SecOps Solutions
Automated IT Security Remediation at Scale
SaltStack SecOps harnesses event-driven automation technology to deliver full-service, closed-loop automation for IT system compliance and vulnerability remediation.

“SaltStack forms the basis of a comprehensive audit, remote execution, configuration management, patch, and baseline enforcement suite for the IBM Cloud network. This has replaced several disparate legacy tools with a single command and control layer that allows us to automatically roll out new security policies and quickly react to any new security threats. Problem scoping, mitigation, and audit is done in hours rather than weeks across our network.”
Brian Armstrong, Network Engineering Executive, IBM Cloud Get the case studyDefine
Build custom policies with industry-standard compliance profiles, such as CIS and DISA STIGS, then apply them automatically across your digital footprint.
Detect
Run continuous, item-level checks to locate vulnerabilities and non-compliant systems or applications anywhere in your environment.
Enforce
Use autonomous policy enforcement to fix violations automatically. Or kick off a remediation workflow so your teams can flag and prioritize issue resolution.
Powerful products to secure IT

Active vulnerability remediation
SaltStack Protect actively ingests vendor CVE advisories, builds scans and remediation workflows to address them, and delivers this security content to customers as a service. Security and operations teams can then use SaltStack configuration automation to check installed package versions on all systems, identify vulnerabilities, and install patches to remediate them.
Operating systems:
- Red Hat
- CentOS
- Ubuntu
- Oracle Linux
- New content added daily
Infrastructure:
- 25+ public cloud providers
- VMware
- Private cloud
- On-prem

Continuous compliance
SaltStack Comply includes access to a live and growing repository of industry-standard compliance profiles. Each profile includes hundreds of up-to-date issue scans, descriptions, and automated remediation actions. Users can also create jobs for review and approval before changes are executed. SaltStack integrates with third-party systems like ServiceNow for change tracking and reporting.
CIS Certified content for:
- RHEL 6, 7
- Centos 6, 7
- Debian 9
- Ubuntu 16.04 (coming soon), 18.04
- Windows
- New content added regularly
Reference mapping to:
- National Institute of Standards and Technology (NIST)
- Industry specific profiles, such as PCI and HIPAA