We were looking at several different security companies. We were talking to a company called Armor. We were using Datadog for some of it, for what they give you out-of-the-box. There was one more that we were looking at but I can't remember what it was off the top of my head.

We looked at was going on with open-source, with OSSEC, and doing it ourselves. That did not prove to be scalable.

We didn't evaluate too many other options. I had been talking to the Threat Stack team for some time and had known about the product, its features and functionality. We decided to jump in and make a purchase fairly quickly.

We did a demo with Twistlock but we never actually implemented it because we had a ton of problems with it. We used OSSEC for a long time, and Trend Micro on a previous iteration. We're so picky about the products we choose. We've demoed polls from Palo Alto, Aqua Security, and a bunch of others. I'm having trouble keeping track of all of them. Threat Stack is the one we keep coming back to.

We've gone with Threat Stack for many reasons. It ties together these multiple technology verticals in one pane of glass, and cross-correlates security across those verticals. That's super-important, I can't overemphasize that. That's a big differentiator, as are the ease of deployment, ease of management, the reliability, and support we get. We keep coming back to them because all of our other experiences have had very negative portions to them.

We're paying a lot of money for a product, so we don't want to have to spend more money on infrastructure to support the product. A lot of other vendors require us to build dedicated servers inside our networks. They don't deal well with multi-AWS-account businesses. And the biggest thing is that a lot of products we're seeing in the space are really geared towards enterprises that are going to the cloud for the first time; greenfield-type applications. Threat Stack is flexible enough that it really does well in an environment where a company is already cloud-native. We're SaaS company, our demands are very unique to the SaaS world. We've been on the cloud our entire life. Having a tool that can work within that paradigm, and not necessitate greenfielding everything is super-important.

We tried a number of internal AWS tools, but that was all.

We went with Threat Stack because they provide the benchmarking against industry accepted known, good standards within the cloud. Their continuous audit and monitoring is something that we needed, along with their scoring overtime.

We considered McAfee and Trend Micro, but we chose this instead.