Top Rated F5 Distributed Cloud App Infrastructure Protection (AIP) Alternatives
44 F5 Distributed Cloud App Infrastructure Protection (AIP) Reviews
Overall Review Sentiment for F5 Distributed Cloud App Infrastructure Protection (AIP)
Log in to view review sentiment.
A clear and concise dashboard showing alerts related to servers. Being able to see exactly what's going on at a glance is very important for a daily run through potential security issues, and that's exactly what you get with ThreatStack. The system is still very deep, and you are able to drill down easily into detail on issues or potential issues. Review collected by and hosted on G2.com.
It's not simple to remove / snooze not applicable alerts for servers that (for example) had no external access but had out of date packages. You can set this up with rulesets, but then you are hiding issues. Having X high alerts sitting there constantly got me used to seeing red, which wasn't good. This is 100% a "me" thing, and not a reflection on the product. Review collected by and hosted on G2.com.
Graphical interface and app test available and necessary for the protection of the main system. Review collected by and hosted on G2.com.
Problem for application testing and application support. Review collected by and hosted on G2.com.
Threat Stack provides automated and human monitoring of our AWS environment, eliminating the burden on our side. Review collected by and hosted on G2.com.
UI and searching could be improved as they are a little rough around the edges; however Threat Stack is aware and actively working to improve the platform. Review collected by and hosted on G2.com.
The color coordination! Easy for the eyes. Especially on how we can distinguish based off color of the type of Sev if either sev 1, sev 2, or sev 3 within alerts tab. Along with that the dashboard tab is very very easy to understand on whats going on. Review collected by and hosted on G2.com.
It just took time to get used to using the UI. Within the events tab it was first a bit hard to notice the parameters since it is in light colors, the ones that im talking about are: servers,argument,pid,command, etc. Not sure if this functionality is already there, but when viewing an alert in group view and then I click "select all", is there a way to suppress all alerts. As of now looks like we'd have to do one by one. For the dashboard tab, there is a lot of white space. Maybe we can use more of that white space to add more helpful analytics. Review collected by and hosted on G2.com.
One of the best parts of using Threatstack has been the customer care team. They've been very diligent listening to our feedback and addressing it. They continually monitor and tune our alerts, alleviating some of that burden.
Kubernetes support has been good; the agents are very easy to deploy in our clusters.
The default rulesets are pretty comprehensive, although they require extensive tuning to filter out the noise.
We've seen steady improvement of the product over time. Even as I was writing this review, I was navigating around the product and found that some issues we used to have had been resolved. One good example of this was with CVE handling. It used to be impossible to see which CVEs had a matching security notice. Now I see that you can sort by whether a vulnerability has a security notice, making it much easier to find actionable CVEs.
The monthly wrap-up report and video call we do has been helpful in surfacing misconfigured services and unusual user behavior. Review collected by and hosted on G2.com.
The web interface can feel clunky at times. Some areas are less polished than others.
A LOT of tuning is required to eliminate noise. We still deal with a number of alerts that aren't actionable, but the Threatstack team continues to work on tuning them.
Being billed by agent hour adds up quickly and incentivizes monitoring the bare minimum number of servers. Also, having a certain allotment of agent hours each year and having to negotiate contract changes if we use more/less is a bit of a hassle. It'd be nicer to just have a flat-rate per agent and get billed for whatever we use each year.
Earlier on, the product had many deficiencies and bugs. Some components were broken, others were just not useful. This has improved over time though! Review collected by and hosted on G2.com.
We're a longtime customer that engaged with ThreatStack when they were a very young company.
Threat Stack aggregates all of our Linux systems-level events and automatically classifies them according to severity (1, 2, and 3). Threat Stack comes with a default rule set that is good, and there is also a set of rules tuned to HIPAA that have helped quite a bit. Additionally, we have written our own rules to reduce the amount of noise from the system. It's easy to create rules. With those rules in place, we only spend about 10 minutes per week looking at the Threat Stack console (two engineers, 5 minutes each). We send Severity 1 Alerts to email and triage those immediately/ad hoc.
We also like the fact that it looks at our systems and rates them for vulnerabilities (CVEs) so that we can keep our systems properly patched.
More recently we've been intrigued by their new machine learning process to identify anomalies (though we're not using that, yet). We also did a test-drive of their service whereby their staff alert us based on their understanding of server behavior: We liked it but we're still just a little too small to justify the expense. We are not yet using their container monitoring, but we will eventually.
We have on occasion used their API, which has been helpful for some specialized data analysis. Review collected by and hosted on G2.com.
One thing we found was that essentially we had to create our own methodology. Twice/week each of two engineers reviews all of our security tools (Threat Stack, AWS cloud monitoring, SumoLogic). We've long felt that ThreatStack should promote a methodology like that -- i.e., how to integrate it into your DevOps flow.
Threat Stack no longer has a Ruby client for the API, mostly because the Ruby "Hawk" authentication scheme is no longer maintained. If you do want to use the Threat Stack API from Ruby, you can use a client I developed (https://github.com/jgn/mini_hawk). Review collected by and hosted on G2.com.
The major upsides of using ThreatStack is increasing insight into any security issues that may exist and you may be unaware of, real time alerting and helping understaffed teams manage security. Monthly insight reports directly from our security team at ThreatStack really help breakdown our overall security posture and where we are at as a company. It has valuable information that we can take and break into individual work items and complete. Review collected by and hosted on G2.com.
There aren't many downsides to using ThreatStack. We have been very fortunate to have them as a true security partner to help us protect our environment and business. We've had a few minor issues with a few version of their agents causing some networking issues on our servers. This issue was mainly due to us using an older version of their agent. They already had a fix in place before we experienced the problem. Review collected by and hosted on G2.com.
Utilizing the service we have been able to incrementally tune and enhance insights using full stack observability. Although we don't always like what we find, we always strive to use the insights to improve our security posture one risk at a time. Gradually we are learning more about the operational behaviors and this more intimate understanding of how engineers get their job done helps us empathize with our colleagues and gradually raise the tide of security culture. Review collected by and hosted on G2.com.
I do wish that we had coverage of network devices, embedded linux, other appliances, etc. Without this coverage we have a full stack view in our AWS environments, but not full environment view when we consider other clouds; which means I have to stitch together other tools, dashboards, and processes for a complete picture. Review collected by and hosted on G2.com.
Threat Stack provides us with a categorization of alerts so that we know whether something is flagged as a CVE concern or a SOC2 concern. From there we can quickly identify what is the highest priority and address it appropriately. Review collected by and hosted on G2.com.
Threat Stack is very thorough in its analysis, and can often alert on items that I might consider a "false positive" for a various reasons. It takes some time to mark those alerts appropriately initially, but once configured correctly it is a powerful platform. Review collected by and hosted on G2.com.
Threat Stack provides us with a top notch compliance and security solution, all at an high level of quality and scale. Review collected by and hosted on G2.com.
In truth, I cannot think of any real dislikes. The Threat Stack team is consistently working to meet our requirements, while also anticipating new needs. Review collected by and hosted on G2.com.
