New Fugue Risk Manager helps identify cloud compliance violations; protect against data breaches

Fugue, provider of enterprise cloud security and compliance enforcement to prevent data breaches and policy violations due to misconfiguration, has announced release of Fugue Risk Manager. A Software-as-a-Service (SaaS) solution, Fugue Risk Manager is designed to make it easier for enterprises to identify compliance issues in their cloud environments and prevent them from reoccurring.

Fugue Risk Manager inspects cloud infrastructure environments and identifies resource configuration issues for common compliance regimes, including AWS CIS Benchmarks, NIST 800-53 Rev. 4, GDPR, HIPAA, and custom controls specified by the customer. Once violations are corrected and a known-good baseline is established, Fugue Risk Manager can automatically identify configuration drift and revert it back to the established baseline as soon as it occurs.

Fugue Risk Manager addresses misconfiguration risk for highly dynamic, API-driven cloud infrastructure. DevOps and CI/CD have helped enterprises move fast and be more competitive, but at the same time the probability of data breaches and compliance violations has increased. Compounding the problem is the traditional gulf between security, compliance, and infrastructure teams.

Fugue Risk Manager provides cloud stakeholders with full, continuous visibility into the state of their cloud infrastructure and the assurance that it always remains in compliance with policy.

Easy to adopt and use, Fugue Risk Manager integrates with today’s cloud infrastructure provisioning tools to allow for approved changes while preventing unauthorized changes that can lead to compliance issues and security breaches.

Fugue radically simplifies automated remediation for cloud infrastructure misconfiguration by enforcing known-good baselines established by security, compliance, and infrastructure teams. This method helps eliminate problems commonly associated with automated remediation tools, such as maintenance burdens, scalability concerns, and false positives leading to bad changes that result in system downtime events and deployment failures.

Fugue Risk Manager empowers security, compliance, and infrastructure teams to inspect cloud environments against various compliance regimes.

NIST 800-53 Rev. 4 (National Institute of Standards and Technology) features a catalog of security controls developed by NIST that are used to protect federal government information systems; AWS CIS Benchmarks (Center for Internet Security) includes consensus-based industry best practices to help organizations assess and improve their security; HIPAA (Health Insurance Portability and Accountability Act) features law requiring HIPAA-covered businesses to prevent unauthorized access to Protected Health Information (PHI); and GDPR (General Data Protection Regulation) include controls to enforce the European Union regulation for protecting the personal data and privacy of individuals within the EU and European Economic Area (EEA).

“Enterprises that adopt the cloud are quickly confronted with the challenge of guarding against infrastructure misconfiguration that leads to critical data breaches and costly compliance fines,” said Phillip Merrick, CEO of Fugue. “We developed Fugue Risk Manager to simplify the task of finding these problems and ensure they never happen again, and do so efficiently to support the speed and agility today’s business demands.”

It takes about 15 minutes to get up and running with Fugue Risk Manager and start identifying compliance violations in cloud environments. Fugue Risk Manager will be available under a 10-day free trial.

Last month, Fugue announced the availability of the Fugue Compliance Suite to make it easier for enterprises to validate cloud infrastructure against security and compliance policy to prevent data breaches. Included in the Fugue 1.8 product release, the Compliance Suite contains pre-built validations expressed in policy-as-code libraries that are mapped to AWS CIS Benchmarks, NIST 800-53 Rev. 4, GDPR, and HIPAA.

Cloud infrastructure and security teams can use the Fugue Compliance Suite to automatically identify compliance violations. This allows teams to easily establish known-good infrastructure baselines that can be replicated, shared, scaled, and continuously enforced. Automated policy checks can be integrated into CI/CD pipelines to support DevOps speed and agility while preventing resources that violate compliance standards from being provisioned.

For running infrastructure, Fugue automatically identifies unauthorized changes and reverts them back to a known-good baseline. This eliminates critical vulnerabilities the moment they occur.


Leave a Reply

WWPI – Covering the best in IT since 1980