Nov 19, 2019 SOURCE: PR NewsWire

New SaltStack SecOps Products Automate Vulnerability Remediation and Continuous Security Compliance

LEHI, Utah, Nov. 19, 2019 /PRNewswire/ -- SaltStack, the creators of intelligent automation for IT operations and security teams, today announced the general availability of SaltStack Protect for automated discovery and remediation of security vulnerabilities across web-scale infrastructure. SaltStack Protect is a new product now available in the SaltStack SecOps family of products and is additive to SaltStack Comply. SaltStack Comply automates the work of continuous compliance and has been updated with new CIS Benchmark content and a new SDK for the creation of custom security checks.

The SaltStack SecOps product family provides a collaborative platform for both security and IT operations teams to help customers break down organizational silos, offset security and IT skills gaps and talent shortages, and decrease the time required to find and fix critical security vulnerabilities.

"IT security does an excellent job at providing visibility into infrastructure vulnerabilities. But visibility doesn't truly secure infrastructure," said Marc Chenn, SaltStack CEO. "The massive amount of coordination and work required to actually fix thousands of infrastructure security vulnerabilities as quickly as possible is daunting. Vulnerability assessment and management tools require integrated and automated remediation to close the loop on IT security. SaltStack Protect gives security operations teams the power to control, optimize, and secure the entirety of their IT infrastructure while helping teams collaborate to mitigate risk."

While most security products are built to find and prioritize vulnerabilities, SaltStack Protect actually automates the remediation of vulnerabilities by delivering closed-loop workflows that scan, detect, prioritize, and fix critical security threats. These capabilities include:

    --  Native CVE scanning - Scans for both on-prem and cloud systems to detect
        pressing, relevant threats based on more than 12,000 CVEs across
        operating systems and infrastructure.
    --  Intelligent vulnerability prioritization - To assess and prioritize
        threats for remediation, SaltStack collects real-time data on the
        configuration state of every asset in an environment and combines it
        with vulnerability information from SaltStack Protect to accurately
        differentiate vulnerabilities that are exploitable from those that are
        not.
    --  Automated remediation - SaltStack Protect brings the power of automation
        to SecOps teams with an API-first solution that scans IT systems for
        vulnerabilities and then provides out-of-the-box automation workflows to
        remediate them.

Will Gregorian, Addepar CISO, said, "Infrastructure complexity coupled with compliance requirements outpace the ability for the SecOps teams to stay ahead. We need to introduce the best of DevOps in information security to improve and make operations as nimble as possible. Development teams already know collaboration and automation as a force multiplier, the trick is to capture their methodologies in SecOps to advance initiatives. SaltStack SecOps fits nicely in the automation and collaboration narrative that security needs to make continuous infrastructure security compliance monitoring attainable."

SaltStack Comply has been updated in this release with significant new features including new CIS Benchmark content for Windows 2012 R2, Windows 2016, Debian 9 and Ubuntu 18.04, and the much-requested ability to create custom security content. SaltStack Comply includes a new SDK which allows customers to create bespoke content to drive custom vulnerability assessments and remediations.

According to the June 2018 Forrester report, Reduce Risk And Improve Security Through Infrastructure Automation, "With threats at an all-time high, organizations can secure modern infrastructure only through automation. At the same time, the traditional gatekeeper role of I&O must evolve to become a policy enabler to complement and, ultimately, strengthen the work of security professionals."

The report also noted that, "51% of global network security decision makers reported at least one breach in the past 12 months," and that "automation tools provide a level of standardization across environments that was previously unachievable manually."

SaltStack SecOps products are built on SaltStack Enterprise delivering a single platform for frictionless collaboration between security and IT teams. As a result, users of SaltStack SecOps products have reported a 95 percent decrease in the time required to find and fix critical vulnerabilities. While traditional security scanning tools can report reams of vulnerabilities that operations teams must investigate, prioritize, test, fix, and then report back to security, SaltStack eliminates nearly all of the manual steps typically associated with vulnerability remediation, potentially saving customers millions of dollars in time, resources, and redundant tools that do little to harden systems and protect against critical vulnerabilities and devastating exploits.

SaltStack set out to make the power of SaltStack event-driven automation and orchestration available to all security and IT professionals. It is now used by tens of thousands of IT operations, DevOps and site reliability engineering organizations around the world to control everything from a simple IoT devices to extremely complex, hyperscale infrastructure powering businesses such as IBM Cloud, eBay, and TD Bank.

SaltStack Comply and SaltStack Protect are now available via subscription. For more information or to schedule a demo, click here.

Additional resources:

    --  Try SaltStack SecOps now with this hosted tutorial
    --  Request a demo of SaltStack SecOps
    --  Read the Forrester report, "Reduce Risk And Improve Security Through
        Infrastructure Automation"

About SaltStack

SaltStack® intelligent IT automation software is used to help the largest businesses in the world manage and secure their digital infrastructure. Known for its powerful event-driven infrastructure automation engine, SaltStack is designed to control, optimize, and secure the inherent complexity of Web-scale while providing efficient, collaborative solutions for ITOps, SecOps, NetOps, and DevOps teams. https://www.saltstack.com

View original content:http://www.prnewswire.com/news-releases/new-saltstack-secops-products-automate-vulnerability-remediation-and-continuous-security-compliance-300961135.html

SOURCE SaltStack

Related News

Information Security Forum Launches Threat Horizon 2022

RunSafe Security Appoints Veteran Security Experts to Technical Advisory Board

SaltStack Enterprise 6.3 Improves IT Monitoring Capabilities, Vulnerability Management Workflows, and Risk-based Vulnerability Remediation

Fortress Information Security Adds New Partner In Securing U.S. Power Grid

Securly Announces Completion of SOC 2 Type 1 Audit Certification

Crunchy Data PostgreSQL Security Technical Implementation Guide Now Available

Defense Information Systems Agency Releases VMware NSX® Security Technical Implementation Guide

Harold Gonzalez Named loanDepot Chief Information Security Officer

View all News

Latest Procurements

Herbicide resistance status of grain and cotton cropping regions - strategic insights for RDE

Market Sounding - Defence Infrastructure Panel – Construction Major Works

To assist the Commonwealth of Australia (Commonwealth), represented by the Department of Defence, in considering the potential establishment of a standing offer for the undertaking of major construction works described...

LONG TERM COMMONWEALTH LEASE IPSWICH QLD AND SURROUNDING AREAS

Exceptional Leasing Opportunity COMMONWEALTH LEASE

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

Steadicopter Ltd.

Equipaer Industria Aeronautica Ltda.

Arabian Contracting Company Ltd (TIG Group)

View All Companies