Review: Protecting multi-cloud environments with Threat Stack

Because it's intended for use in environments that require constant uptime, Threat Stack simply concentrates on the detection aspect of cybersecurity, alerting admins when suspicious activity is spotted.

With a large number of organizations moving their data and applications to the cloud, there is an acute need for a platform designed to natively detect malicious activity occurring there without hindering the underlying network or the business functions that rely on it. The Threat Stack Cloud Security Platform was made to fill that need.

At first glance, Threat Stack may seem a lot like security programs designed to protect traditional hardware. There is even a colorful dashboard showing things like the percentage of the network that is protected by Threat Stack agents and security events ranked by severity. This makes the platform look at bit like a security information and event manager (SIEM) designed to work in the cloud, but most similarities end there.

Threat Stack Dashboard John Breeden II / IDG

The Threat Stack dashboard shows suspicious events occurring in your cloud instances, ranked by severity.

As deep as Threat Stack goes on detection, there is no ability to stop suspicious activity, quarantine clients or anything like that, which is intentional because it is designed to be deployed to protect things like ecommerce applications in the cloud that might process millions of dollars in business every hour. The idea is that anything that could disrupt operations might bring a multimillion-dollar operation to a halt, so Threat Stack takes no chances and simply concentrates on the detection aspect of cybersecurity. That may seem counterintuitive compared with most security mindsets, but it’s attractive in environments that require constant uptime, no matter what.

The platform can be installed in any cloud environment, including public, private, community, hybrid, and container based. It also works in multi-cloud environments. It is compatible with every major cloud provider. We even placed it at the core of a Docker environment, and every container spawned from there had an agent go live at creation.

To continue reading this article register now

Microsoft's very bad year for security: A timeline