Fugue, the company delivering autonomous cloud infrastructure security
and compliance, announced today the release of the Fugue Best Practices
Framework to help cloud engineering and security teams identify and remediate
dangerous cloud resource misconfigurations that aren't addressed by common
compliance frameworks. Users can deploy the Fugue Best Practices Framework within
minutes to improve the security posture of their Amazon Web Service (AWS) cloud
environments.
Cloud misconfiguration is the number one cause of data breaches
involving public cloud services such as those offered by AWS. The scale,
complexity, and dynamic nature of cloud infrastructure environments often leads
to significant misconfiguration events that traditional security analysis tools
fail to prevent or detect. According to Neil
MacDonald at Gartner, "nearly all successful attacks on cloud services are the result
of customer misconfiguration, mismanagement and mistakes."
While compliance frameworks such as the CIS Foundations Benchmarks
address a number of cloud misconfiguration risks, recent major cloud-based data
breaches were possible due to misconfigurations not necessarily covered by
these standards. The Fugue Best Practices Framework is designed to complement
standards such as the CIS Foundations Benchmark to provide additional
protection against today's advanced misconfiguration attacks.
"Enterprise cloud and security teams are recognizing that their
current cloud security posture leaves them vulnerable to newer and more
sophisticated misconfiguration attacks," said Phillip Merrick, CEO of Fugue.
"The Fugue Best Practices Framework gives cloud teams a simple tool to quickly
identify these misconfigurations in their cloud environment and the most
comprehensive security against cloud misconfiguration risk when used in
combination with a framework like the CIS Foundations Benchmark."
The Fugue Best Practices Framework includes rules covering the
following cloud vulnerabilities:
- Identity and Access
Management (IAM) misconfigurations that can provide bad actors, including
malicious insiders, with the ability to move laterally and discover resources
to exploit
- S3 bucket policy
misconfigurations that can be exploited in order to take data exfiltration
actions
- VPC Security Group rule
misconfigurations that can enable malicious access via Elasticsearch, etcd, and
MongoDB services
Fugue
will continue to add new rules to the Fugue Best Practices Framework as new
misconfiguration attack vectors are identified.
The Fugue Best Practices Framework joins a growing number of
out-of-the-box cloud compliance frameworks Fugue provides, including CIS
Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC 2.
Fugue also supports custom rules using Open Policy Agent, an open source policy
as code engine, making it easy for enterprise cloud teams to create cloud
infrastructure policies tailored to meet their specific use cases and security
requirements.
Availability
The Fugue Best Practices Framework is available now for all Fugue
customers and can be used with a 30-day free trial.