SaltStack has partnered with Tenable.io to make it possible to pull vulnerability data into the enterprise edition of its namesake IT automation framework.
In addition, version 6.2 of SaltStack Enterprise now integrates with the IT operations analytics platform from Splunk to make it possible to configure the Splunk Universal Forwarder to index and analyze events generated by the SaltStack framework.
The SaltStack Comply compliance management module has also been updated to include content for Windows Server 2012 and Windows Server 2019 platforms that has been certified by the Center for Internet Security (CIS).
Finally, SaltStack Enterprise 6.2 optimizes communications between the Salt Master and the SaltStack Enterprise Operations Framework by adding an intermediate SQLite database layer to queue events. SaltStack says IT organizations should see 20 times-plus improvement in event processing throughput. SaltStack has also added the ability to forward SaltStack events to any Salt Returner, such as a SQL database or local file, to improve performance and maintain high availability.
Mehul Revankar, a senior product manager for SaltStack, said with this update to the enterprise edition of its open source framework the company is leveraging partnerships to enable IT systems to create closed-looped systems. For example, vulnerabilities identified by Tenable.io now can be automatically remediated using SaltStack Enterprise.
Revankar said the goal is to make it easier for IT teams to create an IT process that can be automated at the push of a button. As IT environments become larger and more challenging to manage, IT organizations will need to automate more processes at scale, he said. To achieve that goal, SaltStack is simplifying the process to connect to a wider range of third-party platforms that house the type of data required to automate a closed-loop process.
Naturally, organizations that have embraced DevOps principles are at the forefront of IT automation. Revankar said that as teams of IT professionals converge to drive DevOps and DevSecOps processes, the greater the willingness to employ IT automation frameworks becomes. The goal is to automate as many processes to inject a level of agility that serves to accelerate the rate at which applications are deployed and updated. The challenge organizations have always faced in IT automation is the time it takes to integrate an IT automation framework with relevant data sources.
Revankar also noted resistance to IT automation among rank-and-file members of the IT operations team is declining as the number of applications that need to be managed increases. Most organizations can’t find or afford to retain enough IT personnel to manage IT operations at the level of scale now required. As such, the need to automate as many rote IT processes as possible has become apparent to all. That’s especially critical in the case of vulnerability management, where the amount of time it takes to patch an application directly correlates to a specific level of risk.
There is, of course, no shortage of options these days when it comes to IT automation frameworks. In fact, the decision concerning which IT automation framework to employ now has as much to do with the number of sources that framework can pull relevant data from as much as it does the reliability of the automated processes that framework enables.