2018-10-02T19:04:00Z
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
  • 0
  • 11

What needs improvement with Threat Stack Cloud Security Platform?

Please share with the community what you think needs improvement with Threat Stack Cloud Security Platform.

What are its weaknesses? What would you like to see changed in a future version?

8
PeerSpot user
8 Answers
MS
DevSecOps Engineer at Cloudstronaut LLC
Real User
Top 10
2021-04-03T15:35:28Z
Apr 3, 2021

The compliance and governance need improvement. You can have rules that are HIPAA or PCI or CIS compliant, however, we're actually looking for a tool that would do that - something that would act like a compliance dashboard. There's a lot of cool stuff out there right now, however, it's not as automated in the DevSecOps process. Everything is broken out into separate controls. We have Jira and tickets will show or ask for compliance. While the compliance dashboard gets updated, it doesn't necessarily get locked in. While the security orchestrators are actually really interesting, I don't know how they are going to collect all the data and sort of all the compliance and automate client support, and then also remediate everything. There's a little bit of a lag, however, the next step is to get a really mature environment where you literally can just sit in your chair all day and just watch things happen and respond to different alerts and respond to emails and maybe do some coding here and there. That's our goal. We have thousands of servers. We don't want to put on production service. That's the thing. We only put this on productions, running customer data servers. If we were developing infrastructure and we want to run it through a developer and a QA environment, say if there's a potential issue, we're not going to know about the agent until we have it in production. That's one of the things we're looking into.

Search for a product comparison
Skyler Cain - PeerSpot reviewer
Software Development Manager at Rent Dynamics
Real User
2019-04-18T09:59:00Z
Apr 18, 2019

They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter. Even as part of the SecOps Program, that could be helpful; a quick analysis. They're analyzing our whole infrastructure and saying, "You have one VPC and that doesn't make a lot of sense, that should be multiple VPCs and here's why." The architecture of the servers in whatever cloud-hosting provider you're on could be helpful. Other than that, they should continue to expand on their notifications and on what's a vulnerability. They do a great job of that and we want them to continue to do that. It would be cool, since the agent is already deployed and they know about the server, they know the IP address, and they know what vulnerability is there, for them to test the vulnerability and see if they can actually exploit it. Or, once we patch it, they could double-check that it can't be. I don't know how hard that would be to build. Thinking on it off the top off my head, it could be a little challenging but it could also be highly interesting. It would also be great if we could test a couple of other features like hammering a server with 100 login attempts and see what happens. Real test scenarios could be really helpful. That is probably more something close to what they do with the SOC 2 audit or the report. But more visualization of that, being able to test things out on our infrastructure to make sure we can or can't hit this box could be interesting.

Eric Cohen - PeerSpot reviewer
Sr. Director Information and Security for PureCloud at Genesys Telecommunications Laboratories
Real User
2019-03-31T09:41:00Z
Mar 31, 2019

The API - which has grown quite a bit, so we're still learning it and I can't say whether it still needs improvement - was an area that had been needing it. They have just recently come out with new improvements. I'm looking forward to their code analysis, which is coming out as a result of an acquisition they made.

PP
Director of Security at Eventbrite
Real User
2019-03-25T06:49:00Z
Mar 25, 2019

The user interface can be a little bit clunky at times. My enjoyment of the user interface is not 100 percent. We maintain multiple sites, a pre-production site and a production site in different parts of our business. I find myself switching between those sites fairly frequently and I lose track of where I'm at: Am I in the pre-production account or the production account? Sometimes that's a little discouraging. There's a lot of information that needs to be waded through, and the UI just isn't great. They do have a great API. The API has been helpful for us to use as a replacement in many cases for the UI. The reports aren't very good. We've automated the report generation via the API and replaced almost all the reports that they generate for us using API calls instead.

it_user1046712 - PeerSpot reviewer
Security Architect at Conga
Real User
2019-03-25T06:49:00Z
Mar 25, 2019

I would like the following: * Further support of Windows endpoint agents or the introduction of support for Windows endpoint agents. * The ability to quickly templatize rule sets and share them.

Kevin Johnson - PeerSpot reviewer
Lead Security SRE at InVision
MSP
2019-03-19T10:11:00Z
Mar 19, 2019

The solution’s ability to consume alerts and data in third-party tools (via APIs and export into S3 buckets) is moderate. They have some work to do in that area. I'd like to see more on that side. I'd like to see much better reporting. The API does not mimic the features of the UI as far as reporting and pulling data out go. There's a big discrepancy there. The other thing that would be really great - and I know this is something they might not want to get into as a business, but it's something I'd love to see - would be if we could bring in data from other tools, specifically AWS WAF. If we could bring in data from there, and include that with what they're already collecting, that would be a huge game-changer for us. Finally, container vulnerability assessment is something they aren't doing right now.

Find out what your peers are saying about Threat Stack, Darktrace, Palo Alto Networks and others in Intrusion Detection and Prevention Software (IDPS). Updated: November 2022.
655,711 professionals have used our research since 2012.
Vincent Romney - PeerSpot reviewer
Director of Information Security at Younique Products
Real User
2019-03-17T10:49:00Z
Mar 17, 2019

It certainly has a lot of capabilities and we're not using much of what it can do. That's something that, as we mature as an organization, we'll expand into. The one thing that we know they're working on, but we don't have through the tool, is the application layer. As we move to a serverless environment, with AWS Fargate or direct Lambda, that's where Threat Stack does not have the capacity to provide feed. Those are areas that it's blind to now, so that's the biggest area for improvement. They're currently looking at changing that with an acquisition, but as it stands right now, that's the only spot that I consider weak.

NR
Senior Software Security Analyst at Acquia
Real User
2018-10-02T19:04:00Z
Oct 2, 2018

Firstly, it shoots back a lot of alerts. Secondly, there are some drawbacks which we have found. Sometimes, they say that the servers is down and up, but that thing is not coming up. This happens repeatedly. Thirdly, the solution should have hash calculation. In addition, from a security point of view, they go to file level. That's pretty nice. But they are running completely onto AWS instances and Linux boxes most of the time, so a file can be modified, but what is happening on the process level? That should be the thing on which we should shoot alerts, not on basis of files.

Related Questions
MH
Cloud Solution architect at VaporVM
Jan 21, 2022
Hi community members, I would like to understand if there is an option to customize the dashboard in Threat Stack Cloud Security Platform? Otherwise, I am looking for a platform similar to Threat Stack Cloud Security Platform where dashboards can be customized for the cloud.  Do you have any recommendations?  Thanks
CW
Founder & CEO with 51-200 employees
Feb 11, 2020
I'm building a next-gen AI powered threat intelligence platform and am wondering what features are missing from existing products on the market and how much customers are paying for their security tools. I'm also conducting research on pricing models. What is the preferred method of payment, i.e. based on number of endpoints, storage used, user-based, flat fee subscription based? Thank you ...
2 out of 9 answers
DJ
CEO & Founder at a tech services company with 1-10 employees
Aug 26, 2019
Raffael Marty, Vice President, Forcepoint Research and Intelligence, said: "There is no artificial intelligence in the field of information security, and it is unlikely to be developed in 2019." Most of unsupervised machine learning-based network anomaly detection solution does not provide why the anomaly has been aroused and whether the anomaly is malicious or not. Most of such solution's pricing model is based on number of endpoints but I prefer to have flat fee subscription-based.
ImadTaha - PeerSpot reviewer
Group CIO with 10,001+ employees
Aug 26, 2019
I that feel there are two old problems still there in the market: 1-Vendors don't talk to each other. 2-Whoever is focusing on endpoint is missing the network and human side and the opposite is also true. I love, for example, what Darktrace is doing in the network side and the playback option to know what happened in my network during a long holiday, for example, things will never be caught by a second-generation AV but I need to have a solid 2nd gen. AV besides the total high cost of Darktrace which by the way is worth it for IT pros but not for business owners. We need to have something like virus total but for risks and threats beyond viruses where all vendors work on this and all endpoint customers with different vendors connect to it to be secured.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 3, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 5 Cloud Security Posture Management ...
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Container Security Tools to help y...
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 3, 2022
Top Cloud Security Posture Management Solutions
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
Top 6 Container Security Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Threat Stack, Darktrace, Palo Alto Networks, and more! Updated: November 2022.
DOWNLOAD NOW
655,711 professionals have used our research since 2012.