Which vendor or tool is your preferred for cloud security? One tool will never suffice, but as we expand to cloud development, we are looking for code to cloud security, SDLC, vulnerability testing, secdevops, etc.

1.9k viewscircle icon2 Comments
Sort by:
VP of Information Security in Softwarea year ago

It depends what you are trying to cover, this is a broad topic. 
For IaaS: Cloud Security Posture Management Capabilities (CSPM). Some capabilities are native to the cloud provider, or you may consider other solutions (Orca, Wiz, Prisma, Laceworks, etc.) for multi-cloud. These tools are pretty good for vulnerability detection, misconfiguration, controls testing, etc.

If you are running DevOps or infrastructure as code, I've seen a neat product called Gomboc.ai that allows you define security policies and the tool will scan your code repositories (e.g. Github, Gitlab etc.) and will automatically create for the engineers pull requests with code to implement the security control. It saves fixing vulnerabilities later, and it is like having a virtual security engineer that helps your developers. 

There are other solutions for Cloud Detection and Response (CDR), which seems to be a newish category. 

Lastly, the CSPMs are constantly adding these capabilities to their "platform", some are good, others not so much but you can take a look and see if what they provide is good enough or if some dedicated tools are better for your use cases

Lightbulb on1
CIO in Governmenta year ago

Different regions may have different requirements. It's important to know what cyber framework your vendor is compliant with (i.e. NIST, Essential 8, ISO27001, etc.). Also, you get a lot of out of the box /in-built security features with your cloud hosting provider such as Azure, AWS, etc.  Data sovereignty is another critical one to review when assessing vendor/tools. 

Content you might like

Production data analysis19%

Equipment data analysis (capacity, etc.)59%

Part of overall equipment effectiveness analysis16%

Other (share below)4%

View Results

Updates should be released daily.10%

Updates should be released weekly58%

Updates should stay monthly.22%

Updates should be pushed quarterly.8%

Other (comment below)

View Results