SecOps Solutions

Automated IT Security Remediation at Scale

SaltStack SecOps harnesses event-driven automation technology to deliver full-service, closed-loop automation for IT system compliance and vulnerability remediation.

“SaltStack forms the basis of a comprehensive audit, remote execution, configuration management, patch, and baseline enforcement suite for the IBM Cloud network. This has replaced several disparate legacy tools with a single command and control layer that allows us to automatically roll out new security policies and quickly react to any new security threats. Problem scoping, mitigation, and audit is done in hours rather than weeks across our network.”

Brian Armstrong, Network Engineering Executive, IBM Cloud Get the case study
SaltStack Define


Build custom policies with industry-standard compliance profiles, such as CIS and DISA STIGS, then apply them automatically across your digital footprint.

SaltStack Detect


Run continuous, item-level checks to locate vulnerabilities and non-compliant systems or applications anywhere in your environment.

SaltStack Enforce


Use autonomous policy enforcement to fix violations automatically. Or kick off a remediation workflow so your teams can flag and prioritize issue resolution.

Powerful products to secure IT

S Protect white

Active vulnerability remediation

SaltStack Protect actively ingests vendor CVE advisories, builds scans and remediation workflows to address them, and delivers this security content to customers as a service. Security and operations teams can then use SaltStack configuration automation to check installed package versions on all systems, identify vulnerabilities, and install patches to remediate them.


Operating systems:

  • Red Hat
  • CentOS
  • Ubuntu
  • Oracle Linux
  • New content added daily



  • 25+ public cloud providers
  • VMware
  • Private cloud
  • On-prem

Read the solution guide

S comply white

Continuous compliance

SaltStack Comply includes access to a live and growing repository of industry-standard compliance profiles. Each profile includes hundreds of up-to-date issue scans, descriptions, and automated remediation actions. Users can also create jobs for review and approval before changes are executed. SaltStack integrates with third-party systems like ServiceNow for change tracking and reporting.


CIS Certified content for:

  • RHEL 6, 7
  • Centos 6, 7
  • Debian 9
  • Ubuntu 16.04 (coming soon), 18.04
  • Windows
  • New content added regularly


Reference mapping to:

  • National Institute of Standards and Technology (NIST)
  • Industry specific profiles, such as PCI and HIPAA

Read the solution guide

Know your IT security posture

No two corporate security policies are the same. Build custom security profiles with content from CIS, NIST, DISA STIGS, and vulnerability databases. Quickly scan your systems to understand where you’re at risk and how to prioritize remediation.

Take action with automated remediation

Remediation for compliance issues or vulnerabilities can be performed automatically or on a schedule. You maintain complete control of exactly what gets remediated, and when. SaltStack also integrates with existing change management processes in ServiceNow, Jira, and others.

Create audit-ready compliance reports

SaltStack SecOps keeps a complete record of your system compliance and provides native reports that can be shared with auditors or IT leadership. Data can also be exported as JSON, making it simple to create charts and reports in third-party BI tools.

API first for flexible management

SaltStack SecOps is an API-first platform that can be managed through an intuitive user interface or directly via API endpoints. SaltStack also includes role-based access controls so everyone on the team can utilize powerful automation within scope.

S Enterprise page
Remediate confirmation
SecOps Demo Remediated
S Enterprise job details

Ready to learn more?

Get the white paper