Threat Stack Reviews & Product Details

Threat Stack provides automated and human monitoring of our AWS environment, eliminating the burden on our side. Review collected by and hosted on G2.com.

UI and searching could be improved as they are a little rough around the edges; however Threat Stack is aware and actively working to improve the platform. Review collected by and hosted on G2.com.

The color coordination! Easy for the eyes. Especially on how we can distinguish based off color of the type of Sev if either sev 1, sev 2, or sev 3 within alerts tab. Along with that the dashboard tab is very very easy to understand on whats going on. Review collected by and hosted on G2.com.

It just took time to get used to using the UI. Within the events tab it was first a bit hard to notice the parameters since it is in light colors, the ones that im talking about are: servers,argument,pid,command, etc. Not sure if this functionality is already there, but when viewing an alert in group view and then I click "select all", is there a way to suppress all alerts. As of now looks like we'd have to do one by one. For the dashboard tab, there is a lot of white space. Maybe we can use more of that white space to add more helpful analytics. Review collected by and hosted on G2.com.

One of the best parts of using Threatstack has been the customer care team. They've been very diligent listening to our feedback and addressing it. They continually monitor and tune our alerts, alleviating some of that burden.

Kubernetes support has been good; the agents are very easy to deploy in our clusters.

The default rulesets are pretty comprehensive, although they require extensive tuning to filter out the noise.

We've seen steady improvement of the product over time. Even as I was writing this review, I was navigating around the product and found that some issues we used to have had been resolved. One good example of this was with CVE handling. It used to be impossible to see which CVEs had a matching security notice. Now I see that you can sort by whether a vulnerability has a security notice, making it much easier to find actionable CVEs.

The monthly wrap-up report and video call we do has been helpful in surfacing misconfigured services and unusual user behavior. Review collected by and hosted on G2.com.

The web interface can feel clunky at times. Some areas are less polished than others.

A LOT of tuning is required to eliminate noise. We still deal with a number of alerts that aren't actionable, but the Threatstack team continues to work on tuning them.

Being billed by agent hour adds up quickly and incentivizes monitoring the bare minimum number of servers. Also, having a certain allotment of agent hours each year and having to negotiate contract changes if we use more/less is a bit of a hassle. It'd be nicer to just have a flat-rate per agent and get billed for whatever we use each year.

Earlier on, the product had many deficiencies and bugs. Some components were broken, others were just not useful. This has improved over time though! Review collected by and hosted on G2.com.

We're a longtime customer that engaged with ThreatStack when they were a very young company.

Threat Stack aggregates all of our Linux systems-level events and automatically classifies them according to severity (1, 2, and 3). Threat Stack comes with a default rule set that is good, and there is also a set of rules tuned to HIPAA that have helped quite a bit. Additionally, we have written our own rules to reduce the amount of noise from the system. It's easy to create rules. With those rules in place, we only spend about 10 minutes per week looking at the Threat Stack console (two engineers, 5 minutes each). We send Severity 1 Alerts to email and triage those immediately/ad hoc.

We also like the fact that it looks at our systems and rates them for vulnerabilities (CVEs) so that we can keep our systems properly patched.

More recently we've been intrigued by their new machine learning process to identify anomalies (though we're not using that, yet). We also did a test-drive of their service whereby their staff alert us based on their understanding of server behavior: We liked it but we're still just a little too small to justify the expense. We are not yet using their container monitoring, but we will eventually.

We have on occasion used their API, which has been helpful for some specialized data analysis. Review collected by and hosted on G2.com.

One thing we found was that essentially we had to create our own methodology. Twice/week each of two engineers reviews all of our security tools (Threat Stack, AWS cloud monitoring, SumoLogic). We've long felt that ThreatStack should promote a methodology like that -- i.e., how to integrate it into your DevOps flow.

Threat Stack no longer has a Ruby client for the API, mostly because the Ruby "Hawk" authentication scheme is no longer maintained. If you do want to use the Threat Stack API from Ruby, you can use a client I developed (https://github.com/jgn/mini_hawk). Review collected by and hosted on G2.com.

The major upsides of using ThreatStack is increasing insight into any security issues that may exist and you may be unaware of, real time alerting and helping understaffed teams manage security. Monthly insight reports directly from our security team at ThreatStack really help breakdown our overall security posture and where we are at as a company. It has valuable information that we can take and break into individual work items and complete. Review collected by and hosted on G2.com.

There aren't many downsides to using ThreatStack. We have been very fortunate to have them as a true security partner to help us protect our environment and business. We've had a few minor issues with a few version of their agents causing some networking issues on our servers. This issue was mainly due to us using an older version of their agent. They already had a fix in place before we experienced the problem. Review collected by and hosted on G2.com.

Utilizing the service we have been able to incrementally tune and enhance insights using full stack observability. Although we don't always like what we find, we always strive to use the insights to improve our security posture one risk at a time. Gradually we are learning more about the operational behaviors and this more intimate understanding of how engineers get their job done helps us empathize with our colleagues and gradually raise the tide of security culture. Review collected by and hosted on G2.com.

I do wish that we had coverage of network devices, embedded linux, other appliances, etc. Without this coverage we have a full stack view in our AWS environments, but not full environment view when we consider other clouds; which means I have to stitch together other tools, dashboards, and processes for a complete picture. Review collected by and hosted on G2.com.

Threat Stack provides us with a categorization of alerts so that we know whether something is flagged as a CVE concern or a SOC2 concern. From there we can quickly identify what is the highest priority and address it appropriately. Review collected by and hosted on G2.com.

Threat Stack is very thorough in its analysis, and can often alert on items that I might consider a "false positive" for a various reasons. It takes some time to mark those alerts appropriately initially, but once configured correctly it is a powerful platform. Review collected by and hosted on G2.com.

Threat Stack provides us with a top notch compliance and security solution, all at an high level of quality and scale. Review collected by and hosted on G2.com.

In truth, I cannot think of any real dislikes. The Threat Stack team is consistently working to meet our requirements, while also anticipating new needs. Review collected by and hosted on G2.com.

The ability to monitor your cloud environment combined with per-host monitoring provides good overall coverage of potential threats and software vulnerabilities. While ThreatML (Machine Learning) is in a nascent state, I believe ThreatStack will continue to improve its use of ML over time. It is fairly easy to tune alerting to your environment, and Threatstack support is very helpful when it comes to working with rule sets and suppressions. Review collected by and hosted on G2.com.

I would like to see better exportable reporting for Audits. Some alerts are not actionable or cannot be suppressed. Review collected by and hosted on G2.com.

The best part is that with less effort you can implement in any platform (cloud or on-premise). with the most supported Linux distributions. Its support to Docker & Kubernetes also.

And also provides an easy interface for administration. It currently integrated into the app-sec for latest technologies ruby , python & also node js. Many more to go with app-sec monitoring for application security.

It has clear documentation for automation for ts agent implementation through ansible or with a script with . which documentation is available in their git hub.

I did like the quick support in all hurdle times. Review collected by and hosted on G2.com.

Nothing more. wanted to explore threat stack more in app-sec monitoring & integrate all the languages which are most latest technologies. Review collected by and hosted on G2.com.

All of our production applications are hosted with AWS and Threatstack is a cloud native platform designed from the ground up to monitor threats in cloud environments. This includes not only your compute instances, but also the cloud management platform itself. It was fairly easy to deploy and since it is a SaaS we don't have to manage it. With their Oversight service, they act as our SecOps team, monitoring our environment, analyzing events, and escalating to our organization when necessary. Review collected by and hosted on G2.com.

1. I wish they had better reporting capabilities in the tool itself.

2. I would like to see better integration for Windows workloads.

3. For compliance purposes, it would be nice if there was an option to store all events for 1 year in the tool itself. Review collected by and hosted on G2.com.

The product has been excellent and provides us with great insight to the vulnerabilities, exploits and misconfigurations within our environment. The default rule sets have worked well out of the box both for our AWS environment and our Kubernetes environment.

One of the top aspects for our team has been our interactions with our customer support team. They provide actionable items each meeting and clearly have a strong grasp of our environment. Review collected by and hosted on G2.com.

The UI can feel a little clunky at times.

It would be nice if server vulnerabilities found would link to remediation steps within the console without having to go look through the NIST site, possibly even tie directly into a JIRA ticket.

There are some other quality of life improvements but for it's core functionality we are very happy with the product as a team. Review collected by and hosted on G2.com.

Threat Stack's Security Oversight, Insight, and Customer Support teams are top-tier. They are responsive, engaging, and coordinated on all fronts. I sleep with confidence that the data reported from our deployed agents (as well as our audit logs in AWS) are being effectively monitored by capable experts around the clock. Having an external team we can depend on for the triaging and tuning of alerts is particularly valuable for a small team like the one I am a part of. Review collected by and hosted on G2.com.

The Threat Stack platform lacks some "quality-of-life" features that I would like to see. More customizable Slack integration options and better workflows for acknowledging/dismissing alerts are at the top of my list. Review collected by and hosted on G2.com.

ThreatStack has made it incredibly easy for my team to quickly identify security vulnerabilities, keep track of any unwanted accesssion, and enforce compliance across our entire platform. Installing and configuring it on our machines is super painless to automate, it integrates easily with AWS and Slack, making sure that setup is easy and alerts are raised as soon as problems are found. Luckily, it has kept us proactive rather than reactive with respect to security, so we are able to keep our maintenance backlog low and work on further improving our infrastructure. Review collected by and hosted on G2.com.

It would be nice to be able to distinguish which AWS account a server resides in from the Threatstack UI. Other than that minor gripe, it works pretty well for us. Review collected by and hosted on G2.com.

Keeping on top of CVEs is fantastic, there's more open CVEs here than the Linux distro recognizes as needing to be patched. This is a very real picture of exactly how things are. As we've gone along in using Threatstack we're now moving to AWS and having Threatstack deployed there from the very beginning has been useful.

The rulesets are also incredibly useful and the ability to configure custom rules and exceptions is a strength. Review collected by and hosted on G2.com.

The complexity around hosts and ports and appropriately configuring everything to accept some things but not others. Custom rules are very powerful but holy cow it's tedious and feels as though one should be taking a fine grained approach but being a threat stack configuration expert is not a major part of the job. Review collected by and hosted on G2.com.

Setup was very easy (just install an agent on all the instances, and connect cloudtrail, and you start getting a pretty good idea of what is going on in your system. The default alerts are easy to set up, and give you a good starting point. Review collected by and hosted on G2.com.

You will definitely need to tweak the alerts out of the box, or you will get too many false-positives. The process for this is not too cumbersome, though. Review collected by and hosted on G2.com.

I like that we have the option to range between full control and hands-off. If we wanted to step back and let them handle all the monitoring and interpretation, that's an option. If we wanted to do it all and not have any suggestions, that's also fine. We're in between the ranges, but as things get busier I know that I can let them handle the day to day monitoring and will alert me if there's really suspicious stuff. Review collected by and hosted on G2.com.

Some of the alerts were noisy before they suggested suppression rules. It's easy to get lost in all the features, and I bet we're still not making full use of everything. They've been good at reducing the amount of effort it takes though. I can see that not having an idea what to do could be confusing. Review collected by and hosted on G2.com.

I like how simple it is to get up and running. It's great to setup and not have to worry about a complicated configuration process. There is a base set of rules already created and it is fairly simple to implement new rules for instance and Cloudtrail monitoring. Review collected by and hosted on G2.com.

Lack of feature set and log retention. Threatstack is great at having a baseline checks and monitors, but lacks some of the more advanced features. While they claim to have intelligence, there is no way for a user of the platform to view any types of intelligence. Rule creation is a bit tricky when you get into suppressions, there is no way to test a rule in combination with suppressions, you have to test each piece individually and hope it works all together. For the price point, Threatstack only keeps 3 days of logs which is completely useless and you must have a SIEM to forward the logs to in order to keep any sort of record of what is happening on your servers. Review collected by and hosted on G2.com.

Threat Stack's 24/7 SOC, monthly vulnerability and alert analysis, tuning to reduce noise, compliance mapping, and responsive support provide a very cost effective package of security monitoring services. Review collected by and hosted on G2.com.

I have no complaints after a year of use. Review collected by and hosted on G2.com.

It's very easy to deploy. We had difficulties finding an agent that is low overhead and can run in containers and ThreatStack agent runs on our Container-based OS perfectly and provides excellent visibility into Audit events in the system. The rules are categorized into areas to help with Compliance (SOC2, ISO27k, HIPAA, PCI) and there's Configuration Audit option available. ThreatStack SOC oversight helps to filter out the noise and escalate actionable events. Review collected by and hosted on G2.com.

It takes time to tweak the alert rules and suppress noisy false positives. Review collected by and hosted on G2.com.

The way we can write rules and suppressions. Fits to custom needs.

The default rule set helps in customizing them. Review collected by and hosted on G2.com.

Could do better with UI to improve the usability of the tool specially with investigation of alerts and events. Review collected by and hosted on G2.com.

Account managers are highly responsive and security analysts will provide comprehensive analysis of security alerts on request. The Oversight program does remove significant burden from our ops team. Review collected by and hosted on G2.com.

Actually configuring alerts, suppressions and view logs on your own is confusing and not very developer friendly. This issue is avoided if you sign up for one of their managed plans. Review collected by and hosted on G2.com.

Having an actual person looking into our issues and reaching out to us (normally at the same time we are already looking into it) Review collected by and hosted on G2.com.

have had some issues in the past with their older agent causing issues on our linux boxes (resolved now) Review collected by and hosted on G2.com.

Ease of deployment and amofgdfg unt/quality of data being returned by TS agent. Review collected by and hosted on G2.com.

Dashboards is a weak point, while collecting a lot of data, it is not easy to visualize that data. Review collected by and hosted on G2.com.

Threat Stack monitors our security 24/7 freeing our staff to focus on their core competencies. Review collected by and hosted on G2.com.

Threat Stack's vulnerability information relies on software version numbers. This provides an inaccurate assessment for most Linux systems. Review collected by and hosted on G2.com.