SaltStack adds automatic vulnerability remediation tool to portfolio

Observability, BI, management

IT automation tool provider SaltStack has kicked off its SecOps division by announcing the general availability of SaltStack Protect.

Protect is meant to make the “massive amount of coordination and work required to actually fix thousands of infrastructure security vulnerabilities” less daunting, by throwing some automation into the mix.

To do that, the product ingests vendor CVE advisories and delivers scans and remediation workflows as a service to SaltStack customers. Automatic prioritisation of which issues to tackle first can be realised by feeding the system with real-time data on the configuration state of all assets in a SaltStack environment, which ties it in with the rest of the SaltStack portfolio. 

Most of the steps can run automatically, reducing manual interaction to a minimum which is meant to reduce the time required to find and fix vulnerabilities. According to a canned statement from SaltStack CEO Marc Chenn, “SaltStack Protect gives security operations teams the power to control, optimize, and secure the entirety of their IT infrastructure while helping teams collaborate to mitigate risk.”

While it still remains to be seen how much control security teams are actually going to have with that, policies seem to be available as an option for optimisation. The product page also shows some dialogues implying that interactions, at least in the form of clicking a button to signal consent to remediation steps, haven’t been eliminated completely.

Protect is meant as an addition to SaltStack Comply, the second component of the SecOps division, which also saw an update. The so-called continuous compliance tool now comes with a software development kit that lets users create custom content to drive vulnerability assessments, and remediations. It also contains additional CIS Benchmark content for Windows 2012 R2, Windows 2016, Debian 9, and Ubuntu 18.04.