Which vendor or tool is your preferred for cloud security? One tool will never suffice, but as we expand to cloud development, we are looking for code to cloud security, SDLC, vulnerability testing, secdevops, etc.

CloudSecurity & GRC
1.8k views2 Comments
Sort By:
Oldest
CIO in Government8 months ago
Different regions may have different requirements. It's important to know what cyber framework your vendor is compliant with (i.e. NIST, Essential 8, ISO27001, etc.). Also, you get a lot of out of the box /in-built security features with your cloud hosting provider such as Azure, AWS, etc.  Data sovereignty is another critical one to review when assessing vendor/tools. 
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
VP of Information Security in Software3 months ago
It depends what you are trying to cover, this is a broad topic. 
For IaaS: Cloud Security Posture Management Capabilities (CSPM). Some capabilities are native to the cloud provider, or you may consider other solutions (Orca, Wiz, Prisma, Laceworks, etc.) for multi-cloud. These tools are pretty good for vulnerability detection, misconfiguration, controls testing, etc.

If you are running DevOps or infrastructure as code, I've seen a neat product called Gomboc.ai that allows you define security policies and the tool will scan your code repositories (e.g. Github, Gitlab etc.) and will automatically create for the engineers pull requests with code to implement the security control. It saves fixing vulnerabilities later, and it is like having a virtual security engineer that helps your developers. 

There are other solutions for Cloud Detection and Response (CDR), which seems to be a newish category. 

Lastly, the CSPMs are constantly adding these capabilities to their "platform", some are good, others not so much but you can take a look and see if what they provide is good enough or if some dedicated tools are better for your use cases

Content you might like

What area of talent would your Security Operations Center (SOC) most benefit from hiring?

Security & GRCSecurity Operations Center (SOC)Talent Sourcing & Hiring

Attack Detection & Analysis26%

Vulnerability assessment and patching44%

Security Awareness Training19%

Incident Response9%

Other (comment below)

View Results
1.5k views4 Upvotes1 Comment

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

CloudNetworkCompute+37 more
Senior Director, Technology Solutions and Analytics in Telecommunication3 years ago
Palantir Foundry
3
Read More Comments
11.1k views12 Upvotes49 Comments

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
71 views

How many years of experience do you think an IC-level cybersecurity candidate should have?

Talent Sourcing & HiringSecurity & GRCSecurity Strategy & Roadmap

04%

1-374%

4-618%

7 or more2%

View Results
2.8k views1 Upvote

Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions? 

Security & GRC
Director of Network Transformationa year ago
Excellent question!!  Folks, please share what should be included in a playbook/checklist.  Let's crowdsource one!
3
Read More Comments
4.1k views2 Upvotes4 Comments