Improving DevSecOps Collaboration By Automating IaC Analysis
You are running towards the finish line as quickly as possible to release your new product but unfortunately, the release is halted by the security gate towards the end of the release process. You immediately spend significant time and energy investigating these security issues that turn out to be false positives, or true positives that will take days or weeks to fix.
If you have been frustrated by this situation, you are not alone. You have been telling us that you want to deal with security issues early in the process to avoid slowing down or risking product delivery. You also told us you need a tool that will only highlight critical issues, so it doesn’t bother developers too often. You want a DevSecOps centric tool with developers in mind, a tool that helps you understand and remediate the security risk rather than just flagging the problem. You also told us that noise fatigue has been the top challenge you’ve been dealing with when it comes to cloud security tools.
You Asked, And We Answered
Today, we are thrilled to announce the immediate availability of Indeni Cloudrail, a compliance automation tool for Infrastructure as Code (IaC) to enable agile delivery while keeping your cloud environment secure. With Cloudrail, IaC security shifts left into the CI/CD pipeline putting security controls early in the development process to improve security postures. Our remediation capability guides your developers to fix security risks.
At the heart of Cloudrail is our innovative context engine. Cloudrail “stitches” and merges the Terraform plan with a snapshot of the cloud environment. Context helps us connect and create a relationship between what is intended and what is already running. By understanding the relationship among cloud resources, Cloudrail is able to perform in-depth security analyses, pinpointing important issues and crossing off those with no security value. This is similar to what a security expert would do, resulting in 3x less noise than comparable tools.
With Cloudrail, your security team gains visibility of your IaC practices internally. As a security practitioner, you want to provide guardrails to developers by enforcing security requirements early in the development cycle before violations make it to production environments. This ensures security is actually followed while achieving greater harmony between security and development teams.
Our Story – How Our Team Used Cloudrail To Automate IaC Security Reviews
We built Cloudrail because we were experiencing similar challenges to what you’ve been telling us. When we made the decision to obtain SOC2 compliance certification, we had to secure our AWS infrastructure. After deploying several Cloud Security Posture Management tools, we were overwhelmed by the hundreds of alerts generated when over 97% of them were false positives. Even with all good intentions, our developers deprioritized security issues because they were not immediate problems impacting our customers. Security issues found after deployment were very costly to fix, so putting security controls early in the cycle manifested itself.
While we realized that a shift left security approach is the right way of dealing with security risks, with hundreds of Terraform changes a month, we have to have security review fully automated. We evaluated IaC security tools but once again, we ran into the same “noise problem.” We decided to deal with the noise head-on, resulting in Cloudrail and its intelligent context engine. Check out our case study for the full story.
Deliver Fast While Staying Secure
In today’s digital age of distraction, less is more. With our intelligent context engine, Indeni Cloudrail is able to reveal security issues that truly matter by not overwhelming you with false positives.
We invite you to take Cloudrail for a spin. With the new product introduction, we offer you 200 free evaluations per month until the end of April, 2021. After that, you can continue to enjoy 30 evaluations per month with our free tier. Sign up here. Let us know what you think on our slack channel. For a Cloudrail deep dive, check out this blog post.