Threat Stack Announces Context Enrichment for AWS EC2 Instances

Published February 02, 2021


Suzanne DuLong
VP, Investor Relations
(206) 272-7049

Holly Lancaster
WE Communications
(415) 547-7054

Now enriching host OS and container events with EC2 metadata to reduce MTTD and MTTK

BOSTON — Threat Stack, the leader in cloud security and compliance for infrastructure and applications, today announced new capabilities that help security teams quickly detect and remediate threats in cloud infrastructure.

Threat Stack now enriches Linux host and container events in real time with EC2 metadata like VPC, security group, and DNS names. This added data allows customers to build targeted, infrastructure-aware rules, and machine learning models that dramatically reduce false positives and reduce alert investigation time to minutes.  

By correlating workload events with cloud trail events in the Threat Stack Cloud Security Platform, Threat Stack customers will also be able to more rapidly identify threats that span multiple layers of cloud infrastructure.  

Finally, enriching workload events with EC2 metadata further informs ThreatML, Threat Stack’s machine learning engine that collects, normalizes, and analyzes over 60 billion events per day from customer cloud infrastructure. Threat Stack combines the anomaly detection from ThreatML with a pre-built and configurable ruleset to detect both known and unknown threats in real time. 

“With insight into every layer of cloud infrastructure, Threat Stack already had the most in-depth and broad security telemetry in the industry today,” said Brian Ahern, CEO, Threat Stack. “The addition of EC2 metadata to our security telemetry is a huge win for our customers as it enables security teams to further reduce their mean-time-to-know and get back to focusing on proactive security faster.”

To learn more about this release and how Threat Stack leverages the industry’s most advanced cloud security telemetry visit our blog

Threat Stack is now F5 Distributed Cloud App Infrastructure Protection (AIP). Start using Distributed Cloud AIP with your team today.

About F5

F5 is a multi-cloud application services and security company committed to bringing a better digital world to life.​​​​​​​ F5 partners with the world’s largest, most advanced organizations to secure and optimize every app and API anywhere—on premises, in the cloud, or at the edge. F5 enables organizations to provide exceptional, secure digital experiences for their customers and continuously stay ahead of threats. For more information, go to (NASDAQ: FFIV)

You can also follow @F5 on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies. F5 is a trademark, service mark, or tradename of F5, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.