SBN

Introducing DisruptOps

Cloud security in your workflow. Not in your way.

As we announced today, DisruptOps is now a part of the FireMon family of products.

Perhaps the most exciting part of this acquisition is the opportunity to introduce DisruptOps to those who may not know us.

Tl, dr:

Whether you’re born in the cloud or migrating workloads from on premises data centers, if you’re building and running software on public cloud infrastructure and looking to improve security operations, there’s a good chance we can help.

  • DisruptOps is a cloud security operations platform that brings security and DevOps teams together to find, understand and fix security issues across their public cloud infrastructure.
  • Security & DevOps teams look to us when they want a solution to:
    • Understand their cloud security risk
    • Get critical issues routed to the right responders
    • Bring cloud security into a DevOps workflow, and
    • Reduce their Mean Time to Respond (MTTR)
  • DisruptOps supports AWS and Azure infrastructure services (GCP support is coming soon).
  • Use cases: Distributed Alerting & Response, Cloud Security Posture Monitoring, Real-time Threat Monitoring, Automated Guardrails
  • Want to learn more? Visit the DisruptOps product page.

Let’s dig a little deeper…

The way we build software has changed for good. On-demand, self-service access to infrastructure and the use of a DevOps approach has changed expectations about how fast we can deliver new features and whole software products. Getting products into the hands of users faster is the good news. It’s the resulting speed, scale, and complexity that become a challenge for security teams. Security operations must evolve to address this new reality.

Building & running apps in the cloud creates new risks for security to consider

A defining feature of cloud is the control plane – the console, CLI and APIs represent a unified admin console for everything and it’s accessible over the internet – we need to address configuration risk, operational risk, and respond to real-time indicators of threat.

Claroty

In many cases, DevOps shifts operations from a centralized function to a distributed function that’s embedded in smaller, cross-functional teams. Security teams often no longer have the access or entitlements to the infrastructure to apply controls and remediate issues. In this model, the path to applying security controls, at least partially, runs through the DevOps team.

A DevOps approach leads to extreme automation and speed – the long project lifecycles and governance pipeline we used to rely on in security are contracting. Everything is moving at machine speed and scale.

Every business is becoming a software business and security expertise is needed now, more than ever. But security must evolve. Otherwise security will become a roadblock for the business, or development teams will simply work around cumbersome processes and increase corporate risk.

We’ve built DisruptOps to bring Security and DevOps teams together to improve security outcomes.

How we can help

DisruptOps connects to your public cloud accounts and immediately builds an inventory of your resources. We capture changes and update that inventory in real time, so you always have visibility across your cloud infrastructure.

Continuous monitoring using hundreds of posture checks based upon the CIS Benchmarks and AWS Best Practices help find misconfigured resources.

Built-in, event-driven threat detectors identify risky events, like root user logins, changes to user or group policies, or modified bucket privileges.

We also integrate with and ingest events from cloud provider services like AWS Security Hub and GuardDuty, and third-party cloud security posture management tools.  If you have other detective controls running, we’re eager to expand our integrations and enable you to “bring your own issue” and leverage the DisruptOps platform to engage the right responders and accelerate the remediation process.

All of these sources are used to identify security issues and enable you to apply cloud security best practices. While visibility into your risk is good, getting issues fixed is what really matters most, and that’s where DisruptOps really shines.

Finding Issues

Unlike most tools that emphasize security assessment and alerting, DisruptOps is a powerful platform for real-time response.

Our Issue Feed is designed to surface the risks that matter most and enable users to investigate, understand, decide, and act.

The feed is filtered to display critical and high severity issues in your production environment by default. Granular filtering using a variety of attributes enables you to drill down into specific areas of interest.

The feed is refreshed and updated as new issues are found.

Getting Issues to the Right Responders

Running security assessments, generating a long list of issues and throwing it over the transom to the Ops team to fix is not a recipe for success. DisruptOps aligns your projects, accounts, and teams to enable you to get the right issues to the right responders inside the tools they already use like Slack, Microsoft Teams, and Jira.

The result is less time lost to chasing down the right responder and more time for improving your cloud security operations outcomes.

Each alert includes links to the event and playbook that generated the issue and the issue itself, along with additional context about where the issue exists. Users can click through to the DisruptOps console to investigate further or choose to apply a pre-built response option from the alert if the playbook is configured to include them.

Understanding Issues

Expanding the Overview section displays issue content written by our security research team and designed to help a responder understand the risk and offer recommendations on how to respond. Links to external documentation from the cloud service provider are included for most issues to save time for a responder who wants to research further.

Fixing Issues

DisruptOps provides multiple options to enable responders to choose their preferred response path.

Expanding the Manual Remediation section displays multiple remediation options. Depending upon the issue type, options include code snippets that can be copied and dropped into Terraform and AWS CloudFormation templates, the CLI or SDKs where available. We also include instructions to implement a change to the runtime environment using the cloud provider console.

DisruptOps also includes hundreds of pre-built, automated response options. Administrators can choose whether or not to include them when configuring playbooks for specific issue types. When included, they enable responders to apply an automated change to the affected resource with a single-click from within an alert, or from the DisruptOps console. While automated response is not appropriate for every issue, it is very handy for repetitive, labor-intensive remediations or for a few issue types that represent critical risk you never want to see in your environment.

Interested in learning more?

We’d love the opportunity to see if we can help improve your cloud security operations. You can learn more about the DisruptOps product or book a brief demo.

The post Introducing DisruptOps appeared first on FireMon.

*** This is a Security Bloggers Network syndicated blog from FireMon authored by FireMon. Read the original post at: https://www.firemon.com/introducing-disruptops/