stackArmor ThreatAlert® is an “in-boundary” general support system (GSS) that meets NIST SP 800-53 and NIST SP 800-171 security, continuous monitoring and incident response requirements. This solution is suitable for commercial and public sector organizations using FedRAMP accredited commercial cloud services that must comply with NIST SP 800-53 or NIST SP 800-171 requirements. Based on our user research and requirements collection for ATO projects we have defined a common set of needs that includes 1) Security technologies & tools, 2) Security control descriptions and System Security Plan (SSP) templates based on NIST SP 800-53/FedRAMP and NIST SP 800-171 standards and 3) continuous monitoring services with ISSO/ISSM support. The stackArmor ThreatAlert® solution can help reduce the authorization and assessment phase by 40-50% for most organizations.
Here are some of the tools that StackArmor leverages to meet DevSecOps requirements and how they meet them:
- Scans your all of your AWS accounts for centralized threat identification.
- Monitors the following:
- Network security
- Personnel activity
- Configuration changes
- Detects deviations from desired states in security, fault tolerance and performance.
- Identity ICAM vulnerabilities
- User friendly GUI to easily browse, filter, search across findings.
- Categorizes all non-compliant findings into individual POA&Ms with recommendations for remediation.
- Can run as a container sidecar for seamless integration with your application.
- Performs a detailed and thorough scan for any known vulnerabilities in your application and operating system packages
- Generates a detailed manifest of your application for easy policy application.
- Ensures sensitive data such as passwords and API keys are not present in container images.
- Fully analyzes Dockerfile to ensure best practices are followed.
- Support for Security Content Automation Protocol (SCAP) and Container configuration policies
- Integrates with Container CI/CD.
- Compatible with Container Orchestration tools such as Docker Swarm and Kubernetes.
- Ingests logging events for all user, network, application and data activities.
- Aggregates and filters logs for transformation into standardized format.
- Assists with detection of advanced persistent threats and forensics.
- Notifies security teams of detected events.
- Capable of automatic remediation of high priority events.
- Improves visibility of system events to reduce downtime and improve customer experience.
- Inspect and block inbound, outbound, and lateral network traffic in real-time
- Deliver scalable performance up to 100 Gbps inspection throughput with low latency
- Drive vulnerability threat prioritization with complete network visibility
- Provide immediate and ongoing threat protection with out-of-the-box recommended settings
- Defends against the latest threats, including ransomware
- Monitors traffic for new vulnerabilities with host-based intrusion prevention filters and zero-day attack monitoring
- Identify configuration vulnerabilities across a wide spectrum of operating systems.
- Built in support for compliance regulations, such as DISA Security Technical Implementation Guides (STIGs), NIST 800-53.
- Provides recommedations for immediate remediation.
- Built-in and extensible database assessment capabilities
- Find the database common security vulnerabilities such as:
- Weak password
- Known configuration risks
- Missing patches
- Structured Query Language (SQL) injection test tool
- Data access control test
- User access control test
- Denial of service test
- Analyze a running application dynamically and can identify runtime vulnerabilities (RASP)and environment related issues.
- Integrates with CI/CD tools for seamless code vulnerability assessments.
- Interactive, Dynamic, and Static Application Security Test capabilities (IAST DAST & SAST).
- Offers recommended remediation for findings.
- Identifies static code weaknesses.