If you work in a fast-paced cloud environment, you know that DevOps lives often aren’t easy. Developers have an increasing number of tasks to complete just to keep up with their existing workload and not fall behind. This can often lead to a head-to-head battle with Security, when changes need to be made to keep the organization secure. With a catalog of tasks a mile long, who has time to add coding numerous security fixes or creating guardrails to the to-do list?
This is exactly the challenge that we’re solving with v2 of our contextual cloud security platform, launched this week.
Out of the Box Mitigation
The first huge benefit is the quick fixes, included as part of the platform. This is really something that is unique to us at Lightspin. While other cloud security solutions uncover the vulnerabilities and perhaps offer what they call a value-add, where they suggest how you can go about fixing them, Lightspin recognizes how busy your development teams are. That’s why we provide dynamically built guardrails inside the Terraform, or the Json, or any format your DevOps need. Practically speaking, this covers about 95% of the work that developers will need to do to fix any open issues.
Let’s say for example that you misconfigured an asset and gave it an over-permissive role instead of read-only access. Your security vendor will detect the misconfiguration, and then in most cases, it will be up to your security or development teams to come up with a solution. This usually requires mitigation by coding guardrails from scratch, which then impacts the pace of development.
At Lightspin, this required guardrail is built dynamically for the specific custom environment, and now comes as part of the package, providing all the denies that you need to have in place. This will include any operation which is not required by the asset, and without affecting the production. This means that your developers don’t need to touch the read-only permissions, but as security, you still shore up the vulnerability in a fraction of the time it would take the organization to create the solution from the drawing board.
Real-time Scanning Capabilities
Another new feature of our latest version is to do with the way we scan the environment. As well as our existing periodic scanning, we are now supporting real-time scanning, making a shift to a live system with an always-on level of visibility. We pull events from AWS Audit Logs in real-time, scan in real-time, and identify in real-time, which means we can enrich our visibility into any attack path in your cloud environment.
Together, these new features have allowed us to take our contextual cloud security to the next level. With real-time scanning, even early on in the development cycle, we provide an API for developers to scan the environment and proactively prevent vulnerabilities. As a live threat discovery environment, permissions can be dynamically reassigned in response to your real-time cloud requirements.
Larger fixes out-of-the-box make time to mitigation faster and simpler, and in some cases available in a single click, breaking down organizational silos between development, operations, and security and improving communication across the board.
Want to see how it works for yourself, or learn more about our product update? Schedule a demo with one of our cloud security architects.