A Software-as-a-Service (SaaS) offering, Fugue Risk Manager can identify compliance violations in cloud environments and remediate unauthorized infrastructure changes.
Enterprise cloud teams can use Fugue Risk Manager to scan cloud infrastructure to identify policy violations for a number of compliance regimes, including Amazon Web Services (AWS) Center for Internet Security (CIS) Benchmarks, National Institute of Standards and Technology (NIST) 800-53 Rev. 4, General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and custom, customer-specified controls. Fugue Risk Manager can then enforce infrastructure baselines provisioned by the cloud team in order to identify configuration drift and remediate it as soon as it occurs.
“Enterprises operating at scale in the cloud face a governance challenge—how to ensure everything that’s running in their cloud adheres to compliance and security policy and is free of misconfiguration that can lead to critical security incidents,” said Phillip Merrick, CEO of Fugue. “Fugue Risk Manager provides enterprises with autonomic governance over their cloud infrastructure while supporting the speed and agility needed in today’s competitive environment.”
“With Fugue, I can demonstrate in real time that our cloud infrastructure is compliant all the time. We’ve never really had that before,” said Peter O’Donoghue, VP of Application Services at Unisys Federal. “Fugue’s strength is in providing centralized visibility and control across DevSecOps teams, thereby avoiding policy violations and misconfigurations in the cloud.”
The cloud is different than the datacenter, and it introduces new demands for security and compliance. The risk of infrastructure misconfiguration due to human error can increase with dynamic, API-driven cloud infrastructure and can result in data breaches, system downtime, and costly compliance violations. Fugue Risk Manager addresses this risk with a cloud-native solution to provide security, compliance, and infrastructure teams with a single source for their cloud infrastructure and the assurance that it remains in compliance with policy.
“Monitoring and alerts on cloud deployments aren’t good enough for us. We can’t afford to have misconfiguration or unauthorized changes happen in the first place,” said Justin Rupp, Senior Systems Engineer, GlobalGiving. “Fugue gives us the peace of mind knowing our infrastructure is secure and compliant at all times.”
Identifying cloud infrastructure risks
Fugue Risk Manager scans cloud environments to:
- Discover running cloud infrastructure resources,
- Identify infrastructure compliance violations,
- Generate compliance reports.
Enforcing cloud configuration baselines
Once infrastructure baselines have been established, Fugue Risk Manager can:
- Identify unauthorized change and configuration drift,
- Automatically remediate drift events back to the provisioned baseline,
- Generate reports on remediation events for compliance.
Easy to adopt and scale
It takes as little as 15 minutes to get up and running with Fugue Risk Manager and start identifying compliance violations in your cloud environments. Fugue Risk Manager integrates with today’s cloud infrastructure provisioning tools to allow for approved changes while preventing unauthorized changes that can lead to compliance issues and security breaches.
“Traditionally, there’s been a chasm between security teams that need to ensure critical data is protected, compliance teams that need to ensure policy adherence, and infrastructure teams that need to move fast and innovate. These competing priorities have often been at odds with each other,” said Josh Stella, co-founder and CTO of Fugue. “Fugue Risk Manager is designed to eliminate these tradeoffs and provide cloud stakeholders with a common, single source of truth for cloud infrastructure and the assurance it remains secure, compliant, and resilient.”