilities in code and blocks live attacks in real time, throughout the application development lifecycle from development through production.

Threat Stack offers the ability to store and consume alerts in third-party tools and services. Threat Stack’s Webhook and RESTful APIs give users the ability to build triage and response workflows. Threat Stack also gives users the ability to export all events to an S3 bucket for long-term storage, forensics, or custom reporting.

A dedicated onboarding specialist will enable customers to use the Threat Stack Cloud Security Platform. This includes deployment assistance, alert tuning, training, and supported integration assistance.

A dedicated customer success manager will serve as an ongoing point of contact and proactively ensure that customers are meeting their cloud security goals.

A Threat Stack Security Operations Center (SOC) team member will monitor the customer’s Threat Stack Cloud Security Platform for critical alerts.

A SOC team member will investigate alerts and collect customer-specific data.

Create and deliver monthly reports using customer data in the areas of, User Access Management Report, Network Behavior Report, CloudTrail Activity Report, File Behavior Report, and Vulnerability Report.

On a monthly basis, a Threat Stack security analyst will provide written recommendations for risk reduction based on reports.