DEVOPSdigest

Threat Stack announced enhancements to its integration framework to enable deep security insights and continuous improvement across Security and Operations teams.

The framework expands Threat Stack’s existing integrations with Slack, VictorOps, and PagerDuty to security analytics and SIEM platforms like Splunk, Sumo Logic, and Graylog to unify security and operations teams and enable proactive, automated cloud security management.

The Threat Stack integration framework is powered by a combination of RESTful APIs and Webhooks to allow customers to consume the rich, context-driven information from Threat Stack in a variety of use cases for alert, event, vulnerability, and threat analytics. It also allows customers to drive notifications and remediation workflows via integration with systems like OpsGenie, Jira, GitLab, and more.

“Threat Stack has always provided unprecedented data and context for customers to respond to security incidents,” said Aditya Joshi, Threat Stack EVP of Products and Technology. “The data-rich insights enabled by our enhanced integrations allow Security teams’ value to shift from point-in-time reaction to proactive risk reduction with powerful analytics that highlight patterns and trends across their environments. We’ve seen customers realize this value in how they understand and communicate risk across their own organizations and to their customers.”

The Threat Stack integration framework allows DevOps teams to build custom workflows based on security alerts, while security teams benefit from the combination of Threat Stack data with feeds to tools and services like Splunk, Graylog, Sumo Logic, AWS S3, and Glacier. Several Threat Stack customers are using the integration framework for a wide variety of use cases.

- Enabling Frictionless SecOps with OpsGenie Integration – With Threat Stack integration, OpsGenie acts as a dispatcher for alerts, determining the right people to notify based on on-call schedules, notifying them using email, text messages (SMS), phone calls, and iPhone and Android push notifications, and escalating alerts until the alert is acknowledged or closed. This allows operations teams to monitor Threat Stack alerts in the same place they’re already working, saving them time, while decreasing the likelihood they’ll miss something important that could cause a breach.

- Improving Security Posture with SIEM Integration – Beyond the insight Threat Stack provides into cloud infrastructure where it is deployed, Threat Stack data also can be used to enhance and provide context to other feeds. For example, combining Threat Stack data with Guard Duty in a SIEM provides valuable user and application context for network events that the SIEM receives.

- Driving Security Prioritization through Security Orchestration with Graylog Integration – Threat Stack leveraged its own integration framework to develop an internal security orchestration application that pulled from Threat Stack data, internal apps, and vendor data sources from operations that extend beyond AWS – aggregating them into Graylog to analyze trends from alert data, and ultimately automate workflows to Ops with security insight. This integration provided enhanced visibility across forensic data to enable Security and Operations teams to drive improved security policy.