Cloudvisory 5.0 Release Brings Cloud Native Infrastructure Scanning, IAM Tools and More
FireEye Stories 2021-08-13
We are excited to share some great new time and sanity saving cloud tech. With the release of Cloudvisory 5.0 we are bringing even more in-depth cloud security capabilities to our customers.
Cloudvisory is a multi-cloud control center for security management that delivers visibility, compliance, and governance for any cloud environment.
Now it is even easier for customers to assess the security of cloud infrastructure before it is deployed, track user/account access, and customize and create new content, reducing both the risk of breach and downtime for the business. Let’s walk through a few of these new capabilities.
Infrastructure as Code Scanning
New in the 5.0 release is infrastructure as code scanning across AWS, Azure and GCP. Terraform templates can be scanned in the CI/CD pipeline before deployment, saving time and remediation. Best practices can be created on an organizational level to allow or disallow changing configurations. Some examples of security checks are:
- Disallow SSH allowed from any IP
- Prevent terraform from creating undesired security groups
- Verify allowed management addresses are current
Figure 1 shows that these checks can be done on a developer’s laptop or via API to scan templates in batches.
Figure 1: Terraform template scanning via APO
Open Policy Agent (OPA)
Open Policy Agent (OPA) has been integrated, allowing for easier customization and the creation of new content using the common content language offered by OPA. OPA can be used to monitor privilage escilations by user/machine accounts and for Solarwinds compliance checks
Figure 2 shows some of the types of providers, check types and caterories that can be checked and enforced via OPA.
Figure 2: OPA enforcement flexibility
Identity and Access Management (IAM)
Identity and access management (IAM) inspector is now integrated into Cloudvisory, delivering enhanced visibility into management policies and usage. Key benefits include:
- User and machine privilege escalation across Azure and AWS
- Tracking which user/machine accounts have accessed what
- Identifying who has read/write privileges to S3 or some other resource
- Auditing user/machine accounts to determine if they have too much access
- Tracking user/account access
Figure 3 shows the results of auditing access permissions to a specific S3 bucket for both user and machine accounts.
Figure 3: Auditing specific resource access
What’s Cloudvisory?
Cloudvisory is a complete solution that has been engineered so its component parts (visibility, compliance and governance) work better together. Take the self-guided tour today to experience how Cloudvisory delivers the power of microsegmentation to improve security posture.
Ready to get take advantage of microsegmentation? Connect with us today to see a demo or to learn more. Reach out to your sales engineer to get more information and a walkthrough of how we can help!