Verica Launches Prowler Pro Services to Secure AWS Cloud | #cloudsecurity


Verica launched a Prowler Pro service today as part of an effort to make a tool for securing multiple accounts within Amazon Web Services (AWS) environments accessible to a wider range of enterprise IT security and operations teams.

Verica CTO Aaron Rinehart said Prowler Pro makes it easier for anyone to conduct AWS security assessments, audits, incident response, continuous monitoring, hardening, and forensics via a version of the tool that presents a graphical interface. The existing Prowler Open Source tool has a command line interface (CLI) and application programming interfaces (APIs) that are available to and have been employed by DevOps professionals.

Prowler Pro also provides access to more than 220 controls spanning CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and other custom security frameworks.

Toni de la Fuente, founder and technology lead for the Prowler Open Source, said the community will continue to make updates to Prowler Open Source, with the number of checks in its database expected to increase to more than 220. The Prowler Pro edition made available by Verica extends the open source tool using the company’s Continuous Verification platform to continuously uncover system weaknesses and security flaws before they disrupt business outcomes. It also provides access to personalized support and customizable dashboards.

Prowler Pro provides IT teams with a continuous feedback loop through which organizations can ensure that compliance mandates are met by development teams, noted de la Fuente.

The primary issue most organizations encounter with trying to secure any cloud is that cloud service providers require the organization deploying applications on their platforms to be responsible for both application security and the configuration of the infrastructure they employ. Many organizations provide developers with infrastructure-as-code (IaC) tools through which developers provision cloud infrastructure themselves. The issue that arises is most developers have limited to no cybersecurity expertise, so misconfigurations of cloud services are commonplace. It generally falls to cybersecurity teams to find a way to secure cloud environments after the infrastructure is provisioned and an application is deployed. Vertica, via Prowler Pro, is making a case for a service to automatically verify that the appropriate controls are in place.

It’s not clear to what degree cybersecurity professionals have increased their focus on cloud security in the wake of a series of high-profile security breaches, but the one thing that is clear is the rate at which applications are being deployed in the cloud is not slowing down. If anything, digital business transformation initiatives are accelerating the rate at which mission-critical applications that have sensitive data are being deployed in the cloud. The only way security teams can keep pace with the rate at which applications are being deployed is to rely more on automation.

Arguably, the biggest challenge cybersecurity teams face when trying to address cloud security challenges is the cultural gaps that exist between them and developers. One of the best ways to bridge that divide is, of course, for security teams to adopt tools that many developers have already signaled they are willing to employ.



Original Source link




Leave a Reply

Your email address will not be published.

− 1 = two