Skip to content

    Latest Posts

    An Introduction to Cloud Security for Infosec Professionals

    Richard Park

    As someone who has spent a long time in network and endpoint security and then moved to cloud security, I can sympathize with people with security backgrounds who want to learn more about the cloud and cloud security concepts. AWS, EC2, CMK, KMS, IAM, SQS, etc.? It can seem like a big alphabet soup of unfamiliar acronyms. And lots of questions come up. How can I know whether a cloud provider encrypts a service by default or if I must specify it? What is the difference between a queue and a topic? Does CMK stand for customer-managed key or customer master key?

    Read More

    9 Questions You Should Ask About Your Cloud Security

    Josh Stella

    In order for business leaders and cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and applications, they need to think like General George S. Patton (or rather like George C. Scott, the actor who won the Best Actor Oscar for his portrayal of the general in the 1970 film “Patton”).

    Read More

    The One Cloud Threat Everyone Is Missing

    Josh Stella

    Ask security professionals to name the biggest threat to their organizations’ cloud environments, and most won’t hesitate to give a one-word answer: misconfigurations. Technically, they’re not incorrect, yet they’re defining “misconfiguration” much too narrowly. They’re likely thinking of an Amazon S3 bucket that’s left exposed or a misconfigured security group rule. While identifying and remediating misconfigurations must be a priority, it’s important to understand that misconfigurations are but one means to the ultimate end for attackers: control plane compromise, which has played a central role in every major cloud breach to date.

    Read More

    Using Fugue to Check the Security of Fugue's Infrastructure as Code

    Becki Lee

    Here at Fugue, we think it's important to practice what we preach. To that end, we're dogfooding Fugue! That means we use our own product to evaluate the compliance and security of our own running cloud infrastructure and infrastructure as code (IaC) with the same policies. In this blog post, we'll dive into how we set up a CI/CD pipeline that uses Fugue to scan the IaC underlying Fugue.

    Read More

    Why Ransomware Attacks Steer Clear of the Cloud

    Josh Stella

    Ransomware made news headlines worldwide earlier this month after asuccessful attack against one of Toyota Motor Corp.’s parts suppliers forced the automaker to shut down 14 factories in Japan for a day, halting their combined output of around 13,000 vehicles.

    Read More

    Fugue Achieves AWS Security Competency Status

    Drew Wright

    Fugue recently achieved Amazon Web Services (AWS) Security Competency status. Our customers, including Red Ventures, Ericsson, and Wabtec use Fugue to establish cloud security visibility and policy-based governance across the software development life cycle. Attaining this designation from AWS recognizes that Fugue demonstrates proven technology that helps customers achieve their cloud security goals.

    Read More

    Automating Terraform Security in Scalr Deployments with Regula [Tutorial]

    Aidan O’Connor

    Introduction to Regula and Scalr Integration Regula Regula enables cloud teams to evaluate Terraform, CloudFormation, Azure Resource Manager, and Kubernetes Infrastructure-as-Code (IaC) for security and compliance violations prior to deployment. Regula is an open source implementation of Rego, the query language used by the Open Policy Agent (OPA) project. Where relevant, Regula’s policies have been mapped to the Center for Internet Security (CIS) Amazon Web Services (AWS), Azure, Google Cloud, and Kubernetes Foundation Benchmarks to allow users to enforce these policies on IaC prior to deployment.

    Read More
    1 2 3 4 5
    Fugue Developer

    Free Cloud Security for Engineers

    • Visualize your cloud infrastructure
    • Run policy checks and get feedback
    • Detect change and eliminate misconfiguration