Fugue Risk Manager available to protect against data breaches with self-healing cloud infrastructure

Fugue announced on Monday availability of Fugue Risk Manager, its Software-as-a-Service (SaaS) offering that can identify compliance violations in cloud environments and automatically remediate unauthorized infrastructure changes.

Enterprise cloud teams can use Fugue Risk Manager to scan cloud infrastructure to identify policy violations for a number of compliance regimes, including Amazon Web Services (AWS) Center for Internet Security (CIS) Benchmarks, National Institute of Standards and Technology (NIST) 800-53 Rev. 4, General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and custom, customer-specified controls.

Fugue Risk Manager can then enforce known-good infrastructure baselines provisioned by the cloud team in order to identify configuration drift and automatically remediate it as soon as it occurs.

The cloud is fundamentally different than the datacenter, and it introduces new demands for security and compliance. The risk of infrastructure misconfiguration due to human error can increase with highly dynamic, API-driven cloud infrastructure and can result in data breaches, system downtime, and costly compliance violations.

Fugue Risk Manager addresses this risk with a cloud-native solution to provide security, compliance, and infrastructure teams with a single source of truth for their cloud infrastructure and the assurance that it always remains in compliance with policy.

Fugue Risk Manager scans cloud environments to discover running cloud infrastructure resources; identify infrastructure compliance violations, generate comprehensive compliance reports; and enforcing cloud configuration baselines.

Once known-good infrastructure baselines have been established, Fugue Risk Manager can identify unauthorized change and configuration drift; automatically remediate drift events back to the provisioned baseline; and

generate reports on remediation events for compliance.

It takes as little as 15 minutes to get up and running with Fugue Risk Manager and start identifying compliance violations in your cloud environments. Fugue Risk Manager integrates with today’s cloud infrastructure provisioning tools to allow for approved changes while preventing unauthorized changes that can lead to compliance issues and security breaches.

“Traditionally, there’s been a chasm between security teams that need to ensure critical data is protected, compliance teams that need to ensure policy adherence, and infrastructure teams that need to move fast and innovate. These competing priorities have often been at odds with each other,” said Josh Stella, co-founder and CTO of Fugue. “Fugue Risk Manager is designed to eliminate these tradeoffs and provide cloud stakeholders with a common, single source of truth for cloud infrastructure and the assurance it remains secure, compliant, and resilient.”

“Enterprises operating at scale in the cloud face a governance challenge—how to ensure everything that’s running in their cloud adheres to compliance and security policy and is free of misconfiguration that can lead to critical security incidents,” said Phillip Merrick, CEO of Fugue. “Fugue Risk Manager provides enterprises with autonomic governance over their cloud infrastructure while supporting the speed and agility needed in today’s competitive environment.”

“With Fugue, I can demonstrate in real time that our cloud infrastructure is compliant all the time. We’ve never really had that before,” said Peter O’Donoghue, VP of Application Services at Unisys Federal. “Fugue’s strength is in providing centralized visibility and control across DevSecOps teams, thereby avoiding policy violations and misconfigurations in the cloud.”

“Monitoring and alerts on cloud deployments aren’t good enough for us. We can’t afford to have misconfiguration or unauthorized changes happen in the first place,” said Justin Rupp, Senior Systems Engineer, GlobalGiving. “Fugue gives us the peace of mind knowing our infrastructure is secure and compliant at all times.”

Earlier this month, Fugue announced that its Risk Manager inspects cloud infrastructure environments and identifies resource configuration issues for common compliance regimes, including AWS CIS Benchmarks, NIST 800-53 Rev. 4, GDPR, HIPAA, and custom controls specified by the customer. Once violations are corrected and a known-good baseline is established, Fugue Risk Manager can automatically identify configuration drift and revert it back to the established baseline as soon as it occurs.

Fugue Risk Manager addresses misconfiguration risk for highly dynamic, API-driven cloud infrastructure. DevOps and CI/CD have helped enterprises move fast and be more competitive, but at the same time the probability of data breaches and compliance violations has increased. Compounding the problem is the traditional gulf between security, compliance, and infrastructure teams.


Leave a Reply

WWPI – Covering the best in IT since 1980