DEVOPSdigest

SaltStack announced the general availability of SaltStack Enterprise 6.0 and the new SaltStack SecOps add-on module for autonomous security policy compliance and vulnerability remediation at scale.

SaltStack SecOps is unique in providing IT operations and security teams with a collaborative, event-driven automation and orchestration platform. SaltStack SecOps scans IT systems against custom or industry standard security policies then automates the remediation of security vulnerabilities associated with misconfigured, non-compliant infrastructure.

From continuous detection to true resolution, SaltStack SecOps delivers natively integrated, fully automated infrastructure security compliance at enterprise scale.

The initial release of SaltStack SecOps helps IT and security teams collaborate to fully automate:

- Policy definition - Build custom policies or utilize industry-certified compliance profiles such as CIS and DISA STIGS.

- Infrastructure scanning - Run continuous, item-level policy checks to locate any non-compliant, misconfigured systems or applications.

- Compliance enforcement - Use autonomous remediation to fix policy violations, or initiate change workflows for issue resolution.

SaltStack SecOps delivers continuous compliance aligned with consensus-based CIS best practice standards and is currently CIS Benchmark certified to assess configuration and compliance of Oracle Linux 7, Red Hat Enterprise Linux 7, and CentOS Linux 7.

SaltStack SecOps can also be used today to scan Docker, Kubernetes, Windows, and many other infrastructure components for policy compliance.

Marc Chenn, SaltStack CEO, said, “Rapidly proliferating exploits, non-stop vulnerabilities, regulatory demands, and infrastructure scale and complexity combine to create a substantial challenge for cybersecurity professionals. SaltStack SecOps is uniquely positioned to help digital business stay ahead of cybersecurity threats by automatically discovering infrastructure vulnerabilities and hardening at-risk systems before it’s too late. SaltStack SecOps is the automation needed to enforce continuous compliance across any enterprise infrastructure.”

SaltStack Enterprise 6.0 is now available via a subscription license based on managed nodes. SaltStack SecOps is an add-on module available to SaltStack Enterprise customers.