We have evaluated quite a few cloud security platforms designed to bring the same high level of cybersecurity protections found on physical assets to the more nebulous and constantly-evolving cloud environment. Although they have used various technologies and techniques, the majority of them strive to provide application-level security, ensuring that no vulnerabilities creep into deployed cloud apps.
There is no question that application security within the cloud is important, but given the way that large enterprises deploy cloud assets and resources, they often face a much more dangerous threat. As an enterprise cloud expands, the ability to monitor and control everything in the environment becomes increasingly difficult. It also becomes comparatively easier for a hacker to locate vulnerable or forgotten cloud assets and use them to gain a foothold into the larger environment. Skilled or well-funded hacker groups are even employing automation, enabling them to discover and exploit insecure or misconfigured cloud assets within hours of their deployment.
What is clearly needed is infrastructure and security compliance protection in the cloud, and that is what Fugue brings to the table. Deployed using the software as a service model, Fugue currently works with both Amazon Web Services and Microsoft Azure, and Google Cloud is on the roadmap for the near future. Pricing for Fugue is an annual fee based on the number of resources being protected.
When Fugue is first deployed, it will map all of the clouds and assets that are running in the environment that it will be protecting. Fugue has one of the best interfaces for displaying cloud assets. They are grouped on a large screen that kind of looks like graph paper. Assets are listed according to their names and also color coded so you can see at a glance what they do. For example, subnets are listed as purple while security assets are blue. It also shows how all the assets interact with one another in terms of the overall cloud infrastructure.
Because of how well everything is organized, it’s easy to spot any cloud assets that have been forgotten about. This can help to eliminate unused infrastructure before even worrying about compliance. You can also configure the visual representation of the environment to update itself at regular intervals, so it can almost be a real-time map of the enterprise cloud.