Which vendor or tool is your preferred for cloud security? One tool will never suffice, but as we expand to cloud development, we are looking for code to cloud security, SDLC, vulnerability testing, secdevops, etc.
Sort By:
Oldest
CIO in Government8 months ago
Different regions may have different requirements. It's important to know what cyber framework your vendor is compliant with (i.e. NIST, Essential 8, ISO27001, etc.). Also, you get a lot of out of the box /in-built security features with your cloud hosting provider such as Azure, AWS, etc. Data sovereignty is another critical one to review when assessing vendor/tools. VP of Information Security in Software3 months ago
It depends what you are trying to cover, this is a broad topic. For IaaS: Cloud Security Posture Management Capabilities (CSPM). Some capabilities are native to the cloud provider, or you may consider other solutions (Orca, Wiz, Prisma, Laceworks, etc.) for multi-cloud. These tools are pretty good for vulnerability detection, misconfiguration, controls testing, etc.
If you are running DevOps or infrastructure as code, I've seen a neat product called Gomboc.ai that allows you define security policies and the tool will scan your code repositories (e.g. Github, Gitlab etc.) and will automatically create for the engineers pull requests with code to implement the security control. It saves fixing vulnerabilities later, and it is like having a virtual security engineer that helps your developers.
There are other solutions for Cloud Detection and Response (CDR), which seems to be a newish category.
Lastly, the CSPMs are constantly adding these capabilities to their "platform", some are good, others not so much but you can take a look and see if what they provide is good enough or if some dedicated tools are better for your use cases