Threat Stack Reviews
Sep 20 2019
What is most valuable?The most valuable feature is the SecOps because they have our back and they help us with the reports. We jump on calls monthly to set goals and roadmaps internally for how… more»
How has it helped my organization?One of the ways they've improved the way our organization functions is that when we first signed up with Threat Stack, we were just using password authentication. Managing… more»
What needs improvement?They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm… more»
What's my experience with pricing, setup cost, and licensing?What we're paying now is somewhere around $15 to $20 per agent per month, if I recall correctly. The other cost we have is SecOps.
Which solution did I use previously and why did I switch?The SecOps program was the big seller to me, the fact that we would have their help and their support, especially at the time of an incident. That was the biggest deciding… more»
What other advice do I have?I would advise, if you have the funding, that you have a security team. But if you're not going to dump resources into security, you're not going to have a full-on… more»
Which other solutions did I evaluate?We were looking at several different security companies. We were talking to a company called Armor. We were using Datadog for some of it, for what they give you… more»
Mar 25 2019
What is most valuable?We like the ability of the host security module to monitor the processes running on our servers to help us monitor activity. We want to make sure that there are no bad… more»
How has it helped my organization?It provides the security team with visibility into parts of the organization that were otherwise difficult to see into. By installing the agent we can get visibility into… more»
What needs improvement?The user interface can be a little bit clunky at times. My enjoyment of the user interface is not 100 percent. We maintain multiple sites, a pre-production site and a… more»
What's my experience with pricing, setup cost, and licensing?I'm happy with the amount that we spend for the product that we get and the overall service that we get. It's not cheap, but I'm still happy with the spend.
Which solution did I use previously and why did I switch?We used basic auditd. It's an open-source auditing framework for the Linux environment. The main reason for switching to Threat Stack is that, while Threat Stack… more»
What other advice do I have?Understand the types of users and behaviors that you have in your environment and whether it's changing all the time or very static. If it's a highly static environment… more»
Which other solutions did I evaluate?We didn't evaluate too many other options. I had been talking to the Threat Stack team for some time and had known about the product, its features and functionality. We… more»
Find out what your peers are saying about Threat Stack, Palo Alto Networks, Check Point and others in Cloud Workload Security. Updated: January 2020.
390,810 professionals have used our research since 2012.
Mar 25 2019
Ties together containers, Kubernetes, AWS, and instance monitoring, allowing us to take meaningful action
What is most valuable?The endpoint security monitoring, the AWS security monitoring, ties all of these things together in a way that we can make sense of data that, before, wasn't available or… more»
How has it helped my organization?The most important example of how it has improved our organization is that we had a security incident that I can't give you a lot of details around. But about two months… more»
What needs improvement?The solution’s ability to consume alerts and data in third-party tools (via APIs and export into S3 buckets) is moderate. They have some work to do in that area. I'd like… more»
What's my experience with pricing, setup cost, and licensing?It's too expensive, but I'm always going to say that. It is very expensive compared to some other products. The pricing is definitely high.
Which solution did I use previously and why did I switch?We replaced CloudWatch for AWS configuration management with Threat Stack.
What other advice do I have?Build very tight relationships with Threat Stack's sales, engineering, and onboarding teams. That is something that has saved us a good amount of pain. Also, spend a… more»
Which other solutions did I evaluate?We did a demo with Twistlock but we never actually implemented it because we had a ton of problems with it. We used OSSEC for a long time, and Trend Micro on a previous… more»
Apr 01 2019
What is most valuable?The number-one feature is the monitoring of interactive sessions on our Linux machines. We run an immutable environment, so that nothing is allowed to be changed in… more»
How has it helped my organization?We have about 210 microservices that make up our product. There are over 140 developers who have access to production, and they can troubleshoot but they're not allowed to… more»
What needs improvement?The API - which has grown quite a bit, so we're still learning it and I can't say whether it still needs improvement - was an area that had been needing it. They have just… more»
What's my experience with pricing, setup cost, and licensing?I honestly don't know what pricing would compare to, because there wasn't a whole lot on the market at the time. It came in cheaper than Trend Micro when we purchased it a… more»
Which solution did I use previously and why did I switch?We used Trend Micro Deep Security. The issue was a problem in the agent that goes on the servers that was causing our servers to crash. It happened a couple of times and… more»
What other advice do I have?The best way really to demo and implement is to deploy it with the standard rules that come with it and simply monitor the environment for about a month, just to get a… more»
Which other solutions did I evaluate?We looked at was going on with open-source, with OSSEC, and doing it ourselves. That did not prove to be scalable.
Mar 25 2019
Pivotal for SOX and Sarbanes-Oxley compliance as well as security in AWS, but needs work on the application layer side
What is most valuable?It has been quite helpful to have the daily alerts coming to my email, as well as the Sev 1 Alerts. Anything that pops a Sev 1 comes directly to my email. Most recently we started getting those… more»
How has it helped my organization?The capacity to respond to evidence requests from the SOX auditors has significantly improved because of this tool. It has also provided us with the ability to gain actionable insight into our cloud… more»
What needs improvement?It certainly has a lot of capabilities and we're not using much of what it can do. That's something that, as we mature as an organization, we'll expand into. The one thing that we know they're working… more»
What's my experience with pricing, setup cost, and licensing?Pricing seems to be in line with the market structure. It's fine. There's not a problem with it. It seems to fit well within the current pricing structures that are out there.
Which solution did I use previously and why did I switch?I believe the only thing the company used before Threat Stack was the incumbent AWS logging: CloudWatch, CloudThreat, CloudTrail. The switch was made for the ability to have a single pane of glass to… more»
What other advice do I have?One of things that was dropped here that I picked up and have been running with is that Threat Stack should be implemented and comprehensively applied to security for security's sake, as well as for… more»
Mar 25 2019
The dashboard and daily audits of our environments give us a plan of action for items that we may need to remediate going forward
What is most valuable?We enjoy the AWS Config audit within Threat Stack. This allows us to quickly score our AWS accounts against known, good configurations, then receive a letter grade which is easy to understand, as well… more»
How has it helped my organization?Threat Stack allows us to quickly identify public AWS buckets across a large number of accounts, so we can validate what is within those public buckets and should be publicly accessible. That no… more»
What needs improvement?I would like the following: * Further support of Windows endpoint agents or the introduction of support for Windows endpoint agents. * The ability to quickly templatize rule sets and share them.
What's my experience with pricing, setup cost, and licensing?We find the licensing and pricing very easy to understand and a good value for the services provided. Purchase it as soon as you possibly can because the information it provides you is invaluable.
What other advice do I have?The tuning process is easy to use given the preconfigured rule sets which are offered and the flexibility of the API to create more rule sets. It is very easy to silence alerts that you may deem… more»
Which other solutions did I evaluate?We tried a number of internal AWS tools, but that was all. We went with Threat Stack because they provide the benchmarking against industry accepted known, good standards within the cloud. Their… more»
Oct 15 2018
It is a cost-effective choice versus other solutions on the market but has some features that do not work as expected
What is most valuable?The configuration part was pretty easy, because if you're a agent, then you start getting the alert. That is the one thing. Then obviously, like any other SIEM tool, whether it is an install or a… more»
How has it helped my organization?Threat Stack is pretty easy tool because their integration with AWS instances and everything, that's easy. So you build up a Threat Stack server, if you go to their AWS instances one at a time and… more»
What needs improvement?Firstly, it shoots back a lot of alerts. Secondly, there are some drawbacks which we have found. Sometimes, they say that the servers is down and up, but that thing is not coming up. This happens… more»
What's my experience with pricing, setup cost, and licensing?It is a cost-effective choice versus other solutions on the market.
What other advice do I have?An important feature of this solution is monitoring. Specifically, container monitoring.
Which other solutions did I evaluate?We considered McAfee and Trend Micro, but we chose this instead.
User Assessments By Topic About Threat Stack
Threat Stack Questions
What is Threat Stack?
Threat Stack is purpose-built to support organizations running in the cloud and the unique requirements of a cloud-based or hybrid infrastructure. In order to protect your sensitive data (the crown jewels) you need to know who is doing what, where and when – at all times. With continuous cloudand up-to-the-second alerting, you’ll always have the complete visibility you need to detect anomalous activity and know what occurred immediately.
Threat Stack customers
StatusPage.io, Walkbase, Spanning, DNAnexus, Jobcase, Nextcapital, Smartling, Veracode, 6sense
An important feature of this solution is monitoring. Specifically, container monitoring.
It is scalable. It deploys easily with curl and yum.
Threat Stack has connectivity.
It has been quite helpful to have the daily alerts coming to my email, as well as the Sev 1 Alerts... We just went through a SOX audit and those were pivotal.
We're using it on container to see when activity involving executables happens, and that's great.
Every other security tool we've looked is good at containers, or at Kubernetes, is good at AWS, or at instance monitoring. But nobody is good at tying all of those things together, and that's really where Threat Stack shines.
See more »
There has been a measurable decrease in the meantime to remediation... because we have so many different tech verticals already collated in one place, our ability to respond is drastically different than it used to be.