Vulnerability Assessment

Detect and remediate vulnerabilities across your infrastructure

Book Your Demo

The Threat Stack Difference

Prioritize Remediation
by Risk

Vulnerability Assessment What Happened

The Threat Stack Cloud Security Platform® offers the context you need to help you identify vulnerabilities according to greatest risk, so you can put your developers to-do list in order.

Discover Your True
Vulnerability Attack Surface

Vulnerability Attack Surface

Focus on what matters. The Threat Stack Cloud Security Platform allows you to detect installed packages that are vulnerable and exposing you to risk.

How We Do It

Threat Stack Vulnerability Assessment is one of the many ways that the Threat Stack Cloud Security Platform combines multiple detection and assessment technologies to identify risk across your infrastructure. First, Threat Stack analyzes installed packages in your infrastructure, compares them to the National Vulnerability Database (NVD) and evaluates it against your operating system, and then notifies you about any known vulnerabilities on installed software.

Gain Visibility Into Your Vulnerable Servers

Inventory Your Vulnerabilities by Server

Threat Stack gives you a list of all your running servers and a summary of vulnerable packages on each. You can click on any server to see additional information about vulnerable packages with links to the NVD CVE entry and OS security notices.

Vulnerable Servers

Work Through a Smaller, More Focused List of Vulnerabilities

Many solutions give you a list of vulnerabilities without context, forcing you to hand over a long list of fixes to your Development or Operations teams. In contrast Threat Stack provides the context you need to help sort your vulnerabilities by CVE, attack vector, package, and severity, so your team can focus on the highest severity issues in a way that makes sense to them.

Threat Landscape

Understand Threat Landscape

Threat Stack helps you prioritize fixes by showing you which vulnerable packages are on servers that are online, Threat Stack’s integration with Amazon EC2 allows you to group and filter your infrastructure based on key EC2 properties, like AMI ID and EC2 tags, so can better prioritize risk in the context of your environment.

See the Attack Vector

To help you narrow down even further, Threat Stack also lets you sort by attack vector, such as Local, Network, and Adjacent Network, so you can understand how the vulnerability could be exploited.

Attack Vector
Sort by Severity

Sort by Severity

Finally, Threat Stack lets you sort by the NVD-CVSS score — High, Medium, or Low — so you can see which vulnerabilities have the greatest risk associated with them.

See For Yourself

Book Your Demo