Saltstack is excited to announce our next major Enterprise release. From day one, SaltStack has strived to introduce feature functionality and new products, each built to improve the lives of ITOps and SecOps teams. This (SaltStack Enterprise 6.3) release represents our biggest advancement to date!. 

SaltStack Enterprise 6.3 focuses on three key areas. 

  • IT Monitoring, Response Automation & UX Improvements
  • Simplify Vulnerability Management Workflows
  • Prioritize Risk-Based Vulnerability Remediation

IT Monitoring, Response Automation & UX Improvements.

We all love to get shiny bits of the latest and greatest software in our hands–it’s an unquenchable thirst! However, when you talk to ITOps teams one quickly realizes the real challenge for any new piece of software lies in the Day 2 operation. This is where the proverbial rubber hits the road.  Operationalizing the software, maintaining it, monitoring it for outages becomes extremely important. If suddenly things stop working for example scheduled jobs start failing or assets go offline, IT teams need to be alerted quickly so that they can react and prevent a broader outage. 

With those challenges in mind, we have added a new SaltStack performance and health dashboard coupled with a Prometheus-compatible metrics endpoint in SaltStack Enterprise (SSE) which allows users to dive into over 25 SSE metrics to satisfy one or more IT monitoring needs. 

Since the endpoint is Prometheus compatible, the data from it can be easily consumed by third party IT monitoring tools such as Splunk, Datadog and many more.

Response Automation with SaltStack Enterprise Splunk Add-On

Monitoring for outages or identifying abnormal activity within the infrastructure is great, but once those events have been identified it’s equally important to take action to resolve those issues. 

Along with the release of Enterprise 6.3, SaltStack has also developed a new Add-On for Splunk Enterprise which is available on Splunkbase. The new Splunk add-on not only ingests and reports all the metrics listed above but also facilitates the ability to take automated actions based on a specific Splunk event. 

Users can now save an alert in Splunk, and leverage the “Add Action” capability in Splunk to trigger an action against SSE. 

For example, let’s assume one of the systems is making suspicious outbound requests, and you want to quarantine or shut down the system. You can quickly accomplish that by configuring a SaltStack Alert Action in Splunk. 

Thanks to this new add-on, Splunk users have access to all the power of SaltStack under their fingertips.

Simplify Vulnerability Management Workflows

Since launching SaltStack Protect last year, our focus has been to simplify the vulnerability management workflow between Security and ITOps teams. In the last release, we shipped file-based integration with Tenable so that users can import vulnerability scan results in .nessus format, and remediate with SaltStack Protect. In this release, we are further simplifying the process by providing the ability to download the vulnerabilities directly over the API.

SaltStack is also extending support to all the other major vulnerability management solutions such as Qualys, Rapid7 and KennaSecurity in SaltStack Protect.

Prioritize Risk-Based Vulnerability Remediation

Over the last few years, one thing that has become clear is that not all vulnerabilities are created equal. A CVSS score for a CVE, although important, only represents the technical risk of the vulnerability but not necessarily the true risk it poses to an organization. 

We all know Ops teams have limited resources and time to patch vulnerabilities so it’s critical that when the patch window opens up, the most severe vulnerabilities are prioritized first for remediation. 

As a result of the above challenges, the industry is moving towards a risk-based vulnerability management approach where additional factors such as importance of the asset, ease of exploitability and age of the vulnerability are taken into consideration to better determine the true risk. 

KennaSecurity and more recently Tenable with their addition of Vulnerability Priority Rating VPR score have come up with solutions to address this problem. 

SaltStack Protect directly integrates with these solutions and after importing vulnerabilities displays the risk score to help prioritize which vulnerabilities to patch first. 

Let’s Do This!

Get access to SaltStack Enterprise 6.3 and experience the power for yourself.

Check us out on TheHacks Podcast in June. Tom Hatch, Jimmy Chunga, and I will be discussing our latest release in detail on the podcast. 

Finally, don’t forget to watch the SaltStack webinar with KennaSecurity where we discuss risk-based vulnerability management with KennaSecurity and fast, automated remediation with SaltStack Protect.