Open supply, cloud safety agency Paladin Cloud has launched a brand new SaaS-based platform for enterprise cloud attack surface discovery and vulnerability management.
Constructed on Paladin Cloud’s open supply core, the platform has a set of safety insurance policies carried out in code to function an prolonged coverage administration instrument that integrates into varied enterprise programs, offering a complete view of safety throughout multicloud environments.
“Our cloud safety platform helps builders and safety groups outline their cyber asset assault floor, confirm that safety controls are offering their supposed safety, and lengthen their safety posture over multi and hybrid cloud environments,” mentioned Daniel Deeney, co-founder, and CEO of Paladin Cloud.
Paladin Cloud was initially launched in July 2022 on GitHub and is completely free to obtain and use. It’s a multicloud providing with an enhanced UI/UX interface and integrates with federated identification platforms (e.g., Active Directory).
Assault floor discovery is a code-based safety providing
The brand new cloud safety platform is designed to supply steady monitoring to establish and visualize digital property whereas detecting vulnerabilities, misconfigurations, and safety dangers. It additionally prioritizes safety dangers to assist DevOps groups drive automated workflow and remediation.
The code-based, agentless cloud monitoring and alerting capabilities on the platform mix with third-party integrations of enterprise programs to permit safety groups to validate present safety controls and protections.
The product, for example, accommodates a plug-in to Qualys, a vulnerability scanner, the place it routinely maps Qualys installations throughout the asset stock of AWS Elastic compound cloud (EC2) situations. On account of this mapping, it’s in a position to establish blind spots and protection gaps the place Qualys is just not put in and subsequently not defending AWS EC2 situations.
“The Enterprise SaaS platform integrates seamlessly with cloud service suppliers, like AWS, Azure, and Google Cloud, and enterprise programs, like Qualys, Tenable, Aqua, and Pink Hat ACS. We’re additionally persevering with so as to add new plug-ins to the platform into extensively deployed enterprise programs,” Deeney mentioned.
The platform’s “security-as-code” providing, which refers to a number of hundred pre-coded safety insurance policies sourced from regulatory benchmarks similar to CIS and NIST in addition to trade finest apply insurance policies from different organizational sources, additionally permits organizations to codify their very own safety insurance policies.
“It’s good to see a brand new participant within the cloud safety posture administration and cloud-native utility safety platform areas,” mentioned ESG Senior Analyst Melinda Marks. “The motion to safety as code is in style as a result of it’s a method to codify safety early in growth processes to reduce misconfigurations or coding errors. We see this in the usage of open supply infrastructure as code, the place you will have templates that the builders can use to arrange their very own infrastructure as a substitute of ready for IT or Ops to set it up for them.”
With prebuilt codes, the providing teams property and safety findings by customers, functions, merchandise, enterprise items, and cloud companies to have an effect on a granular, steady view of a buyer’s multicloud environments.
Early adoption exhibits promise
Early buyer adoption throughout monetary companies, expertise, and healthcare has revealed a 30% discount in assault floor by way of publicity to vulnerabilities and threats, based on Paladin Cloud.
“Paladin makes use of plugin connectors to assist organizations establish and visualize their property in cloud environments, assess their cybersecurity safety, together with what instruments and insurance policies they’ve in place for these property, after which they assess any gaps to allow them to apply the precise instruments or processes to all of their property,” Marks mentioned. “It’s an modern approach for organizations to make sure that the functions that they put into cloud environments have the precise safety processes and instruments in place to guard them. It additionally helps pace remediation with options the place you may apply the fixes throughout teams of property.”
The platform automates incident administration by way of ticketing integrations like JIRA and Slack, alerts, and notifications. Moreover, it implements reporting throughout a number of benchmarks and requirements to enhance governance and compliance.
Open supply safety options are in style in comparison with vendor options as a result of it makes it simple for organizations to attach and use the options, in comparison with an answer the place it could be troublesome to acquire a trial model and undergo a shopping for cycle. There’s a excessive adoption charge of many open supply safety instruments, similar to testing instruments, after which some distributors additionally use the open supply instruments to construct merchandise round them, Deeney mentioned.
Copyright © 2023 IDG Communications, Inc.
