Automated IT Security Remediation at Scale

SaltStack SecOps harnesses event-driven automation technology to deliver full-service, closed-loop automation for IT system compliance and vulnerability remediation.

SaltStack forms the basis of a comprehensive audit, remote execution, configuration management, patch, and baseline enforcement suite for the IBM Cloud network. This has replaced several disparate legacy tools with a single command and control layer that allows us to automatically roll out new security policies and quickly react to any new security threats. Problem scoping, mitigation, and audit is done in hours rather than weeks across our network.

Brian Armstrong, Network Engineering Executive, IBM Cloud
SaltStack Define


Build custom policies with industry-standard compliance profiles, such as CIS and DISA STIGS, then apply them automatically across your digital footprint.

SaltStack Detect


Run continuous, item-level checks to locate vulnerabilities and non-compliant systems or applications anywhere in your environment.

SaltStack Enforce


Use autonomous policy enforcement to fix violations automatically. Or kick off a remediation workflow so your teams can flag and prioritize issue resolution.

Escape Compliance Hell

Security and IT operations teams must work together to keep digital infrastructure compliant and secure, but efforts are often hampered by disparate toolsets, misaligned workflows, and competing priorities. It’s time for change.

Download the SecOps White Paper

Harmony between security and IT

SaltStack SecOps delivers full-service, closed-loop automation for compliance and security. Finally, security and operations teams can work together to define compliance policy, scan all systems against it, detect issues, and actively remediate them—all from a single platform.

An actionable library of compliance profiles

SaltStack SecOps includes access to a live and growing repository of standard compliance profiles. Each profile includes hundreds of up-to-date issue scans, descriptions, and automated remediation actions. Available profiles include:

  • Center for Internet Security (CIS)
  • DISA Security Technical Implementation Guide (STIG) [Coming Soon]

Reference Mapping to:

  • National Institute of Standards and Technology (NIST)
  • Industry-specific profiles, such as PCI and HIPAA

Real, automated remediation

SaltStack SecOps can automatically remediate policy violations detected anywhere in your systems. It can also create jobs for review and approval before changes are executed. SaltStack SecOps integrates with third-party systems like ServiceNow for change tracking and reporting.

Build policies fit for your business

There’s no such thing as a one-size-fits-all corporate security policy. SaltStack SecOps offers complete policy customization. Create custom checks, turn off irrelevant pre-built checks, or create exemptions and rules for specific machines as needed.

Know your IT security posture

No two corporate security policies are the same. Build custom security profiles with content from CIS, NIST, DISA STIGS, and vulnerability databases. Quickly scan your systems to understand where you’re at risk and how to prioritize remediation.

Take action with automated remediation

Remediation for compliance issues or vulnerabilities can be performed automatically or on a schedule. You maintain complete control of exactly what gets remediated, and when. SaltStack also integrates with existing change management processes in ServiceNow, Jira, and others.

Create audit-ready compliance reports

SaltStack SecOps keeps a complete record of your system compliance and provides native reports that can be shared with auditors or IT leadership. Data can also be exported as JSON, making it simple to create charts and reports in third-party BI tools.

API first for flexible management

SaltStack SecOps is an API-first platform that can be managed through an intuitive user interface or directly via API endpoints. SaltStack also includes role-based access controls so everyone on the team can utilize powerful automation within scope.