Available Now

Patch Management.
Vulnerability Detection.
Compliance Automation.

TridentStack Control

One platform for OS updates, application patches, CVE scanning, and security compliance. One agent, one price, every feature included.

200 endpoints free forever. No credit card required.
Get Started FreeView Documentation
TridentStack Control - Dashboard
Agents
-0 online
Compliance
-
Updates
-0 critical
Vulns
-0 high
Live Activity
Waiting for agent connections...
Compliance
CIS, DISA STIG, Microsoft
Comprehensive
Application Catalog
Real-Time
Vulnerability Detection
Lightweight
Minimal resource footprint

Patch. Detect. Comply. Control.

OS updates, application patches, vulnerability scanning, and compliance tracking in one platform.

Patch Management

Unified update management with intelligent applicability filtering, approval workflows, and phased deployments.

  • Intelligent applicability filtering per endpoint
  • Supersedence tracking and automatic cleanup
  • Deployment rings for phased rollouts
  • Pre-staging for scheduled deployments
  • CVE enrichment and security metadata
System Updates
3 pending
KB
Title
Status
Release
CVEs
KB5044284
Cumulative Update for Windows 11 23H2
Pending
Jan 9
12
KB5044285
Security Update for .NET Framework 4.8
Pending
Jan 9
3
KB5041587
Cumulative Update for Server 2022
Pending
Jan 7
8
KB890830
Malicious Software Removal Tool
Installed
Jan 7

3rd Party Application Updates

Unified management of third-party applications with package manager integration and version targeting.

  • Comprehensive application catalog
  • Silent deployment with progress tracking
  • Version targeting and pinning
  • Configuration profiles per endpoint group
  • Application inventory and compliance
Application Updates
8 Enabled
Application
Version
Strategy
Status
Google Chrome
Google Chrome
121.0.6167
Latest
Mozilla Firefox
Mozilla Firefox
122.0
Offset -1
7-Zip
7-Zip
24.09
Pinned
Adobe Reader
Adobe Reader
24.001
Latest

Vulnerability Detection

Automatic CVE detection across your fleet with severity-based prioritization and compliance tracking.

  • Automatic CVE detection across your fleet
  • CVSS scoring and severity prioritization
  • CIS and DISA-STIG compliance frameworks
  • Exception management with expiration
  • Fleet-wide vulnerability dashboard
Vulnerabilities2 KEV
Critical: 8High: 14Medium: 23Low: 12
CVE
Status
CVSS
Software
Agents
CVE-2024-50201KEV
Critical
9.8
Adobe Reader 24.001
12
CVE-2024-49138KEV
High
7.8
Windows Common Log
47
CVE-2024-43451
High
7.5
NTLM Hash Disclosure
35
CVE-2024-38812
Medium
5.9
VMware vCenter
3

Network Exposure Monitoring

Real-time visibility into listening ports, firewall state, and network attack surface across your endpoints.

  • Listening port discovery with service identification
  • Risk assessment based on port, exposure, and process
  • Firewall state correlation per port
  • Process verification with digital signature checks
  • Port change history and timeline tracking
Network ExposureFirewall Enabled
23 listening8 exposed2 high risk12 events (24h)
Port
Exposure
Firewall
Service
Process
Risk
3389TCP
LAN
Allow
Remote Desktop
svchost.exe
High
445TCP
LAN
Block
SMB
System
Info
5985TCP
LAN
Allow
WinRM
svchost.exe
Medium
135TCP
Localhost
Block
RPC Endpoint
svchost.exe
Info

Policy Management

Deploy configuration policies directly to endpoints through the agent. No domain dependency required.

  • Extensive policy settings catalog
  • Web-based configuration UI
  • Works without Active Directory
  • Policy versioning and rollback
  • Enforcement verification and compliance
Policy Objects
4 policies
Policy Name
Settings
Assigned
Status
Edited
Default Security Baseline
47
128
Enabled
2h
Workstation Hardening
32
85
Enabled
1d
Server Configuration
28
23
Enabled
3d
Development Endpoints
15
12
Disabled
1w

Compliance Framework Management

Continuously evaluate your fleet against industry-standard security baselines. Track compliance scores, identify gaps, and get actionable remediation guidance.

  • CIS Benchmarks (Level 1 & Level 2)
  • DISA STIG baselines
  • Microsoft Security Baselines
  • NIST framework controls
  • Automated baseline sync from authoritative sources
  • Control-level exemption management with audit trails
Compliance Overview
78%
+0%
142 Agents Evaluated
Framework
Score
Passed
Failed
Trend
CIS Windows 11 Enterprise v3.0
78%
156
44
DISA STIG Windows 11
65%
260
140
Microsoft Security Baseline
98%
49
1
NIST 800-53 Controls
72%
216
84

Frequently asked questions

What operating systems does TridentStack Control support?

TridentStack Control supports Windows 10, Windows 11, and Windows Server 2012 R2 through Windows Server 2025 on the Windows side. The Linux agent supports Debian-based distributions including Ubuntu and Debian, with native apt and dpkg integration in the initial release.

Does TridentStack Control replace WSUS or Intune?

Yes. TridentStack Control replaces WSUS for native Windows update delivery and replaces Intune for patch management, vulnerability detection, compliance baselines, and policy management. It also covers Linux patching and third-party application updates in the same product, which neither WSUS nor Intune address natively.

Does TridentStack Control require Active Directory?

No. TridentStack Control was designed to deliver policy management without Active Directory. The agent can be deployed to domain-joined or workgroup endpoints, and policies are enforced through the agent regardless of directory state.

How does TridentStack Control detect vulnerabilities?

The agent reports a full software inventory including registry-installed applications, package manager state, and OS update history. TridentStack Control matches that inventory against an enriched CVE catalog with CVSS scoring, applies severity prioritization, and surfaces a fleet-wide vulnerability dashboard with exception management and expiration.

What compliance frameworks does TridentStack Control support?

TridentStack Control ships compliance baselines for CIS Benchmarks Level 1 and Level 2, DISA STIGs for Windows, Microsoft Security Baselines, and NIST framework controls. Each baseline produces an automated score with trend tracking and per-control evidence.

How do deployment rings work in TridentStack Control?

Deployment rings allow phased rollout of approved updates. Updates progress through canary, expanding, and complete phases with configurable cohort sizes and auto-promotion criteria. Each ring has its own reboot policy, service-restart behavior, and Linux kernel-update handling so rollouts can be paced safely.

How much does TridentStack Control cost?

Every tenant gets 200 endpoints free forever. Beyond that, TridentStack Control is $5 per endpoint per month with all features included. There are no feature tiers and no enterprise sales gate. Annual billing saves about two months. Fleets of 1,000 or more endpoints get custom pricing.

Is TridentStack Control multi-tenant for MSPs?

Yes. TridentStack Control supports MSP-style multi-tenant management. Each managed customer is an isolated tenant, and MSP technicians can switch between tenants from one console.

How does TridentStack Control compare?

Honest, side-by-side comparisons against the platforms TridentStack Control replaces.

vs Microsoft
Compare with WSUS
vs Microsoft
Compare with Microsoft Intune
vs PDQ
Compare with PDQ Deploy
See all comparisons →

Ready to Take Control?

200 endpoints free forever. No credit card required. Deploy your first agent in under 5 minutes.

Get Started Free