Cloud Security Measurement Gets More Meaningful While Continuous Compliance Gets Real

Cloud Security Measurement Gets More Meaningful While Continuous Compliance Gets Real

There are a lot of things about Public Cloud that makes the job of security professionals really hard, but I prefer to focus on the one thing that has gotten easier. For the first time, the cloud gives you the ability to measure and gather metrics on security and compliance performance. We were never able to do this in traditional data center environments, but the API control plane of the cloud makes this possible.

With today’s release of the Evident Security Platform (ESP), we’re making security performance measurement even more meaningful, while continuing to give organizations the ability to manage the security of their cloud infrastructure in a very agile manner that suits today’s fast-paced development teams.

No More User Attribution Mysteries

The first new feature I want to tell you about is User Risk Attribution. When I think about user attribution, I immediately think of the game of Clue. Before today, the Evident Security Platform was able to inform you if there is a risk, where the risk is, and what it is – but that was the extent of it. Like in the game of Clue, you’d be told that there’s a dead body in the Library – we could tell you there’s a server that has an open firewall in Singapore. The information was useful, and you could resolve the risk – but if you wanted to find out who created the risk, or when and how, you’d have to have an experienced individual spend many hours or even days going through large volumes of logs to correlate the data to discover what happened. It’s just not very effective, and not nearly as fun as the game.

The new User Risk Attribution feature is a powerful big data detective  that will correlate CloudTrail data, and immediately tell you who did what, from where, with the risks that are found in the platform, the actual attack surface or vulnerability that was created and with what resources. Now, the full picture is available, giving ESP users the ability to minimize the time it takes to identify not only what the vulnerability and risk are, but who caused it or introduced it to the environment, and then make very smart incident response decisions based on whodunit. User Risk Attribution capability enables users to determine whether the person is a developer who made an accidental change, if they are uninformed and need to be trained,  if was it somebody who is purposefully creating vulnerabilities or risks in our account for malicious gains, or if someone internally has had their account compromised.

The interesting part about the IP address and user agent is that it tells you how these events are being sourced. You could determine that the IP address that made the particular change came out of North Korea, or some other country that’s blacklisted by the ITAR policy. Without this data the way Evident presents it, it was very difficult to get previously.

Additionally, this now makes every individual on your security team as knowledgeable and qualified as the best-trained individuals. Usually, it takes years or decades of experience to be able to build your repertoire of tools and technologies by which you can collaborate or corroborate these events. Now, even your junior security operations person can instantaneously at-a-glance know who caused a problem and be able to work with that individual to make sure they understand the scope or the risk that they introduced and help resolve it.

Making Continuous Compliance Real

The second big product feature in today’s release is one that’s been often requested and is very important to the entire organization. Compliance is traditionally seen as a very manual, very expensive and very painful process. I think of being on a treadmill or the hamster wheel where year after year, right near the end of the year, an auditor shows up, and everyone’s head catches fire because they have to stop what they’re doing and cater to this individual who is asking them for lots of data and lots of their time. Ultimately, there’s a better way to do this and to do this through programmatic data gathering and manipulation. It’s exactly what our engineering team put together: one button compliance views.

Continuous Compliance Views will give you a very simple and expedient way to get an assessment of how your environment is measuring up against various industry and enterprise benchmarks. Initially, we’re releasing the Center for Internet Security AWS Foundation Benchmark. This benchmark is dear to us because the team co-authored the benchmark with the CIS, Amazon Web Services, and other major organizations. This benchmark provides a critical security foundation for any organization using AWS, and to support our mission of making the Public Cloud more secure for all, we’re giving every ESP customer free access to this compliance view. With the release of these compliance features, we will continue to roll out new Compliance Views and Reports for NIST 800-53 R4, PCI-DSS 3.2, SOC-2 and HIPAA.

Perhaps for the first time, I’m actually excited about compliance, and I hope that you fire up the CIS AWS Foundations Benchmark view today, and pass every control. If you don’t pass them all, don’t stress, the tool will help guide you through the steps needed to remediate the risks.

Private SaaS Deployment Option

The final feature that’s being released this month, Private SaaS deployment gives customers more deployment options for ESP. While our Software-as-a-Service (SaaS) model satisfies the needs of most of our customers, there are some customers who cannot leverage the SaaS delivery, like Federal customers, who have highly secured computing environments that cannot directly reach the internet. There are also highly-regulated customers, like some banks or financial institutions who prefer not to take on added risk that traditional SaaS creates. Finally, there are organizations which are located outside of the US that want to ensure 100% data sovereignty. These three types of customers will now be able deploy our Private SaaS offering, which allowing them to launch a complete copy of Evident Security Platform inside their controlled Amazon account in their regions.

It has been a very packed few months at while we’ve gotten these features built out and deployed for you, and we’ve got lots of other exciting new features in the works. I can hardly wait to share them with you.

About Tim Prendergast

Tim Prendergast is cofounder and CEO of seeks to help others avoid the pain he endured when helping Adobe adopt the cloud at a massive level. After years of building, operating, and securing services in AWS, Tim set out to make security approachable and repeatable for companies of all sizes. Tim led technology teams at Adobe, Ingenuity, Ticketmaster, and McAfee.

More posts by Tim

Tags: , ,